diff --git a/cmd/operator/kodata/eventing-source/1.10/kafka/eventing-kafka-controller.yaml b/cmd/operator/kodata/eventing-source/1.10/kafka/eventing-kafka-controller.yaml deleted file mode 100644 index 3512ceeece..0000000000 --- a/cmd/operator/kodata/eventing-source/1.10/kafka/eventing-kafka-controller.yaml +++ /dev/null @@ -1,2109 +0,0 @@ -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: ConfigMap -metadata: - name: kafka-broker-config - namespace: knative-eventing - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" -data: - default.topic.partitions: "10" - default.topic.replication.factor: "3" - bootstrap.servers: "my-cluster-kafka-bootstrap.kafka:9092" - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: ConfigMap -metadata: - name: kafka-channel-config - namespace: knative-eventing - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" -data: - bootstrap.servers: "my-cluster-kafka-bootstrap.kafka:9092" - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kafkachannels.messaging.knative.dev - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" - knative.dev/crd-install: "true" - messaging.knative.dev/subscribable: "true" - duck.knative.dev/addressable: "true" -spec: - group: messaging.knative.dev - versions: - - name: v1beta1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'KafkaChannel is a resource representing a Channel that is backed by a topic of an Apache Kafka cluster.' - type: object - properties: - spec: - description: Spec defines the desired state of the Channel. - type: object - properties: - numPartitions: - description: NumPartitions is the number of partitions of a Kafka topic. By default, it is set to 1. - type: integer - format: int32 - default: 1 - replicationFactor: - description: ReplicationFactor is the replication factor of a Kafka topic. By default, it is set to 1. - type: integer - maximum: 32767 - default: 1 - retentionDuration: - description: RetentionDuration is the retention time for events in a Kafka Topic represented as an ISO-8601 Duration. By default it is set to 168 hours, which is the precise form of 7 days. - type: string - delivery: - description: DeliverySpec contains the default delivery spec for each subscription to this Channelable. Each subscription delivery spec, if any, overrides this global delivery spec. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable experimental features in the delivery - subscribers: - description: This is the list of subscriptions for this subscribable. - type: array - items: - type: object - properties: - delivery: - description: DeliverySpec contains options controlling the event delivery - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable experimental features in the delivery - generation: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - replyUri: - description: ReplyURI is the endpoint for the reply - type: string - subscriberUri: - description: SubscriberURI is the endpoint for the subscriber - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - status: - description: Status represents the current state of the KafkaChannel. This data may be out of date. - type: object - properties: - address: - type: object - required: - - url - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - deadLetterChannel: - description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter ref if one is specified in the Spec.Delivery. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscribers: - description: This is the list of subscription's statuses for this channel. - type: array - items: - type: object - properties: - message: - description: A human readable message indicating details of Ready status. - type: string - observedGeneration: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - ready: - description: Status of the subscriber. - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - names: - kind: KafkaChannel - plural: kafkachannels - singular: kafkachannel - categories: - - all - - knative - - messaging - - channel - shortNames: - - kc - scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: kafka-webhook - namespace: knative-eventing ---- - - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" - knative.dev/crd-install: "true" - name: consumers.internal.kafka.eventing.knative.dev -spec: - group: internal.kafka.eventing.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - # this is a work around so we don't need to flesh out the - # schema for each version at this time - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - name: Subscriber - type: string - jsonPath: .status.subscriberUri - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - names: - kind: Consumer - plural: consumers - singular: consumer - scope: Namespaced - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" - knative.dev/crd-install: "true" - name: consumergroups.internal.kafka.eventing.knative.dev -spec: - group: internal.kafka.eventing.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - scale: - # specReplicasPath defines the JSONPath inside a custom resource that corresponds to Scale.Spec.Replicas. - specReplicasPath: .spec.replicas - # statusReplicasPath defines the JSONPath inside a custom resource that corresponds to Scale.Status.Replicas. - statusReplicasPath: .status.replicas - # labelSelectorPath defines the JSONPath inside a custom resource that corresponds to Scale.Status.Selector - labelSelectorPath: .status.selector - schema: - openAPIV3Schema: - type: object - # this is a work around so we don't need to flesh out the - # schema for each version at this time - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - name: Subscriber - type: string - jsonPath: .status.subscriberUri - - name: Replicas - type: string - jsonPath: .spec.replicas - - name: Ready Replicas - type: string - jsonPath: .status.replicas - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - names: - kind: ConsumerGroup - plural: consumergroups - singular: consumergroup - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kafkasinks.eventing.knative.dev - labels: - duck.knative.dev/addressable: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" -spec: - group: eventing.knative.dev - names: - kind: KafkaSink - plural: kafkasinks - singular: kafkasink - categories: - - all - - knative - - eventing - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Kafka Sink is Addressable, it receives events and send them to a Kafka topic.' - type: object - properties: - spec: - description: 'Spec defines the desired state of the Kafka Sink.' - type: object - required: - - topic - - bootstrapServers - properties: - topic: - description: 'Topic name to send events.' - type: string - numPartitions: - description: 'Number of topic partitions. If not specified the topic isn''t automatically created, and the system supposes that the topic is already present.' - type: integer - format: int32 - replicationFactor: - description: 'Topic replication factor. If not specified the topic isn''t automatically created, and the system supposes that the topic is already present.' - type: integer - format: int32 - bootstrapServers: - description: 'A list of host/port pairs to use for establishing the initial connection to the Kafka cluster.' - type: array - minLength: 1 - items: - type: string - contentMode: - description: | - CloudEvent content mode of Kafka messages sent to the topic. - Possible values: [binary, structured] (default: binary) - - https://github.com/cloudevents/spec/blob/v1.0/spec.md#message - - https://github.com/cloudevents/spec/blob/v1.0/kafka-protocol-binding.md#32-binary-content-mode - - https://github.com/cloudevents/spec/blob/v1.0/kafka-protocol-binding.md#33-structured-content-mode - type: string - enum: - - binary - - structured - default: binary - auth: - description: 'Auth configurations' - type: object - properties: - secret: - description: 'Auth secret' - type: object - properties: - ref: - # TODO add format in description (?) - description: | - Secret reference. - type: object - required: - - name - properties: - name: - description: 'Secret name' - type: string - status: - description: 'Status represents the current state of the KafkaSink. This data may be out of date.' - type: object - properties: - address: - description: 'Kafka Sink is Addressable. It exposes the endpoint as an URI to get events delivered to a Kafka topic.' - type: object - properties: - url: - type: string - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - observedGeneration: - description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' - type: integer - format: int64 - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" -# conversion: -# strategy: Webhook -# webhook: -# conversionReviewVersions: [ "v1alpha1" ] -# clientConfig: -# service: -# name: eventing-kafka-webhook -# namespace: knative-eventing - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - annotations: - registry.knative.dev/eventTypes: | - [ - { "type": "dev.knative.kafka.event" } - ] - name: kafkasources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1beta1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - # this is a work around so we don't need to flush out the - # schema for each version at this time - # - # see issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - subresources: - status: {} - scale: - # specReplicasPath defines the JSONPath inside of a custom resource that corresponds to Scale.Spec.Replicas. - specReplicasPath: .spec.consumers - # statusReplicasPath defines the JSONPath inside of a custom resource that corresponds to Scale.Status.Replicas. - statusReplicasPath: .status.consumers - # labelSelectorPath defines the JSONPath inside of a custom resource that corresponds to Scale.Status.Selector - labelSelectorPath: .status.selector - additionalPrinterColumns: - - name: Topics - type: string - jsonPath: ".spec.topics" - - name: BootstrapServers - type: string - jsonPath: ".spec.bootstrapServers" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - names: - categories: - - all - - knative - - eventing - - sources - kind: KafkaSource - plural: kafkasources - scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: kafka-source-webhook - namespace: knative-eventing ---- - - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The role is needed for the aggregated role source-observer in knative-eventing to provide readonly access to "Sources". -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: eventing-kafka-source-observer - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" - duck.knative.dev/source: "true" -rules: - - apiGroups: - - "sources.knative.dev" - resources: - - "kafkasources" - verbs: - - get - - list - - watch - ---- -# Copyright 2022 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-kafka-source-defaults - namespace: knative-eventing - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" - annotations: - knative.dev/example-checksum: "b6ed351d" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # autoscalingClass is the autoscaler class name to use. - # valid value: keda.autoscaling.knative.dev - # autoscalingClass: "" - - # minScale is the minimum number of replicas to scale down to. - # minScale: "1" - - # maxScale is the maximum number of replicas to scale up to. - # maxScale: "1" - - # pollingInterval is the interval in seconds KEDA uses to poll metrics. - # pollingInterval: "30" - - # cooldownPeriod is the period of time in seconds KEDA waits until it scales down. - # cooldownPeriod: "300" - - # kafkaLagThreshold is the lag (ie. number of messages in a partition) threshold for KEDA to scale up sources. - # kafkaLagThreshold: "10" - ---- -# Copyright 2022 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-kafka-autoscaler - namespace: knative-eventing - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" -data: - class: "keda.autoscaling.knative.dev" - min-scale: "0" - max-scale: "50" - polling-interval: "10" - cooldown-period: "300" - lag-threshold: "100" - activation-lag-threshold: "1" - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-kafka-descheduler - namespace: knative-eventing - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" -data: - predicates: | - [] - priorities: | - [ - {"Name": "RemoveWithEvenPodSpreadPriority", - "Weight": 10, - "Args": "{\"MaxSkew\": 2}"}, - {"Name": "RemoveWithAvailabilityZonePriority", - "Weight": 10, - "Args": "{\"MaxSkew\": 2}"}, - {"Name": "RemoveWithHighestOrdinalPriority", - "Weight": 2} - ] - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-kafka-features - namespace: knative-eventing - annotations: - knative.dev/example-checksum: "330d9f60" -data: - _example: |- - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - # - # Controls whether the dispatcher should use the rate limiter based on the number of virtual replicas. - # 1. Enabled: The rate limiter is applied. - # 2. Disabled: The rate limiter is not applied. - dispatcher.rate-limiter: "disabled" - # Controls whether the dispatcher should record additional metrics. - # 1. Enabled: The metrics are recorded. - # 2. Disabled: The metrics are not recorded. - dispatcher.ordered-executor-metrics: "disabled" - # Controls whether the controller should autoscale consumer resources with KEDA - # 1. Enabled: KEDA autoscaling of consumers will be setup. - # 2. Disabled: KEDA autoscaling of consumers will not be setup. - controller.autoscaler: "disabled" - # The Go text/template used to generate consumergroup ID for triggers. - # The template can reference the trigger Kubernetes metadata only. - triggers.consumergroup.template: "knative-trigger-{{ .Namespace }}-{{ .Name }}" - dispatcher.rate-limiter: "disabled" - dispatcher.ordered-executor-metrics: "disabled" - controller.autoscaler: "disabled" - triggers.consumergroup.template: "knative-trigger-{{ .Namespace }}-{{ .Name }}" - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" - name: config-kafka-leader-election - namespace: knative-eventing - annotations: - knative.dev/example-checksum: "96896b00" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # leaseDuration is how long non-leaders will wait to try to acquire the - # lock; 15 seconds is the value used by core kubernetes controllers. - leaseDuration: "15s" - - # renewDeadline is how long a leader will try to renew the lease before - # giving up; 10 seconds is the value used by core kubernetes controllers. - renewDeadline: "10s" - - # retryPeriod is how long the leader election client waits between tries of - # actions; 2 seconds is the value used by core kubernetes controllers. - retryPeriod: "2s" - - # buckets is the number of buckets used to partition key space of each - # Reconciler. If this number is M and the replica number of the controller - # is N, the N replicas will compete for the M buckets. The owner of a - # bucket will take care of the reconciling for the keys partitioned into - # that bucket. - buckets: "1" - leaseDuration: "15s" - renewDeadline: "10s" - retryPeriod: "2s" - map-lease-prefix.kafka-broker-controller.knative.dev.eventing-kafka-broker.control-plane.pkg.reconciler.source.Reconciler: kafka-controller.knative.dev.eventing-kafka.pkg.source.reconciler.source.reconciler - map-lease-prefix.kafka-broker-controller.knative.dev.eventing-kafka-broker.control-plane.pkg.reconciler.channel.Reconciler: kafkachannel-controller.knative.dev.eventing-kafka.pkg.channel.consolidated.reconciler.controller.reconciler - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-kafka-scheduler - namespace: knative-eventing - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" -data: - predicates: | - [ - {"Name": "PodFitsResources"}, - {"Name": "NoMaxResourceCount", - "Args": "{\"NumPartitions\": 100}"} - ] - priorities: | - [ - {"Name": "AvailabilityZonePriority", - "Weight": 10, - "Args": "{\"MaxSkew\": 2}"}, - {"Name": "LowestOrdinalPriority", - "Weight": 2}, - {"Name": "EvenPodSpread", - "Weight": 2, - "Args": "{\"MaxSkew\": 2}"} - ] - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: ConfigMap -metadata: - name: kafka-config-logging - namespace: knative-eventing - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" -data: - config.xml: | - - - - - - - - - ---- -# Copyright 2022 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-namespaced-broker-resources - namespace: knative-eventing -data: - resources: | - [ - ] - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-tracing - namespace: knative-eventing - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" - knative.dev/config-propagation: original - knative.dev/config-category: eventing - annotations: - knative.dev/example-checksum: "4002b4c2" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - # - # This may be "zipkin" or "stackdriver", the default is "none" - backend: "none" - - # URL to zipkin collector where traces are sent. - # This must be specified when backend is "zipkin" - zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans" - - # The GCP project into which stackdriver metrics will be written - # when backend is "stackdriver". If unspecified, the project-id - # is read from GCP metadata when running on GCP. - stackdriver-project-id: "my-project" - - # Enable zipkin debug mode. This allows all spans to be sent to the server - # bypassing sampling. - debug: "false" - - # Percentage (0-1) of requests to trace - sample-rate: "0.1" - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-kafka-addressable-resolver - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" - duck.knative.dev/addressable: "true" -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - eventing.knative.dev - resources: - - kafkasinks - - kafkasinks/status - verbs: - - get - - list - - watch - - apiGroups: - - messaging.knative.dev - resources: - - kafkachannels - - kafkachannels/status - verbs: - - get - - list - - watch - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-kafka-channelable-manipulator - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" - duck.knative.dev/channelable: "true" -# Do not use this role directly. These rules will be added to the "channelable-manipulator" role. -rules: - - apiGroups: - - messaging.knative.dev - resources: - - kafkachannels - - kafkachannels/status - verbs: - - create - - get - - list - - watch - - update - - patch - - delete - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kafka-controller - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" -rules: - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - configmaps - verbs: - - delete - - apiGroups: - - "" - resources: - - configmaps - - services - verbs: - - get - - list - - watch - - update - - create - - delete - - apiGroups: - - "" - resources: - - pods - verbs: - - list - - update - - get - - watch - - apiGroups: - - "" - resources: - - pods/finalizers - verbs: - - get - - list - - create - - update - - delete - - apiGroups: - - "" - resources: - - events - verbs: - - patch - - create - - apiGroups: - - "coordination.k8s.io" - resources: - - "leases" - verbs: - - get - - list - - create - - update - - delete - - patch - - watch - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - update - - create - - delete - # for namespaced brokers, we need to be able to manage additional resources within the user namespaces - - apiGroups: - - "rbac.authorization.k8s.io" - resources: - - rolebindings - verbs: - - get - - list - - watch - - update - - create - - delete - - apiGroups: - - "rbac.authorization.k8s.io" - resources: - - clusterrolebindings - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - get - - list - - watch - - update - - create - - delete - - apiGroups: - - "apps" - resources: - - deployments - verbs: - - get - - list - - watch - - update - - create - - delete - # Scheduler permissions - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch - - apiGroups: - - "apps" - resources: - - statefulsets - - statefulsets/scale - verbs: - - get - - list - - watch - - update - - patch - # Internal APIs - - apiGroups: - - "internal.kafka.eventing.knative.dev" - resources: - - "consumers" - - "consumers/status" - - "consumergroups" - - "consumergroups/status" - verbs: - - create - - get - - list - - watch - - patch - - update - - delete - - apiGroups: - - "internal.kafka.eventing.knative.dev" - resources: - - "consumers/finalizers" - - "consumergroups/finalizers" - verbs: - - update - - delete - # Eventing resources and statuses we care about - - apiGroups: - - "eventing.knative.dev" - resources: - - "brokers" - - "brokers/status" - - "triggers" - - "triggers/status" - - "kafkasinks" - - "kafkasinks/status" - verbs: - - list - - get - - watch - - patch - - update - # eventing.knative.dev resources and finalizers we care about. - - apiGroups: - - "eventing.knative.dev" - resources: - - "brokers/finalizers" - - "triggers/finalizers" - - "kafkasinks/finalizers" - verbs: - - update - # messaging.knative.dev resources and finalizers we care about. - - apiGroups: - - messaging.knative.dev - resources: - - kafkachannels - - kafkachannels/status - verbs: - - get - - list - - watch - - update - - patch - - apiGroups: - - messaging.knative.dev - resources: - - subscriptions - - subscriptions/status - verbs: - - get - - list - - watch - - apiGroups: - - messaging.knative.dev - resources: - - kafkachannels/finalizers - verbs: - - update - # sources.knative.dev resources and finalizers we care about. - - apiGroups: - - sources.knative.dev - resources: - - kafkasources - - kafkasources/status - verbs: - - get - - list - - watch - - update - - patch - - apiGroups: - - sources.knative.dev - resources: - - kafkasources/finalizers - verbs: - - update - - apiGroups: - - keda.sh - resources: - - scaledobjects - - scaledobjects/finalizers - - scaledobjects/status - - triggerauthentications - - triggerauthentications/status - verbs: - - get - - list - - watch - - update - - create - - delete - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kafka-controller - namespace: knative-eventing - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kafka-controller - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" -subjects: - - kind: ServiceAccount - name: kafka-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: kafka-controller - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kafka-controller-addressable-resolver - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" -subjects: - - kind: ServiceAccount - name: kafka-controller - namespace: knative-eventing -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: addressable-resolver - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kafka-controller - namespace: knative-eventing - labels: - app: kafka-controller - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" - app.kubernetes.io/component: kafka-controller - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: - app: kafka-controller - template: - metadata: - name: kafka-controller - labels: - app: kafka-controller - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" - app.kubernetes.io/component: kafka-controller - app.kubernetes.io/name: knative-eventing - spec: - securityContext: - runAsNonRoot: true - serviceAccountName: kafka-controller - # To avoid node becoming SPOF, spread our replicas to different nodes and zones. - topologySpreadConstraints: - - maxSkew: 2 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app: kafka-controller - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: kafka-controller - topologyKey: kubernetes.io/hostname - weight: 100 - containers: - - name: controller - image: gcr.io/knative-releases/knative.dev/eventing-kafka-broker/control-plane/cmd/kafka-controller@sha256:6f4d022522ca4143c68b6d55a690d594e66a9ad8660abacd8e42b91c0ed614de - imagePullPolicy: IfNotPresent - env: - - name: BROKER_DATA_PLANE_CONFIG_MAP_NAMESPACE - value: knative-eventing - - name: CHANNEL_DATA_PLANE_CONFIG_MAP_NAMESPACE - value: knative-eventing - - name: SINK_DATA_PLANE_CONFIG_MAP_NAMESPACE - value: knative-eventing - - name: BROKER_CONTRACT_CONFIG_MAP_NAME - value: kafka-broker-brokers-triggers - - name: CHANNEL_CONTRACT_CONFIG_MAP_NAME - value: kafka-channel-channels-subscriptions - - name: SINK_CONTRACT_CONFIG_MAP_NAME - value: kafka-sink-sinks - - name: BROKER_DATA_PLANE_CONFIG_CONFIG_MAP_NAME - value: config-kafka-broker-data-plane - - name: SINK_DATA_PLANE_CONFIG_CONFIG_MAP_NAME - value: config-kafka-sink-data-plane - - name: CHANNEL_DATA_PLANE_CONFIG_CONFIG_MAP_NAME - value: config-kafka-channel-data-plane - - name: BROKER_CONTRACT_CONFIG_MAP_FORMAT - value: json - - name: CHANNEL_CONTRACT_CONFIG_MAP_FORMAT - value: json - - name: SINK_CONTRACT_CONFIG_MAP_FORMAT - value: json - - name: CONSUMER_CONTRACT_CONFIG_MAP_FORMAT - value: json - - name: BROKER_INGRESS_NAME - value: kafka-broker-ingress - - name: CHANNEL_INGRESS_NAME - value: kafka-channel-ingress - - name: SINK_INGRESS_NAME - value: kafka-sink-ingress - - name: BROKER_GENERAL_CONFIG_MAP_NAME - value: kafka-broker-config - - name: CHANNEL_GENERAL_CONFIG_MAP_NAME - value: kafka-channel-config - - name: SINK_GENERAL_CONFIG_MAP_NAME - value: kafka-broker-config - - name: BROKER_INGRESS_POD_PORT - value: "8080" - - name: CHANNEL_INGRESS_POD_PORT - value: "8080" - - name: SINK_INGRESS_POD_PORT - value: "8080" - - name: BROKER_SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CHANNEL_SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: SINK_SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: BROKER_DEFAULT_BACKOFF_DELAY_MS - value: "1000" # 1 second - - name: CHANNEL_DEFAULT_BACKOFF_DELAY_MS - value: "1000" # 1 second - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - # How often (in seconds) the autoscaler tries to scale down the statefulset. - - name: AUTOSCALER_REFRESH_PERIOD - value: '100' - # The number of virtual replicas each adapter pod can handle. - - name: POD_CAPACITY - value: '20' - - name: SCHEDULER_CONFIG - value: 'config-kafka-scheduler' - - name: DESCHEDULER_CONFIG - value: 'config-kafka-descheduler' - - name: AUTOSCALER_CONFIG - value: 'config-kafka-autoscaler' - - name: CONFIG_LEADERELECTION_NAME - value: config-kafka-leader-election - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/eventing - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - ports: - - containerPort: 9090 - name: metrics - resources: - requests: - cpu: 100m - memory: 100Mi - terminationMessagePolicy: FallbackToLogsOnError - terminationMessagePath: /dev/temination-log - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - restartPolicy: Always - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kafka-webhook-eventing - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" -rules: - # For watching logging configuration and getting certs. - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - "get" - - "list" - - "watch" - # For manipulating certs into secrets. - - apiGroups: - - "" - resources: - - "secrets" - - "namespaces" - verbs: - - "get" - - "create" - - "update" - - "list" - - "watch" - - "patch" - # For getting our Deployment so we can decorate with ownerref. - - apiGroups: - - "apps" - resources: - - "deployments" - verbs: - - "get" - - apiGroups: - - "apps" - resources: - - "deployments/finalizers" - verbs: - - update - # For actually registering our webhook. - - apiGroups: - - "admissionregistration.k8s.io" - resources: - - "mutatingwebhookconfigurations" - - "validatingwebhookconfigurations" - verbs: &everything - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" - # For leader election - - apiGroups: - - "coordination.k8s.io" - resources: - - "leases" - verbs: *everything - # finalizers are needed for the owner reference of the webhook - - apiGroups: - - "" - resources: - - "namespaces/finalizers" - verbs: - - "update" - # Eventing resources care about - - apiGroups: - - "eventing.knative.dev" - resources: - - "brokers" - verbs: - - list - - get - - watch - # messaging.knative.dev resources and finalizers we care about. - - apiGroups: - - messaging.knative.dev - resources: - - kafkachannels - verbs: - - get - - list - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kafka-webhook-eventing - namespace: knative-eventing - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kafka-webhook-eventing - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" -subjects: - - kind: ServiceAccount - name: kafka-webhook-eventing - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: kafka-webhook-eventing - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: defaulting.webhook.kafka.eventing.knative.dev - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: kafka-webhook-eventing - namespace: knative-eventing - sideEffects: None - failurePolicy: Fail - name: defaulting.webhook.kafka.eventing.knative.dev - timeoutSeconds: 2 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: pods.defaulting.webhook.kafka.eventing.knative.dev - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" -webhooks: - # Dispatcher pods webhook config. - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: kafka-webhook-eventing - namespace: knative-eventing - sideEffects: None - failurePolicy: Fail - name: pods.defaulting.webhook.kafka.eventing.knative.dev - timeoutSeconds: 2 - reinvocationPolicy: IfNeeded - matchPolicy: Equivalent - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: knative-eventing - objectSelector: - matchLabels: - app.kubernetes.io/kind: kafka-dispatcher - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: kafka-webhook-eventing-certs - namespace: knative-eventing - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" -# The data is populated at install time. - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validation.webhook.kafka.eventing.knative.dev - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: kafka-webhook-eventing - namespace: knative-eventing - sideEffects: None - failurePolicy: Fail - name: validation.webhook.kafka.eventing.knative.dev - timeoutSeconds: 2 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kafka-webhook-eventing - namespace: knative-eventing - labels: - app: kafka-webhook-eventing - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" - app.kubernetes.io/component: kafka-webhook-eventing - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: - app: kafka-webhook-eventing - template: - metadata: - labels: - app: kafka-webhook-eventing - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" - app.kubernetes.io/component: kafka-webhook-eventing - app.kubernetes.io/name: knative-eventing - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: kafka-webhook-eventing - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: kafka-webhook-eventing - securityContext: - runAsNonRoot: true - containers: - - name: kafka-webhook-eventing - terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing-kafka-broker/control-plane/cmd/webhook-kafka@sha256:993dcbca1fb12c6dfd91a05192c51d3095f643d9dd7f26334db72403cc4d990e - resources: - requests: - cpu: 20m - memory: 20Mi - limits: - cpu: 200m - memory: 200Mi - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LEADERELECTION_NAME - value: config-kafka-leader-election - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: METRICS_DOMAIN - value: knative.dev/eventing - - name: WEBHOOK_NAME - value: kafka-webhook-eventing - - name: WEBHOOK_PORT - value: "8443" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: https-webhook - containerPort: 8443 - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - readinessProbe: &probe - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - livenessProbe: - !!merge <<: *probe - initialDelaySeconds: 20 - # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently - # high value that we respect whatever value it has configured for the lame duck grace period. - terminationGracePeriodSeconds: 300 ---- -apiVersion: v1 -kind: Service -metadata: - name: kafka-webhook-eventing - namespace: knative-eventing - labels: - app: kafka-webhook-eventing - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" - app.kubernetes.io/component: kafka-webhook-eventing - app.kubernetes.io/name: knative-eventing -spec: - ports: - - name: https-webhook - port: 443 - targetPort: 8443 - - name: http-metrics - port: 9090 - targetPort: 9090 - selector: - app: kafka-webhook-eventing - ---- diff --git a/cmd/operator/kodata/eventing-source/1.10/kafka/eventing-kafka-post-install.yaml b/cmd/operator/kodata/eventing-source/1.10/kafka/eventing-kafka-post-install.yaml deleted file mode 100644 index f90fdfeaaf..0000000000 --- a/cmd/operator/kodata/eventing-source/1.10/kafka/eventing-kafka-post-install.yaml +++ /dev/null @@ -1,960 +0,0 @@ -# Copyright 2022 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-kafka-controller-post-install - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" -rules: - - apiGroups: - - apps - resources: - - deployments - verbs: - - delete - - deletecollection - - apiGroups: - - "apps" - resources: - - statefulsets - verbs: - - get - - list - # sources.knative.dev resources and finalizers we care about. - - apiGroups: - - sources.knative.dev - resources: - - kafkasources - - kafkasources/status - verbs: - - get - - list - - apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - resourceNames: - - defaulting.webhook.kafka.sources.knative.dev - - defaulting.webhook.kafka.messaging.knative.dev - verbs: - - delete - - apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - resourceNames: - - validation.webhook.kafka.sources.knative.dev - - config.webhook.kafka.sources.knative.dev - - validation.webhook.kafka.messaging.knative.dev - verbs: - - delete - - apiGroups: - - "" - resources: - - services - resourceNames: - - kafka-source-webhook - - kafka-controller - - kafka-webhook - - kafka-ch-dispatcher - verbs: - - delete - # to be able to list channel services and patch them - - apiGroups: - - "" - resources: - - services - verbs: - - list - - patch - - apiGroups: - - apps - resources: - - deployments - resourceNames: - - kafka-controller-manager - - kafka-webhook - - kafka-ch-controller - - kafka-ch-dispatcher - - kafka-source-dispatcher - verbs: - - delete - # to be able to check readiness of the new dataplane - - apiGroups: - - apps - resources: - - deployments - resourceNames: - - kafka-channel-dispatcher - - kafka-channel-receiver - - kafka-controller - verbs: - - get - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - resourceNames: - - eventing-sources-kafka-controller - - eventing-sources-kafka-controller-addressable-resolver - - kafka-webhook - - kafka-ch-controller - - kafka-ch-dispatcher - - eventing-sources-kafka-controller-podspecable-binding - verbs: - - delete - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterroles - resourceNames: - - eventing-sources-kafka-controller - - kafka-webhook - - kafka-ch-controller - - kafka-addressable-resolver - - kafka-channelable-manipulator - - kafka-ch-dispatcher - verbs: - - delete - - apiGroups: - - "" - resources: - - serviceaccounts - resourceNames: - - kafka-controller-manager - - kafka-webhook - - kafka-ch-controller - - kafka-ch-dispatcher - verbs: - - delete - - apiGroups: - - "" - resources: - - secrets - resourceNames: - - kafka-source-webhook-certs - - messaging-webhook-certs - verbs: - - delete - - apiGroups: - - "autoscaling" - resources: - - horizontalpodautoscalers - resourceNames: - - kafka-webhook - verbs: - - delete - - apiGroups: - - "policy" - resources: - - poddisruptionbudgets - resourceNames: - - kafka-webhook - verbs: - - delete - - apiGroups: - - "coordination.k8s.io" - resources: - - leases - resourceNames: - - kafkachannel-dispatcher.knative.dev.eventing-kafka.pkg.channel.consolidated.reconciler.dispatcher.reconciler.00-of-01 - verbs: - - delete - # to be able to read the old configmap and migrate - # and then delete them - - apiGroups: - - "" - resources: - - configmaps - resourceNames: - - config-leader-election-kafkachannel - - config-kafka - verbs: - - get - - delete - # to be able update config in the new configmap - - apiGroups: - - "" - resources: - - configmaps - resourceNames: - - kafka-channel-config - verbs: - - patch - ---- -# Copyright 2022 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: ServiceAccount -metadata: - name: knative-kafka-controller-post-install - namespace: knative-eventing - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-kafka-storage-version-migrator - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" -rules: - # Storage version upgrader needs to be able to patch CRDs. - - apiGroups: - - "apiextensions.k8s.io" - resources: - - "customresourcedefinitions" - - "customresourcedefinitions/status" - verbs: - - "get" - - "list" - - "update" - - "patch" - - "watch" - # Our own resources we care about. - - apiGroups: - - "sources.knative.dev" - resources: - - "kafkasources" - - "kafkasources/finalizers" - - "kafkasources/status" - verbs: - - "get" - - "list" - - "create" - - "update" - - "patch" - - "watch" - - apiGroups: - - "messaging.knative.dev" - resources: - - "kafkachannels" - - "kafkachannels/finalizers" - - "kafkachannels/status" - verbs: - - "get" - - "list" - - "create" - - "update" - - "patch" - - "watch" - - apiGroups: - - "eventing.knative.dev" - resources: - - "kafkasinks" - - "kafkasinks/finalizers" - - "kafkasinks/status" - verbs: - - "get" - - "list" - - "create" - - "update" - - "patch" - - "watch" - - apiGroups: - - "" - resources: - - "namespaces" - verbs: - - "get" - - "list" - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: knative-kafka-storage-version-migrator - namespace: knative-eventing - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-kafka-storage-version-migrator - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" -subjects: - - kind: ServiceAccount - name: knative-kafka-storage-version-migrator - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-kafka-storage-version-migrator - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2022 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-kafka-controller-post-install - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" -subjects: - - kind: ServiceAccount - name: knative-kafka-controller-post-install - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-kafka-controller-post-install - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2022 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: batch/v1 -kind: Job -metadata: - name: kafka-controller-post-install - namespace: knative-eventing - labels: - app: kafka-controller-post-install - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" -spec: - ttlSecondsAfterFinished: 600 - backoffLimit: 10 - template: - metadata: - labels: - app: kafka-controller-post-install - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: knative-kafka-controller-post-install - restartPolicy: OnFailure - containers: - - name: post-install - image: gcr.io/knative-releases/knative.dev/eventing-kafka-broker/control-plane/cmd/post-install@sha256:6a671a479dca64bdc6ce6ad43ad4225c375bb49945b4b3144ce7980b77f6a88a - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CHANNEL_GENERAL_CONFIG_MAP_NAME - value: kafka-channel-config - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: batch/v1 -kind: Job -metadata: - name: knative-kafka-storage-version-migrator - namespace: knative-eventing - labels: - app: "knative-kafka-storage-version-migrator" - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" -spec: - ttlSecondsAfterFinished: 600 - backoffLimit: 10 - template: - metadata: - labels: - app: "knative-kafka-storage-version-migrator" - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: knative-kafka-storage-version-migrator - restartPolicy: OnFailure - containers: - - name: migrate - image: gcr.io/knative-releases/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:f41053aaeb7919e064b33d49ea4a0323253fc157e9b236ac09efa5fbaf19fed9 - env: - - name: IGNORE_NOT_FOUND - value: "true" - args: - - "kafkasources.sources.knative.dev" - - "kafkachannels.messaging.knative.dev" - - "kafkasinks.eventing.knative.dev" - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ---- -# Copyright 2022 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-kafka-controller-post-install - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" -rules: - - apiGroups: - - apps - resources: - - deployments - verbs: - - delete - - deletecollection - - apiGroups: - - "apps" - resources: - - statefulsets - verbs: - - get - - list - # sources.knative.dev resources and finalizers we care about. - - apiGroups: - - sources.knative.dev - resources: - - kafkasources - - kafkasources/status - verbs: - - get - - list - - apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - resourceNames: - - defaulting.webhook.kafka.sources.knative.dev - - defaulting.webhook.kafka.messaging.knative.dev - verbs: - - delete - - apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - resourceNames: - - validation.webhook.kafka.sources.knative.dev - - config.webhook.kafka.sources.knative.dev - - validation.webhook.kafka.messaging.knative.dev - verbs: - - delete - - apiGroups: - - "" - resources: - - services - resourceNames: - - kafka-source-webhook - - kafka-controller - - kafka-webhook - - kafka-ch-dispatcher - verbs: - - delete - # to be able to list channel services and patch them - - apiGroups: - - "" - resources: - - services - verbs: - - list - - patch - - apiGroups: - - apps - resources: - - deployments - resourceNames: - - kafka-controller-manager - - kafka-webhook - - kafka-ch-controller - - kafka-ch-dispatcher - - kafka-source-dispatcher - verbs: - - delete - # to be able to check readiness of the new dataplane - - apiGroups: - - apps - resources: - - deployments - resourceNames: - - kafka-channel-dispatcher - - kafka-channel-receiver - - kafka-controller - verbs: - - get - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - resourceNames: - - eventing-sources-kafka-controller - - eventing-sources-kafka-controller-addressable-resolver - - kafka-webhook - - kafka-ch-controller - - kafka-ch-dispatcher - - eventing-sources-kafka-controller-podspecable-binding - verbs: - - delete - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterroles - resourceNames: - - eventing-sources-kafka-controller - - kafka-webhook - - kafka-ch-controller - - kafka-addressable-resolver - - kafka-channelable-manipulator - - kafka-ch-dispatcher - verbs: - - delete - - apiGroups: - - "" - resources: - - serviceaccounts - resourceNames: - - kafka-controller-manager - - kafka-webhook - - kafka-ch-controller - - kafka-ch-dispatcher - verbs: - - delete - - apiGroups: - - "" - resources: - - secrets - resourceNames: - - kafka-source-webhook-certs - - messaging-webhook-certs - verbs: - - delete - - apiGroups: - - "autoscaling" - resources: - - horizontalpodautoscalers - resourceNames: - - kafka-webhook - verbs: - - delete - - apiGroups: - - "policy" - resources: - - poddisruptionbudgets - resourceNames: - - kafka-webhook - verbs: - - delete - - apiGroups: - - "coordination.k8s.io" - resources: - - leases - resourceNames: - - kafkachannel-dispatcher.knative.dev.eventing-kafka.pkg.channel.consolidated.reconciler.dispatcher.reconciler.00-of-01 - verbs: - - delete - # to be able to read the old configmap and migrate - # and then delete them - - apiGroups: - - "" - resources: - - configmaps - resourceNames: - - config-leader-election-kafkachannel - - config-kafka - verbs: - - get - - delete - # to be able update config in the new configmap - - apiGroups: - - "" - resources: - - configmaps - resourceNames: - - kafka-channel-config - verbs: - - patch - ---- -# Copyright 2022 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: ServiceAccount -metadata: - name: knative-kafka-controller-post-install - namespace: knative-eventing - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-kafka-storage-version-migrator - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" -rules: - # Storage version upgrader needs to be able to patch CRDs. - - apiGroups: - - "apiextensions.k8s.io" - resources: - - "customresourcedefinitions" - - "customresourcedefinitions/status" - verbs: - - "get" - - "list" - - "update" - - "patch" - - "watch" - # Our own resources we care about. - - apiGroups: - - "sources.knative.dev" - resources: - - "kafkasources" - - "kafkasources/finalizers" - - "kafkasources/status" - verbs: - - "get" - - "list" - - "create" - - "update" - - "patch" - - "watch" - - apiGroups: - - "messaging.knative.dev" - resources: - - "kafkachannels" - - "kafkachannels/finalizers" - - "kafkachannels/status" - verbs: - - "get" - - "list" - - "create" - - "update" - - "patch" - - "watch" - - apiGroups: - - "eventing.knative.dev" - resources: - - "kafkasinks" - - "kafkasinks/finalizers" - - "kafkasinks/status" - verbs: - - "get" - - "list" - - "create" - - "update" - - "patch" - - "watch" - - apiGroups: - - "" - resources: - - "namespaces" - verbs: - - "get" - - "list" - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: knative-kafka-storage-version-migrator - namespace: knative-eventing - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-kafka-storage-version-migrator - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" -subjects: - - kind: ServiceAccount - name: knative-kafka-storage-version-migrator - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-kafka-storage-version-migrator - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2022 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-kafka-controller-post-install - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" -subjects: - - kind: ServiceAccount - name: knative-kafka-controller-post-install - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-kafka-controller-post-install - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2022 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: batch/v1 -kind: Job -metadata: - name: kafka-controller-post-install - namespace: knative-eventing - labels: - app: kafka-controller-post-install - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" -spec: - ttlSecondsAfterFinished: 600 - backoffLimit: 10 - template: - metadata: - labels: - app: kafka-controller-post-install - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: knative-kafka-controller-post-install - restartPolicy: OnFailure - containers: - - name: post-install - image: gcr.io/knative-releases/knative.dev/eventing-kafka-broker/control-plane/cmd/post-install@sha256:6a671a479dca64bdc6ce6ad43ad4225c375bb49945b4b3144ce7980b77f6a88a - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CHANNEL_GENERAL_CONFIG_MAP_NAME - value: kafka-channel-config - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: batch/v1 -kind: Job -metadata: - name: knative-kafka-storage-version-migrator - namespace: knative-eventing - labels: - app: "knative-kafka-storage-version-migrator" - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" -spec: - ttlSecondsAfterFinished: 600 - backoffLimit: 10 - template: - metadata: - labels: - app: "knative-kafka-storage-version-migrator" - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: knative-kafka-storage-version-migrator - restartPolicy: OnFailure - containers: - - name: migrate - image: gcr.io/knative-releases/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:f41053aaeb7919e064b33d49ea4a0323253fc157e9b236ac09efa5fbaf19fed9 - env: - - name: IGNORE_NOT_FOUND - value: "true" - args: - - "kafkasources.sources.knative.dev" - - "kafkachannels.messaging.knative.dev" - - "kafkasinks.eventing.knative.dev" - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ---- diff --git a/cmd/operator/kodata/eventing-source/1.10/kafka/eventing-kafka-source.yaml b/cmd/operator/kodata/eventing-source/1.10/kafka/eventing-kafka-source.yaml deleted file mode 100644 index 1347c62e96..0000000000 --- a/cmd/operator/kodata/eventing-source/1.10/kafka/eventing-kafka-source.yaml +++ /dev/null @@ -1,418 +0,0 @@ -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-kafka-source-data-plane - namespace: knative-eventing - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" - annotations: - knative.dev/example-checksum: "8157ecb1" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # All configurations in this ConfigMap are globally applied to each - # resource and there is no way to change them on a per-resource basis, - # unless otherwise specified. - - # Consumer configuration are documented in https://kafka.apache.org/documentation/#consumerconfigs. - # Some configurations might be forced by the actual code to make sure we respect the Knative Eventing - # delivery constraints, for example, `key.deserializer` and `value.deserializer`. - config-kafka-source-consumer.properties: | - key.deserializer=org.apache.kafka.common.serialization.StringDeserializer - value.deserializer=io.cloudevents.kafka.CloudEventDeserializer - fetch.min.bytes=1 - - # Available Vertx WebClientOptions are documented in - # https://vertx.io/docs/apidocs/io/vertx/ext/web/client/WebClientOptions.html. - # - # Each egress resource (KafkaSource, Trigger, Subscription) creates an HTTP client in each pod where the resource is - # scheduled, meaning that a client isn't shared across multiple resources to provide better isolation. - # - # The mapping is the following: - # for each method starting with `set` there is a property that can be set with the name that follows the `set` - # prefix starting with a lowercase letter. - # For example, there is a method called `setIdleTimeout` and the associated property is `idleTimeout`. - config-kafka-source-webclient.properties: | - idleTimeout=10000 - config-kafka-source-producer.properties: | - key.serializer=org.apache.kafka.common.serialization.StringSerializer - value.serializer=io.cloudevents.kafka.CloudEventSerializer - acks=all - buffer.memory=33554432 - # compression.type=snappy - retries=2147483647 - batch.size=16384 - client.dns.lookup=use_all_dns_ips - connections.max.idle.ms=600000 - delivery.timeout.ms=120000 - linger.ms=0 - max.block.ms=60000 - max.request.size=1048576 - partitioner.class=org.apache.kafka.clients.producer.internals.DefaultPartitioner - receive.buffer.bytes=-1 - request.timeout.ms=2000 - enable.idempotence=false - max.in.flight.requests.per.connection=5 - metadata.max.age.ms=300000 - # metric.reporters="" - metrics.num.samples=2 - metrics.recording.level=INFO - metrics.sample.window.ms=30000 - reconnect.backoff.max.ms=1000 - reconnect.backoff.ms=50 - retry.backoff.ms=100 - # transaction.timeout.ms=60000 - # transactional.id=null - config-kafka-source-consumer.properties: | - cloudevent.invalid.transformer.enabled=true - cloudevent.invalid.kind.plural=kafkasources - key.deserializer=org.apache.kafka.common.serialization.StringDeserializer - value.deserializer=io.cloudevents.kafka.CloudEventDeserializer - fetch.min.bytes=1 - heartbeat.interval.ms=3000 - max.partition.fetch.bytes=65536 - session.timeout.ms=10000 - # ssl.key.password= - # ssl.keystore.location= - # ssl.keystore.password= - # ssl.truststore.location= - # ssl.truststore.password= - allow.auto.create.topics=true - auto.offset.reset=earliest - client.dns.lookup=use_all_dns_ips - connections.max.idle.ms=540000 - default.api.timeout.ms=2000 - enable.auto.commit=false - exclude.internal.topics=true - fetch.max.bytes=52428800 - isolation.level=read_uncommitted - max.poll.interval.ms=300000 - max.poll.records=50 - partition.assignment.strategy=org.apache.kafka.clients.consumer.StickyAssignor - receive.buffer.bytes=65536 - request.timeout.ms=2000 - # sasl.client.callback.handler.class= - # sasl.jaas.config= - # sasl.kerberos.service.name= - # sasl.login.callback.handler.class - # sasl.login.class - # sasl.mechanism - security.protocol=PLAINTEXT - send.buffer.bytes=131072 - # ssl.enabled.protocols= - # ssl.keystore.type= - # ssl.protocol= - # ssl.provider= - auto.commit.interval.ms=5000 - check.crcs=true - # client.rack= - fetch.max.wait.ms=500 - # interceptor.classes= - metadata.max.age.ms=600000 - # metrics.reporters= - # metrics.num.samples= - # metrics.recording.level=INFO - # metrics.sample.window.ms= - reconnect.backoff.max.ms=1000 - retry.backoff.ms=100 - # sasl.kerberos.kinit.cmd= - # sasl.kerberos.min.time.before.relogin= - # sasl.kerberos.ticket.renew.jitter= - # sasl.login.refresh.buffer.seconds= - # sasl.login.refresh.min.period.seconds= - # sasl.login.refresh.window.factor - # sasl.login.refresh.window.jitter - # security.providers - # ssl.cipher.suites - # ssl.endpoint.identification.algorithm - # ssl.keymanager.algorithm - # ssl.secure.random.implementation - # ssl.trustmanager.algorithm - config-kafka-source-webclient.properties: | - idleTimeout=10000 - maxPoolSize=100 - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-kafka-source-data-plane - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" -rules: - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: ServiceAccount -metadata: - name: knative-kafka-source-data-plane - namespace: knative-eventing - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-kafka-source-data-plane - labels: - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" -subjects: - - kind: ServiceAccount - name: knative-kafka-source-data-plane - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-kafka-source-data-plane - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: kafka-source-dispatcher - namespace: knative-eventing - labels: - app: kafka-source-dispatcher - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" - app.kubernetes.io/component: kafka-source-dispatcher - app.kubernetes.io/name: knative-eventing -spec: - serviceName: kafka-source-dispatcher - podManagementPolicy: "Parallel" - selector: - matchLabels: - app: kafka-source-dispatcher - template: - metadata: - name: kafka-source-dispatcher - labels: - app: kafka-source-dispatcher - app.kubernetes.io/version: "2d6ec91159cd62213dbf54c35c9fee81eb382d7f" - app.kubernetes.io/component: kafka-channel-dispatcher - app.kubernetes.io/name: knative-eventing - app.kubernetes.io/kind: kafka-dispatcher - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes and zones. - topologySpreadConstraints: - - maxSkew: 2 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app: kafka-source-dispatcher - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: kafka-source-dispatcher - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: knative-kafka-source-data-plane - securityContext: - runAsNonRoot: true - containers: - - name: kafka-source-dispatcher - image: gcr.io/knative-releases/knative-kafka-broker-dispatcher:v1.10.8 - imagePullPolicy: IfNotPresent - volumeMounts: - - mountPath: /etc/config - name: config-kafka-source-data-plane - readOnly: true - - mountPath: /etc/contract-resources - name: contract-resources - readOnly: true - - mountPath: /tmp - name: cache - - mountPath: /etc/logging - name: kafka-config-logging - readOnly: true - - mountPath: /etc/tracing - name: config-tracing - readOnly: true - ports: - - containerPort: 9090 - name: http-metrics - protocol: TCP - env: - - name: SERVICE_NAME - value: "kafka-source-dispatcher" - - name: SERVICE_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: PRODUCER_CONFIG_FILE_PATH - value: /etc/config/config-kafka-source-producer.properties - - name: CONSUMER_CONFIG_FILE_PATH - value: /etc/config/config-kafka-source-consumer.properties - - name: WEBCLIENT_CONFIG_FILE_PATH - value: /etc/config/config-kafka-source-webclient.properties - - name: DATA_PLANE_CONFIG_FILE_PATH - value: /etc/contract-resources/data - - name: EGRESSES_INITIAL_CAPACITY - value: "20" - - name: INSTANCE_ID - valueFrom: - fieldRef: - fieldPath: metadata.uid - - name: METRICS_PATH - value: /metrics - - name: METRICS_PORT - value: "9090" - - name: METRICS_PUBLISH_QUANTILES - value: "false" - - name: METRICS_JVM_ENABLED - value: "false" - - name: CONFIG_TRACING_PATH - value: "/etc/tracing" - # https://github.com/fabric8io/kubernetes-client/issues/2212 - - name: HTTP2_DISABLE - value: "true" - # This should be set according to initial delay seconds - - name: WAIT_STARTUP_SECONDS - value: "8" - - name: JAVA_TOOL_OPTIONS - value: "-XX:+CrashOnOutOfMemoryError -XX:InitialRAMPercentage=70.0 -XX:MinRAMPercentage=70.0 -XX:MaxRAMPercentage=70.0" - resources: - requests: - cpu: 1000m - # 600Mi for virtual replicas + 100Mi overhead - memory: 700Mi - limits: - cpu: 2000m - memory: 1000Mi - livenessProbe: - failureThreshold: 3 - tcpSocket: - port: 9090 - initialDelaySeconds: 10 - periodSeconds: 3 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - failureThreshold: 3 - httpGet: - port: 9090 - path: /metrics - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 3 - successThreshold: 1 - timeoutSeconds: 1 - terminationMessagePolicy: FallbackToLogsOnError - terminationMessagePath: /dev/temination-log - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - volumes: - - name: config-kafka-source-data-plane - configMap: - name: config-kafka-source-data-plane - - name: cache - emptyDir: {} - - name: kafka-config-logging - configMap: - name: kafka-config-logging - - name: config-tracing - configMap: - name: config-tracing - restartPolicy: Always - dnsConfig: - options: - - name: single-request-reopen - ---- diff --git a/cmd/operator/kodata/eventing-source/1.10/ceph/ceph.yaml b/cmd/operator/kodata/eventing-source/1.14/ceph/ceph.yaml similarity index 98% rename from cmd/operator/kodata/eventing-source/1.10/ceph/ceph.yaml rename to cmd/operator/kodata/eventing-source/1.14/ceph/ceph.yaml index ebfee6246a..a5051f6e4f 100644 --- a/cmd/operator/kodata/eventing-source/1.10/ceph/ceph.yaml +++ b/cmd/operator/kodata/eventing-source/1.14/ceph/ceph.yaml @@ -464,7 +464,7 @@ spec: containers: - name: controller terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing-ceph/cmd/controller@sha256:ce86622bae8742e8b8aaeffc592dbc6b4c93ac9b42b6c82907916d6d82a6c2ff + image: gcr.io/knative-releases/knative.dev/eventing-ceph/cmd/controller@sha256:f0a79b287d0188911b00a9a3708662b36d03a657b714ec6ffa0b777e75bf5aee resources: requests: cpu: 100m @@ -481,7 +481,7 @@ spec: - name: METRICS_DOMAIN value: knative.dev/sources - name: CEPH_SOURCE_RA_IMAGE - value: gcr.io/knative-releases/knative.dev/eventing-ceph/cmd/receive_adapter@sha256:0bd128cd0c43cf2bb675380716ce37cc6247e8db05b5fa8159760bf000f962e1 + value: gcr.io/knative-releases/knative.dev/eventing-ceph/cmd/receive_adapter@sha256:a3352b4183aedad4d7cbe27584568bf003c35be72ce4ed21ef6d15f4a109da9f - name: POD_NAME valueFrom: fieldRef: @@ -620,7 +620,7 @@ spec: containers: - name: cephsource-webhook terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing-ceph/cmd/webhook@sha256:ebd52df0cf685ced6f49831f7c6ab90e01550b88045719f41e28aa670d5ee1b1 + image: gcr.io/knative-releases/knative.dev/eventing-ceph/cmd/webhook@sha256:c440287ba79af6c4a64bd652a552615d2c0d2e61bcebbb36bd344bf3c6fcd7e1 env: - name: SYSTEM_NAMESPACE valueFrom: diff --git a/cmd/operator/kodata/eventing-source/1.10/github/github.yaml b/cmd/operator/kodata/eventing-source/1.14/github/github.yaml similarity index 96% rename from cmd/operator/kodata/eventing-source/1.10/github/github.yaml rename to cmd/operator/kodata/eventing-source/1.14/github/github.yaml index 4279138a5a..6860d8c832 100644 --- a/cmd/operator/kodata/eventing-source/1.10/github/github.yaml +++ b/cmd/operator/kodata/eventing-source/1.14/github/github.yaml @@ -17,7 +17,7 @@ kind: Namespace metadata: name: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" --- # Copyright 2019 The Knative Authors @@ -40,7 +40,7 @@ metadata: name: github-controller-manager namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" --- # Copyright 2019 The Knative Authors @@ -63,7 +63,7 @@ metadata: name: github-webhook namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" --- # Copyright 2019 The Knative Authors @@ -85,7 +85,7 @@ kind: ClusterRole metadata: name: eventing-sources-github-controller labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" rules: # Sources admin - apiGroups: @@ -204,7 +204,7 @@ kind: ClusterRoleBinding metadata: name: eventing-sources-github-addressable-resolver labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" subjects: - kind: ServiceAccount name: github-controller-manager @@ -236,7 +236,7 @@ kind: ClusterRoleBinding metadata: name: eventing-sources-github-controller labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" subjects: - kind: ServiceAccount name: github-controller-manager @@ -266,7 +266,7 @@ kind: ClusterRoleBinding metadata: name: eventing-sources-github-podspecable-binding labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" subjects: - kind: ServiceAccount name: github-webhook @@ -296,7 +296,7 @@ kind: ClusterRoleBinding metadata: name: eventing-sources-github-webhook labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" subjects: - kind: ServiceAccount name: github-webhook @@ -326,7 +326,7 @@ kind: ClusterRole metadata: name: github-webhook labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" rules: # Sources admin - apiGroups: @@ -473,7 +473,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" duck.knative.dev/binding: "true" knative.dev/crd-install: "true" name: githubbindings.bindings.knative.dev @@ -526,7 +526,7 @@ kind: CustomResourceDefinition metadata: name: githubsources.sources.knative.dev labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" @@ -731,6 +731,9 @@ spec: oneOf: - required: [ref] - required: [uri] + secure: + type: boolean + description: Secure can be set to true to configure the webhook to use https, or false to use http. Omitting it relies on the scheme of the Knative Service created. required: - ownerAndRepository - eventTypes @@ -788,7 +791,7 @@ metadata: name: github-controller namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" control-plane: github-controller-manager spec: selector: @@ -818,7 +821,7 @@ metadata: name: github-controller-manager namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" control-plane: github-controller-manager spec: selector: @@ -831,7 +834,7 @@ spec: spec: serviceAccountName: github-controller-manager containers: - - image: gcr.io/knative-releases/knative.dev/eventing-github/cmd/controller@sha256:bdcffe3176b1803c9ef3f5db00d50d8b6409dda985e82bca36ef5b922ab0ef5b + - image: gcr.io/knative-releases/knative.dev/eventing-github/cmd/controller@sha256:b22f289e9ac18915ac958e50c7ecba1cdebae68156d271e2bae77e7c33e31178 name: manager env: - name: SYSTEM_NAMESPACE @@ -847,7 +850,7 @@ spec: - name: METRICS_DOMAIN value: knative.dev/sources - name: GH_RA_IMAGE - value: gcr.io/knative-releases/knative.dev/eventing-github/cmd/receive_adapter@sha256:11714443a7a4936a94035d05c62762bb9f2d8ec3dbfb0101f10d11aa88197b11 + value: gcr.io/knative-releases/knative.dev/eventing-github/cmd/receive_adapter@sha256:a8ddbcfa7e3ce5d518c4eaa63773c4df99f927704548d550123f2006793ff8b0 resources: requests: cpu: 100m @@ -877,7 +880,7 @@ kind: MutatingWebhookConfiguration metadata: name: defaulting.webhook.github.sources.knative.dev labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" webhooks: - admissionReviewVersions: - v1beta1 @@ -894,7 +897,7 @@ kind: ValidatingWebhookConfiguration metadata: name: validation.webhook.github.sources.knative.dev labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" webhooks: - admissionReviewVersions: - v1beta1 @@ -929,7 +932,7 @@ metadata: name: github-webhook-certs namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" # The data is populated at install time. --- @@ -953,7 +956,7 @@ metadata: name: github-webhook namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" spec: replicas: 1 selector: @@ -970,7 +973,7 @@ spec: containers: - name: github-webhook terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing-github/cmd/webhook@sha256:1471dd0a0ae1bbf9b4be9cc10995044b7cecfc648171bccf8d4c4fef2cd1f5d3 + image: gcr.io/knative-releases/knative.dev/eventing-github/cmd/webhook@sha256:c424131ae6cf675b1a1ee2a874aa43b8f60054059d0793fb021945ecf1c7105a env: - name: SYSTEM_NAMESPACE valueFrom: @@ -1034,7 +1037,7 @@ metadata: name: config-leader-election-github namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" data: # An inactive but valid configuration follows; see example. resourceLock: "leases" diff --git a/cmd/operator/kodata/eventing-source/1.10/gitlab/gitlab.yaml b/cmd/operator/kodata/eventing-source/1.14/gitlab/gitlab.yaml similarity index 95% rename from cmd/operator/kodata/eventing-source/1.10/gitlab/gitlab.yaml rename to cmd/operator/kodata/eventing-source/1.14/gitlab/gitlab.yaml index 2081b69412..e44a7a0ed4 100644 --- a/cmd/operator/kodata/eventing-source/1.10/gitlab/gitlab.yaml +++ b/cmd/operator/kodata/eventing-source/1.14/gitlab/gitlab.yaml @@ -17,7 +17,7 @@ kind: Namespace metadata: name: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" --- # Copyright 2020 The Knative Authors @@ -40,7 +40,7 @@ metadata: name: gitlab-controller-manager namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" --- apiVersion: v1 kind: ServiceAccount @@ -48,7 +48,7 @@ metadata: name: gitlab-webhook namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" --- # Copyright 2020 The Knative Authors @@ -70,7 +70,7 @@ kind: ClusterRole metadata: name: gitlabsource-manager-role labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" rules: - apiGroups: - sources.knative.dev @@ -143,7 +143,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: eventing-contrib-gitlab-source-observer labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" duck.knative.dev/source: "true" rules: - apiGroups: @@ -175,7 +175,7 @@ kind: ClusterRoleBinding metadata: name: gitlabsource-manager-rolebinding labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -190,7 +190,7 @@ kind: ClusterRoleBinding metadata: name: eventing-sources-gitlab-addressable-resolver labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" subjects: - kind: ServiceAccount name: gitlab-controller-manager @@ -207,7 +207,7 @@ kind: ClusterRoleBinding metadata: name: eventing-sources-gitlab-webhook labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" subjects: - kind: ServiceAccount name: gitlab-webhook @@ -237,7 +237,7 @@ kind: ClusterRole metadata: name: gitlab-webhook labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" rules: # Sources admin - apiGroups: @@ -387,7 +387,7 @@ kind: CustomResourceDefinition metadata: name: gitlabbindings.bindings.knative.dev labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" duck.knative.dev/binding: "true" knative.dev/crd-install: "true" spec: @@ -514,7 +514,7 @@ kind: CustomResourceDefinition metadata: name: gitlabsources.sources.knative.dev labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" @@ -760,7 +760,7 @@ apiVersion: v1 kind: Service metadata: labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" control-plane: gitlab-controller-manager name: gitlab-controller-manager-service namespace: knative-sources @@ -776,7 +776,7 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" control-plane: gitlab-controller-manager name: gitlab-controller-manager namespace: knative-sources @@ -804,12 +804,12 @@ spec: - name: METRICS_DOMAIN value: knative.dev/sources - name: GL_RA_IMAGE - value: gcr.io/knative-releases/knative.dev/eventing-gitlab/cmd/receive_adapter@sha256:775bb540a4848f630fd3838781fb793a71988b3ae9a06f9c71889a41564c81d0 + value: gcr.io/knative-releases/knative.dev/eventing-gitlab/cmd/receive_adapter@sha256:666bc054e0e4ec270dee3c747fe03703811f13bb982af6948306cdbba23fe9fe - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - image: gcr.io/knative-releases/knative.dev/eventing-gitlab/cmd/controller@sha256:364277589f01a6c026edf433adbe69d8bc9a3e33ade2643d39a8c1b25c8bfd32 + image: gcr.io/knative-releases/knative.dev/eventing-gitlab/cmd/controller@sha256:13c55f2106a5976702384dc043d6e5225fadcc7a93d03e6eb99c575f19bc9fbd resources: limits: cpu: 100m @@ -839,7 +839,7 @@ kind: MutatingWebhookConfiguration metadata: name: defaulting.webhook.gitlab.sources.knative.dev labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" webhooks: - admissionReviewVersions: - v1beta1 @@ -856,7 +856,7 @@ kind: ValidatingWebhookConfiguration metadata: name: validation.webhook.gitlab.sources.knative.dev labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" webhooks: - admissionReviewVersions: - v1beta1 @@ -873,7 +873,7 @@ kind: MutatingWebhookConfiguration metadata: name: gitlabbindings.webhook.gitlab.sources.knative.dev labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" webhooks: - admissionReviewVersions: - v1beta1 @@ -906,14 +906,14 @@ metadata: name: gitlab-webhook-certs namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" # The data is populated at install time. --- apiVersion: v1 kind: Service metadata: labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" role: webhook name: gitlab-webhook namespace: knative-sources @@ -931,7 +931,7 @@ metadata: name: gitlab-webhook namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" spec: replicas: 1 selector: @@ -946,7 +946,7 @@ spec: containers: - name: gitlab-webhook terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing-gitlab/cmd/webhook@sha256:da7c41f4c68a2c665cbcfe9f1c06d4494680f2643b4c4c372091ba5fea2d4b6d + image: gcr.io/knative-releases/knative.dev/eventing-gitlab/cmd/webhook@sha256:95a32b2159ad25f50f8da5c7e07a891cc4e8fe205370186d23d8bfac28d9e3cd env: - name: SYSTEM_NAMESPACE valueFrom: diff --git a/cmd/operator/kodata/eventing-source/1.10/rabbitmq/rabbitmq-source.yaml b/cmd/operator/kodata/eventing-source/1.14/rabbitmq/rabbitmq-source.yaml similarity index 96% rename from cmd/operator/kodata/eventing-source/1.10/rabbitmq/rabbitmq-source.yaml rename to cmd/operator/kodata/eventing-source/1.14/rabbitmq/rabbitmq-source.yaml index dcabbdb33e..ae5002297f 100644 --- a/cmd/operator/kodata/eventing-source/1.10/rabbitmq/rabbitmq-source.yaml +++ b/cmd/operator/kodata/eventing-source/1.14/rabbitmq/rabbitmq-source.yaml @@ -17,7 +17,7 @@ kind: Namespace metadata: name: knative-sources labels: - rabbitmq.eventing.knative.dev/release: "v1.10.3" + rabbitmq.eventing.knative.dev/release: "v1.14.0" --- # Copyright 2020 The Knative Authors @@ -40,7 +40,7 @@ metadata: name: rabbitmq-controller-manager namespace: knative-sources labels: - rabbitmq.eventing.knative.dev/release: "v1.10.3" + rabbitmq.eventing.knative.dev/release: "v1.14.0" secrets: - name: rabbitmq-source-key --- @@ -73,7 +73,7 @@ kind: ClusterRole metadata: name: rabbitmq-webhook labels: - rabbitmq.eventing.knative.dev/release: "v1.10.3" + rabbitmq.eventing.knative.dev/release: "v1.14.0" rules: # For watching logging configuration and getting certs. - apiGroups: @@ -157,7 +157,7 @@ kind: ClusterRole metadata: name: eventing-sources-rabbitmq-controller labels: - rabbitmq.eventing.knative.dev/release: "v1.10.3" + rabbitmq.eventing.knative.dev/release: "v1.14.0" rules: - apiGroups: - sources.knative.dev @@ -270,14 +270,14 @@ metadata: name: rabbitmq-webhook namespace: knative-sources labels: - rabbitmq.eventing.knative.dev/release: "v1.10.3" + rabbitmq.eventing.knative.dev/release: "v1.14.0" --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: rabbitmq-webhook labels: - rabbitmq.eventing.knative.dev/release: "v1.10.3" + rabbitmq.eventing.knative.dev/release: "v1.14.0" subjects: - kind: ServiceAccount name: rabbitmq-webhook @@ -307,7 +307,7 @@ kind: ClusterRoleBinding metadata: name: eventing-sources-rabbitmq-controller labels: - rabbitmq.eventing.knative.dev/release: "v1.10.3" + rabbitmq.eventing.knative.dev/release: "v1.14.0" subjects: - kind: ServiceAccount name: rabbitmq-controller-manager @@ -322,7 +322,7 @@ kind: ClusterRoleBinding metadata: name: eventing-sources-rabbitmq-controller-addressable-resolver labels: - rabbitmq.eventing.knative.dev/release: "v1.10.3" + rabbitmq.eventing.knative.dev/release: "v1.14.0" subjects: - kind: ServiceAccount name: rabbitmq-controller-manager @@ -552,7 +552,7 @@ metadata: name: rabbitmq-controller namespace: knative-sources labels: - rabbitmq.eventing.knative.dev/release: "v1.10.3" + rabbitmq.eventing.knative.dev/release: "v1.14.0" control-plane: rabbitmq-controller-manager spec: selector: @@ -577,13 +577,20 @@ spec: # limitations under the License. apiVersion: v1 -kind: Secret +kind: Service metadata: - name: rabbitmq-webhook-certs - namespace: knative-sources labels: - rabbitmq.eventing.knative.dev/release: "v1.10.3" -# The data is populated at install time. + rabbitmq.eventing.knative.dev/release: "v1.14.0" + role: rabbitmq-source-webhook + name: rabbitmq-source-webhook + namespace: knative-sources +spec: + ports: + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + role: rabbitmq-source-webhook --- # Copyright 2020 The Knative Authors @@ -606,7 +613,7 @@ metadata: name: rabbitmq-controller-manager namespace: knative-sources labels: - rabbitmq.eventing.knative.dev/release: "v1.10.3" + rabbitmq.eventing.knative.dev/release: "v1.14.0" control-plane: rabbitmq-controller-manager spec: replicas: 1 @@ -620,7 +627,7 @@ spec: serviceAccountName: rabbitmq-controller-manager containers: - name: manager - image: gcr.io/knative-releases/knative.dev/eventing-rabbitmq/cmd/controller/source@sha256:c763f13a2d143586be2c2cb1520aa9431989d5259de9666883a8013ec7a46472 + image: gcr.io/knative-releases/knative.dev/eventing-rabbitmq/cmd/controller/source@sha256:d17a1218948cbd6376484cabb12474c6e6892522a50db42784213a6d956ce9f0 imagePullPolicy: IfNotPresent env: - name: SYSTEM_NAMESPACE @@ -632,7 +639,7 @@ spec: - name: CONFIG_OBSERVABILITY_NAME value: config-observability - name: RABBITMQ_RA_IMAGE - value: gcr.io/knative-releases/knative.dev/eventing-rabbitmq/cmd/receive_adapter@sha256:8abf17087a2b65a27412d4b9eb9c1cf9a475306c6f6e04893fba3c2b179cec79 + value: gcr.io/knative-releases/knative.dev/eventing-rabbitmq/cmd/receive_adapter@sha256:ba31b9f37aaab81ffe7de0d6e7ebb76dd21de7448164081140709ae346836a5f securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true @@ -668,7 +675,7 @@ kind: ValidatingWebhookConfiguration metadata: name: config.webhook.rabbitmq.sources.knative.dev labels: - rabbitmq.eventing.knative.dev/release: "v1.10.3" + rabbitmq.eventing.knative.dev/release: "v1.14.0" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -704,7 +711,7 @@ kind: MutatingWebhookConfiguration metadata: name: webhook.rabbitmq.sources.knative.dev labels: - rabbitmq.eventing.knative.dev/release: "v1.10.3" + rabbitmq.eventing.knative.dev/release: "v1.14.0" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -736,7 +743,7 @@ kind: ValidatingWebhookConfiguration metadata: name: validation.webhook.rabbitmq.sources.knative.dev labels: - rabbitmq.eventing.knative.dev/release: "v1.10.3" + rabbitmq.eventing.knative.dev/release: "v1.14.0" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -769,7 +776,7 @@ metadata: name: rabbitmq-webhook-certs namespace: knative-sources labels: - rabbitmq.eventing.knative.dev/release: "v1.10.3" + rabbitmq.eventing.knative.dev/release: "v1.14.0" # The data is populated at install time. --- @@ -792,7 +799,7 @@ kind: MutatingWebhookConfiguration metadata: name: sinkbindings.webhook.sources.knative.dev labels: - rabbitmq.eventing.knative.dev/release: "v1.10.3" + rabbitmq.eventing.knative.dev/release: "v1.14.0" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -825,7 +832,7 @@ metadata: name: rabbitmq-webhook namespace: knative-sources labels: - rabbitmq.eventing.knative.dev/release: "v1.10.3" + rabbitmq.eventing.knative.dev/release: "v1.14.0" spec: replicas: 1 selector: @@ -853,7 +860,7 @@ spec: terminationMessagePolicy: FallbackToLogsOnError # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-releases/knative.dev/eventing-rabbitmq/cmd/webhook/source@sha256:9eb6c6a7a7caad78c59a0e582997c9d92c922bcaee151e77882ee56dd1b4f791 + image: gcr.io/knative-releases/knative.dev/eventing-rabbitmq/cmd/webhook/source@sha256:b7545ddc8a6cc14a29a99c13168494812c33cee01167912e24e0c0db3e37eec9 resources: requests: # taken from serving. @@ -909,7 +916,7 @@ apiVersion: v1 kind: Service metadata: labels: - rabbitmq.eventing.knative.dev/release: "v1.10.3" + rabbitmq.eventing.knative.dev/release: "v1.14.0" role: rabbitmq-webhook name: rabbitmq-webhook namespace: knative-sources diff --git a/cmd/operator/kodata/eventing-source/1.10/redis/redis-source.yaml b/cmd/operator/kodata/eventing-source/1.14/redis/redis-source.yaml similarity index 99% rename from cmd/operator/kodata/eventing-source/1.10/redis/redis-source.yaml rename to cmd/operator/kodata/eventing-source/1.14/redis/redis-source.yaml index 56a29beece..e361e8bdad 100644 --- a/cmd/operator/kodata/eventing-source/1.10/redis/redis-source.yaml +++ b/cmd/operator/kodata/eventing-source/1.14/redis/redis-source.yaml @@ -201,7 +201,7 @@ kind: ClusterRole metadata: name: redis-webhook labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" rules: # For watching logging configuration and getting certs. - apiGroups: @@ -656,7 +656,7 @@ metadata: name: redis-controller-manager namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" control-plane: redis-controller-manager spec: selector: @@ -669,7 +669,7 @@ spec: spec: serviceAccountName: redis-controller-manager containers: - - image: gcr.io/knative-releases/knative.dev/eventing-redis/cmd/source/controller@sha256:8521c7bbf2ff7f660d63d400699f98cf5cab5f5d847db8a43096ded1c83dc252 + - image: gcr.io/knative-releases/knative.dev/eventing-redis/cmd/source/controller@sha256:c024fe9e69c37e488a52c9bf2b914ae4cff76823f2271b59be598bbed6ffcf42 name: manager env: - name: SYSTEM_NAMESPACE @@ -685,7 +685,7 @@ spec: - name: CONFIG_LEADERELECTION_NAME value: config-leader-election-redis - name: STREAMSOURCE_RA_IMAGE - value: gcr.io/knative-releases/knative.dev/eventing-redis/cmd/source/receive_adapter@sha256:230b881bb6965bd22a106db8a2f0b0a1d633ff110db62e9aa01d41ea87b8a91c + value: gcr.io/knative-releases/knative.dev/eventing-redis/cmd/source/receive_adapter@sha256:0768d6061a74240f9dd2a6e6364ba5d31d1321a65d89e98e5de28dc26ebb6bbb - name: CONFIG_REDIS_NUMCONSUMERS value: config-redis - name: SECRET_TLS_TLSCERTIFICATE @@ -713,7 +713,7 @@ metadata: name: config-leader-election-redis namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.10.2" + contrib.eventing.knative.dev/release: "v1.14.0" data: # An inactive but valid configuration follows; see example. resourceLock: "leases" diff --git a/cmd/operator/kodata/ingress/1.10/contour/net-contour.yaml b/cmd/operator/kodata/ingress/1.14/contour/net-contour.yaml similarity index 87% rename from cmd/operator/kodata/ingress/1.10/contour/net-contour.yaml rename to cmd/operator/kodata/ingress/1.14/contour/net-contour.yaml index 2f242a429d..8c75544cfb 100644 --- a/cmd/operator/kodata/ingress/1.10/contour/net-contour.yaml +++ b/cmd/operator/kodata/ingress/1.14/contour/net-contour.yaml @@ -8,7 +8,7 @@ metadata: networking.knative.dev/ingress-provider: contour app.kubernetes.io/component: net-contour app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" serving.knative.dev/controller: "true" rules: - apiGroups: ["projectcontour.io"] @@ -38,7 +38,7 @@ metadata: networking.knative.dev/ingress-provider: contour app.kubernetes.io/component: net-contour app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" data: _example: | ################################ @@ -71,6 +71,22 @@ data: ClusterLocal: class: contour-internal service: contour-internal/envoy + # cors-policy contains the configuration to set CORS policy for HTTPProxies. + cors-policy: | + allowCredentials: true + allowOrigin: + - example.com + allowMethods: + - GET + - POST + - OPTIONS + allowHeaders: + - authorization + - cache-control + exposeHeaders: + - Content-Length + - Content-Range + maxAge: "10m" # Copyright 2020 The Knative Authors # @@ -95,7 +111,7 @@ metadata: networking.knative.dev/ingress-provider: contour app.kubernetes.io/component: net-contour app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" spec: replicas: 1 selector: @@ -107,14 +123,14 @@ spec: app: net-contour-controller app.kubernetes.io/component: net-contour app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" spec: serviceAccountName: controller containers: - name: controller # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-releases/knative.dev/net-contour/cmd/controller@sha256:b611e5bd402e78c803cfb14fb8e9291b8b0f236a456f7143f970a1c0b1e2d112 + image: gcr.io/knative-releases/knative.dev/net-contour/cmd/controller@sha256:e25cf3d9a29e487db94b6448a5a4bbb2f1e506c9c20c7db5584ba6bc153a3c73 resources: requests: cpu: 40m @@ -145,6 +161,8 @@ spec: capabilities: drop: - ALL + seccompProfile: + type: RuntimeDefault --- #! Used when internal-encryption is set to "true" apiVersion: projectcontour.io/v1 @@ -156,7 +174,7 @@ metadata: networking.knative.dev/ingress-provider: contour app.kubernetes.io/component: net-contour app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" spec: delegations: - secretName: knative-serving-certs diff --git a/cmd/operator/kodata/ingress/1.10/istio/net-istio.yaml b/cmd/operator/kodata/ingress/1.14/istio/net-istio.yaml similarity index 76% rename from cmd/operator/kodata/ingress/1.10/istio/net-istio.yaml rename to cmd/operator/kodata/ingress/1.14/istio/net-istio.yaml index 07f8a9e5b0..d587bf0537 100644 --- a/cmd/operator/kodata/ingress/1.10/istio/net-istio.yaml +++ b/cmd/operator/kodata/ingress/1.14/istio/net-istio.yaml @@ -1,4 +1,4 @@ -# Generated when HEAD was fcad131a760ca88ec0f0771d3a2d7b31050e142a +# Generated when HEAD was f4c55622bff770315d0c7f29a34d8ae1504af4b3 # # Copyright 2019 The Knative Authors # @@ -22,7 +22,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" serving.knative.dev/controller: "true" networking.knative.dev/ingress-provider: istio rules: @@ -54,7 +54,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" networking.knative.dev/ingress-provider: istio spec: selector: @@ -93,7 +93,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" networking.knative.dev/ingress-provider: istio spec: selector: @@ -114,7 +114,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" networking.knative.dev/ingress-provider: istio experimental.istio.io/disable-gateway-port-translation: "true" spec: @@ -125,6 +125,9 @@ spec: - name: http2 port: 80 targetPort: 8081 + - name: https + port: 443 + targetPort: 8444 --- # Copyright 2018 The Knative Authors @@ -149,7 +152,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" networking.knative.dev/ingress-provider: istio data: # TODO(nghia): Extract the .svc.cluster.local suffix into its own config. @@ -169,34 +172,85 @@ data: # this example block and unindented to be in the data block # to actually change the configuration. - # A gateway and Istio service to serve external traffic. - # The configuration format should be - # `gateway.{{gateway_namespace}}.{{gateway_name}}: "{{ingress_name}}.{{ingress_namespace}}.svc.cluster.local"`. - # The {{gateway_namespace}} is optional; when it is omitted, the system will search for - # the gateway in the serving system namespace `knative-serving` + + # external-gateways defines a gateway and Istio service to serve external traffic. + # It is the new and preferred way to define the configuration. + # The format is as follow: + # ``` + # external-gateways: | + # - name: {{gateway_name}} + # namespace: {{gateway_namespace}} + # service: {{ingress_name}}.{{ingress_namespace}}.svc.cluster.local + # labelSelector: + # matchExpressions: + # - key: {{label_key}} + # operator: {{operator}} + # values: [{{label_value}}] + # matchLabels: + # {{label_key}}: {{label_value}} + # ``` + # name, namespace & service are mandatory and can't be empty. labelSelector is optional. + # If labelSelector is specified, the external gateway will be used by the knative service with matching labels. + # See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more details about labelSelector. + # Only one external gateway can be specified without a selector. It will act as the default external gateway. + external-gateways: | + - name: knative-ingress-gateway + namespace: knative-serving + service: istio-ingressgateway.istio-system.svc.cluster.local + # + # + # The old format has the following pattern: + # ``` + # gateway.{{gateway_namespace}}.{{gateway_name}}: "{{ingress_name}}.{{ingress_namespace}}.svc.cluster.local" + # ``` + # Please use the new configuration format `external-gateways` for future compatibility. + # This configuration will raise an error if either `external-gateways` or `local-gateways` is defined. gateway.knative-serving.knative-ingress-gateway: "istio-ingressgateway.istio-system.svc.cluster.local" - # A cluster local gateway to allow pods outside of the mesh to access - # Services and Routes not exposing through an ingress. If the users + + # local-gateways defines a cluster local gateway to allow pods outside of the mesh to access + # Services and Routes not exposing through an ingress. If the users # do have a service mesh setup, this isn't required and can be removed. # # An example use case is when users want to use Istio without any - # sidecar injection (like Knative's istio-ci-no-mesh.yaml). Since every pod - # is outside of the service mesh in that case, a cluster-local service + # sidecar injection (like Knative's istio-ci-no-mesh.yaml). Since every pod + # is outside of the service mesh in that case, a cluster-local service # will need to be exposed to a cluster-local gateway to be accessible. - # The configuration format should be `local-gateway.{{local_gateway_namespace}}. - # {{local_gateway_name}}: "{{cluster_local_gateway_name}}. - # {{cluster_local_gateway_namespace}}.svc.cluster.local"`. The - # {{local_gateway_namespace}} is optional; when it is omitted, the system - # will search for the local gateway in the serving system namespace - # `knative-serving` + # + # It is the new and preferred way to define the configuration. + # The format is as follow: + # ``` + # local-gateways: | + # - name: {{local_gateway_name}} + # namespace: {{local_gateway_namespace}} + # service: {{cluster_local_gateway_name}}.{{cluster_local_gateway_namespace}}.svc.cluster.local + # labelSelector: + # matchExpressions: + # - key: {{label_key}} + # operator: {{operator}} + # values: [{{label_value}}] + # matchLabels: + # {{label_key}}: {{label_value}} + # ``` + # name, namespace & service are mandatory and can't be empty. labelSelector is optional. + # If labelSelector is specified, the local gateway will be used by the knative service with matching labels. + # See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more details about labelSelector. + # Only one local gateway can be specified without a selector. It will act as the default local gateway. + local-gateways: | + - name: knative-local-gateway + namespace: knative-serving + service: knative-local-gateway.istio-system.svc.cluster.local + # + # + # The old format has the following pattern: + # ``` + # local-gateway.{{local_gateway_namespace}}.{{local_gateway_name}}: + # "{{cluster_local_gateway_name}}.{{cluster_local_gateway_namespace}}.svc.cluster.local" + # ``` + # Please use the new configuration format `local-gateways` for future compatibility. + # This configuration will raise an error if either `external-gateways` or `local-gateways` is defined. local-gateway.knative-serving.knative-local-gateway: "knative-local-gateway.istio-system.svc.cluster.local" - # If true, knative will use the Istio VirtualService's status to determine - # endpoint readiness. Otherwise, probe as usual. - # NOTE: This feature is currently experimental and should not be used in production. - enable-virtualservice-status: "false" - --- # Allows the Webhooks to be reached by kube-api with or without # sidecar injection and with mTLS PERMISSIVE and STRICT. @@ -208,7 +262,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" networking.knative.dev/ingress-provider: istio spec: selector: @@ -220,31 +274,13 @@ spec: --- apiVersion: "security.istio.io/v1beta1" kind: "PeerAuthentication" -metadata: - name: "domainmapping-webhook" - namespace: "knative-serving" - labels: - app.kubernetes.io/component: net-istio - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" - networking.knative.dev/ingress-provider: istio -spec: - selector: - matchLabels: - app: domainmapping-webhook - portLevelMtls: - "8443": - mode: PERMISSIVE ---- -apiVersion: "security.istio.io/v1beta1" -kind: "PeerAuthentication" metadata: name: "net-istio-webhook" namespace: "knative-serving" labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" networking.knative.dev/ingress-provider: istio spec: selector: @@ -277,7 +313,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" networking.knative.dev/ingress-provider: istio spec: selector: @@ -294,14 +330,14 @@ spec: app: net-istio-controller app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" spec: serviceAccountName: controller containers: - name: controller # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-releases/knative.dev/net-istio/cmd/controller@sha256:895fb30f09113626e925475ef3e9b8eb3fd9e17d59317f275848b653138f57b8 + image: gcr.io/knative-releases/knative.dev/net-istio/cmd/controller@sha256:1bb1e3c0b59ac0983fed894840bd5fa73fcee3ea62245d43e7ebb448ff317695 resources: requests: cpu: 30m @@ -380,7 +416,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" networking.knative.dev/ingress-provider: istio spec: selector: @@ -394,14 +430,14 @@ spec: role: net-istio-webhook app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" spec: serviceAccountName: controller containers: - name: webhook # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook@sha256:474640e0b77b55aaff5d12b5754dc95c583956cf42658a9c657e2a567fc613cd + image: gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook@sha256:7c793875d9598752f3f76fd14d1ff1253926a2d09b287d659ace4b2f87f57e21 resources: requests: cpu: 20m @@ -440,18 +476,12 @@ spec: httpGet: scheme: HTTPS port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" failureThreshold: 3 livenessProbe: periodSeconds: 1 httpGet: scheme: HTTPS port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" failureThreshold: 6 initialDelaySeconds: 20 ports: @@ -485,7 +515,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" networking.knative.dev/ingress-provider: istio --- @@ -512,7 +542,7 @@ metadata: role: net-istio-webhook app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" networking.knative.dev/ingress-provider: istio spec: ports: @@ -551,7 +581,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" networking.knative.dev/ingress-provider: istio webhooks: - admissionReviewVersions: @@ -590,7 +620,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" networking.knative.dev/ingress-provider: istio webhooks: - admissionReviewVersions: @@ -609,3 +639,34 @@ webhooks: app.kubernetes.io/component: net-istio --- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: networking.internal.knative.dev/v1alpha1 +kind: Certificate +metadata: + annotations: + networking.knative.dev/certificate.class: cert-manager.certificate.networking.knative.dev + labels: + networking.knative.dev/certificate-type: system-internal + knative.dev/install-knative-certificate: "true" + name: routing-serving-certs + namespace: istio-system +spec: + dnsNames: + - kn-routing + secretName: routing-serving-certs +# The data is populated when system-internal-tls is enabled. + +--- diff --git a/cmd/operator/kodata/ingress/1.10/kourier/kourier.yaml b/cmd/operator/kodata/ingress/1.14/kourier/kourier.yaml similarity index 92% rename from cmd/operator/kodata/ingress/1.10/kourier/kourier.yaml rename to cmd/operator/kodata/ingress/1.14/kourier/kourier.yaml index 9670a90c45..d5dcbfda76 100644 --- a/cmd/operator/kodata/ingress/1.10/kourier/kourier.yaml +++ b/cmd/operator/kodata/ingress/1.14/kourier/kourier.yaml @@ -20,7 +20,7 @@ metadata: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/name: knative-serving app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" --- # Copyright 2020 The Knative Authors @@ -45,7 +45,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-serving data: envoy-bootstrap.yaml: | @@ -90,11 +90,11 @@ data: routes: - match: safe_regex: - google_re2: {} regex: '/(certs|stats(/prometheus)?|server_info|clusters|listeners|ready)?' headers: - name: ':method' - exact_match: GET + string_match: + exact: GET route: cluster: service_stats clusters: @@ -139,11 +139,6 @@ data: address: pipe: path: /tmp/envoy.admin - layered_runtime: - layers: - - name: static-layer - static_layer: - envoy.reloadable_features.override_request_timeout_by_gateway_timeout: false --- # Copyright 2021 The Knative Authors @@ -168,7 +163,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-serving data: _example: | @@ -211,17 +206,6 @@ data: # The default, 0s, imposes no timeout at all. stream-idle-timeout: "0s" - # Control the desired level of incoming traffic isolation. - # - # When set to an empty value (default), all incoming traffic flows through - # a shared ingress and listeners. - # - # When set to "port", incoming traffic is isolated by using different - # listener ports. - # - # NOTE: This flag is in an alpha state. - traffic-isolation: "" - # Specifies whether to use CryptoMB private key provider in order to # acclerate the TLS handshake. # NOTE THAT THIS IS AN EXPERIMENTAL / ALPHA FEATURE. @@ -259,7 +243,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-serving --- apiVersion: rbac.authorization.k8s.io/v1 @@ -269,7 +253,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-serving rules: - apiGroups: [""] @@ -281,9 +265,6 @@ rules: - apiGroups: [""] resources: ["configmaps"] verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list", "watch"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] @@ -301,7 +282,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-serving roleRef: apiGroup: rbac.authorization.k8s.io @@ -335,7 +316,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-serving spec: strategy: @@ -357,7 +338,7 @@ spec: app: net-kourier-controller spec: containers: - - image: gcr.io/knative-releases/knative.dev/net-kourier/cmd/kourier@sha256:05b81f0e5fa149acca2888dce6c14a9d74e33adae566736bf21b57a1b0d9ae87 + - image: gcr.io/knative-releases/knative.dev/net-kourier/cmd/kourier@sha256:292732ad5c94d1bf8ad7214d7cb3e260d091b04ae5377611279a346b8002a47f name: controller env: - name: CERTS_SECRET_NAMESPACE @@ -374,18 +355,25 @@ spec: value: "kourier-system" - name: ENABLE_SECRET_INFORMER_FILTERING_BY_CERT_UID value: "false" + # KUBE_API_BURST and KUBE_API_QPS allows to configure maximum burst for throttle and maximum QPS to the server from the client. + # Setting these values using env vars is possible since https://github.com/knative/pkg/pull/2755. + # 200 is an arbitrary value, but it speeds up kourier startup duration, and the whole ingress reconciliation process as a whole. + - name: KUBE_API_BURST + value: "200" + - name: KUBE_API_QPS + value: "200" ports: - name: http2-xds containerPort: 18000 protocol: TCP readinessProbe: - exec: - command: ["/ko-app/kourier", "-probe-addr=:18000"] + grpc: + port: 18000 periodSeconds: 10 failureThreshold: 3 livenessProbe: - exec: - command: ["/ko-app/kourier", "-probe-addr=:18000"] + grpc: + port: 18000 periodSeconds: 10 failureThreshold: 6 securityContext: @@ -402,7 +390,7 @@ spec: cpu: 200m memory: 200Mi limits: - cpu: 500m + cpu: "1" memory: 500Mi restartPolicy: Always serviceAccountName: net-kourier @@ -415,7 +403,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-serving spec: ports: @@ -450,7 +438,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-serving spec: strategy: @@ -480,7 +468,7 @@ spec: - --log-level info command: - /usr/local/bin/envoy - image: docker.io/envoyproxy/envoy:v1.23-latest + image: docker.io/envoyproxy/envoy:v1.26-latest name: kourier-gateway ports: - name: http2-external @@ -543,8 +531,8 @@ spec: cpu: 200m memory: 200Mi limits: - cpu: 500m - memory: 500Mi + cpu: "1" + memory: 800Mi volumes: - name: config-volume configMap: @@ -559,7 +547,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-serving spec: ports: @@ -583,7 +571,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-serving spec: ports: @@ -607,7 +595,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-serving spec: minReplicas: 1 @@ -633,7 +621,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-serving spec: minAvailable: 80% diff --git a/cmd/operator/kodata/knative-eventing/1.10.0/1-eventing-crds.yaml b/cmd/operator/kodata/knative-eventing/1.10.0/1-eventing-crds.yaml deleted file mode 100644 index 3df099d081..0000000000 --- a/cmd/operator/kodata/knative-eventing/1.10.0/1-eventing-crds.yaml +++ /dev/null @@ -1,2319 +0,0 @@ -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing - annotations: - # TODO add schemas and descriptions - registry.knative.dev/eventTypes: | - [ - { "type": "dev.knative.apiserver.resource.add" }, - { "type": "dev.knative.apiserver.resource.delete" }, - { "type": "dev.knative.apiserver.resource.update" }, - { "type": "dev.knative.apiserver.ref.add" }, - { "type": "dev.knative.apiserver.ref.delete" }, - { "type": "dev.knative.apiserver.ref.update" } - ] - name: apiserversources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'ApiServerSource is an event source that brings Kubernetes API server events into Knative.' - type: object - properties: - spec: - type: object - required: - - resources - properties: - ceOverrides: - description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. - type: object - properties: - extensions: - description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. - type: object - x-kubernetes-preserve-unknown-fields: true - mode: - description: EventMode controls the format of the event. `Reference` sends a dataref event type for the resource under watch. `Resource` send the full resource lifecycle event. Defaults to `Reference` - type: string - owner: - description: ResourceOwner is an additional filter to only track resources that are owned by a specific resource type. If ResourceOwner matches Resources[n] then Resources[n] is allowed to pass the ResourceOwner filter. - type: object - properties: - apiVersion: - description: APIVersion - the API version of the resource to watch. - type: string - kind: - description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - resources: - description: Resource are the resources this source will track and send related lifecycle events from the Kubernetes ApiServer, with an optional label selector to help filter. - type: array - items: - type: object - properties: - apiVersion: - description: APIVersion - the API version of the resource to watch. - type: string - kind: - description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - selector: - description: 'LabelSelector filters this source to objects to those resources pass the label selector. More info: http://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - type: object - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount to use to run this source. Defaults to default if not set. - type: string - sink: - description: Sink is a reference to an object that will resolve to a uri to use as the sink. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - namespaceSelector: - description: NamespaceSelector is a label selector to capture the namespaces that should be watched by the source. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - type: object - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. - type: array - items: - type: object - properties: - source: - description: Source is the CloudEvents source attribute. - type: string - type: - description: Type refers to the CloudEvent type attribute. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - sinkUri: - description: SinkURI is the current active sink URI that has been configured for the Source. - type: string - namespaces: - description: Namespaces show the namespaces currently watched by the ApiServerSource - type: array - items: - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - categories: - - all - - knative - - sources - kind: ApiServerSource - plural: apiserversources - singular: apiserversource - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: brokers.eventing.knative.dev - labels: - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -spec: - group: eventing.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Broker collects a pool of events that are consumable using Triggers. Brokers provide a well-known endpoint for event delivery that senders can use with minimal knowledge of the event routing strategy. Subscribers use Triggers to request delivery of events from a Broker''s pool to a specific URL or Addressable endpoint.' - type: object - properties: - spec: - description: Spec defines the desired state of the Broker. - type: object - properties: - config: - description: Config is a KReference to the configuration that specifies configuration options for this Broker. For example, this could be a pointer to a ConfigMap. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - delivery: - description: Delivery contains the delivery spec for each trigger to this Broker. Each trigger delivery spec, if any, overrides this global delivery spec. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - status: - description: Status represents the current state of the Broker. This data may be out of date. - type: object - properties: - address: - description: Broker is Addressable. It exposes the endpoint as an URI to get events delivered into the Broker mesh. - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - - name: Class - type: string - priority: 1 - jsonPath: '.metadata.annotations.eventing\.knative\.dev/broker\.class' - names: - kind: Broker - plural: brokers - singular: broker - categories: - - all - - knative - - eventing - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: channels.messaging.knative.dev - labels: - knative.dev/crd-install: "true" - messaging.knative.dev/subscribable: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -spec: - group: messaging.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - schema: - openAPIV3Schema: - description: 'Channel represents a generic Channel. It is normally used when we want a Channel, but do not need a specific Channel implementation.' - type: object - properties: - spec: - description: Spec defines the desired state of the Channel. - type: object - properties: - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use to create the CRD Channel backing this Channel. This is immutable after creation. Normally this is set by the Channel defaulter, not directly by the user. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - delivery: - description: DeliverySpec contains the default delivery spec for each subscription to this Channelable. Each subscription delivery spec, if any, overrides this global delivery spec. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - subscribers: - description: This is the list of subscriptions for this subscribable. - type: array - items: - type: object - properties: - delivery: - description: DeliverySpec contains options controlling the event delivery - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - generation: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - replyUri: - description: ReplyURI is the endpoint for the reply - type: string - subscriberUri: - description: SubscriberURI is the endpoint for the subscriber - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - status: - description: Status represents the current state of the Channel. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - channel: - description: Channel is an KReference to the Channel CRD backing this Channel. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - deadLetterChannel: - description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscribers: - description: This is the list of subscription's statuses for this channel. - type: array - items: - type: object - properties: - message: - description: A human readable message indicating details of Ready status. - type: string - observedGeneration: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - ready: - description: Status of the subscriber. - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - names: - kind: Channel - plural: channels - singular: channel - categories: - - all - - knative - - messaging - - channel - shortNames: - - ch - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing - name: containersources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'ContainerSource is an event source that starts a container image which generates events under certain situations and sends messages to a sink URI' - type: object - properties: - spec: - type: object - properties: - ceOverrides: - description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. - type: object - properties: - extensions: - description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. - type: object - x-kubernetes-preserve-unknown-fields: true - sink: - description: Sink is a reference to an object that will resolve to a uri to use as the sink. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - # WARNING: the schema tool can not parse PodTemplateSpec, stub here and redirect to Deployment documentation. - template: - type: object - x-kubernetes-preserve-unknown-fields: true - description: 'A template in the shape of `Deployment.spec.template` to be used for this ContainerSource. More info: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/' - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. - type: array - items: - type: object - properties: - source: - description: Source is the CloudEvents source attribute. - type: string - type: - description: Type refers to the CloudEvent type attribute. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - sinkUri: - description: SinkURI is the current active sink URI that has been configured for the Source. - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - categories: - - all - - knative - - sources - kind: ContainerSource - plural: containersources - singular: containersource - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: eventtypes.eventing.knative.dev - labels: - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -spec: - group: eventing.knative.dev - versions: - - name: v1beta1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - description: 'EventType represents a type of event that can be consumed from a Broker.' - properties: - spec: - description: 'Spec defines the desired state of the EventType.' - type: object - properties: - broker: - type: string - description: - description: 'Description is an optional field used to describe the EventType, in any meaningful way.' - type: string - schema: - description: 'Schema is a URI, it represents the CloudEvents schemaurl extension attribute. It may be a JSON schema, a protobuf schema, etc. It is optional.' - type: string - schemaData: - description: 'SchemaData allows the CloudEvents schema to be stored directly in the EventType. Content is dependent on the encoding. Optional attribute. The contents are not validated or manipulated by the system.' - type: string - source: - description: 'Source is a URI, it represents the CloudEvents source.' - type: string - type: - description: 'Type represents the CloudEvents type. It is authoritative.' - type: string - status: - description: 'Status represents the current state of the EventType. This data may be out of date.' - type: object - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - observedGeneration: - description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' - type: integer - format: int64 - additionalPrinterColumns: - - name: Type - type: string - jsonPath: ".spec.type" - - name: Source - type: string - jsonPath: ".spec.source" - - name: Schema - type: string - jsonPath: ".spec.schema" - - name: Broker - type: string - jsonPath: ".spec.broker" - - name: Description - type: string - jsonPath: ".spec.description" - # TODO remove Status https://github.com/knative/eventing/issues/2750 - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: EventType - plural: eventtypes - singular: eventtype - categories: - - all - - knative - - eventing - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: parallels.flows.knative.dev - labels: - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -spec: - group: flows.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Parallel defines conditional branches that will be wired in series through Channels and Subscriptions.' - type: object - properties: - spec: - description: Spec defines the desired state of the Parallel. - type: object - properties: - branches: - description: Branches is the list of Filter/Subscribers pairs. - type: array - items: - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - delivery: - description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: &addressableProperties - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - filter: - description: Filter is the expression guarding the branch - type: object - properties: - !!merge <<: *addressableProperties - reply: - description: Reply is a Reference to where the result of Subscriber of this case gets sent to. If not specified, sent the result to the Parallel Reply - type: object - properties: - !!merge <<: *addressableProperties - subscriber: - description: Subscriber receiving the event when the filter passes - type: object - properties: - !!merge <<: *addressableProperties - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - reply: - description: Reply is a Reference to where the result of a case Subscriber gets sent to when the case does not have a Reply - type: object - properties: - !!merge <<: *addressableProperties - status: - description: Status represents the current state of the Parallel. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - branchStatuses: - description: BranchStatuses is an array of corresponding to branch statuses. Matches the Spec.Branches array in the order. - type: array - items: - type: object - properties: - filterChannelStatus: - description: FilterChannelStatus corresponds to the filter channel status. - type: object - properties: &channelProperties - channel: - description: Channel is the reference to the underlying channel. - type: object - properties: &referentProperties - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - ready: - description: ReadyCondition indicates whether the Channel is ready or not. - type: object - x-kubernetes-preserve-unknown-fields: true - properties: &readyConditionProperties - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - filterSubscriptionStatus: - description: FilterSubscriptionStatus corresponds to the filter subscription status. - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - properties: - !!merge <<: *readyConditionProperties - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - !!merge <<: *referentProperties - subscriberSubscriptionStatus: - description: SubscriptionStatus corresponds to the subscriber subscription status. - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - properties: - !!merge <<: *readyConditionProperties - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - !!merge <<: *referentProperties - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - properties: - !!merge <<: *readyConditionProperties - ingressChannelStatus: - description: IngressChannelStatus corresponds to the ingress channel status. - type: object - properties: - !!merge <<: *channelProperties - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Parallel - plural: parallels - singular: parallel - categories: - - all - - knative - - flows - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing - annotations: - # TODO add schemas and descriptions - registry.knative.dev/eventTypes: | - [ - { "type": "dev.knative.sources.ping" } - ] - name: pingsources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - &version - name: v1beta2 - served: true - storage: false - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - description: 'PingSource describes an event source with a fixed payload produced on a specified cron schedule.' - properties: - spec: - type: object - description: 'PingSourceSpec defines the desired state of the PingSource (from the client).' - properties: - ceOverrides: - description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' - type: object - properties: - extensions: - description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' - type: object - additionalProperties: - type: string - x-kubernetes-preserve-unknown-fields: true - contentType: - description: 'ContentType is the media type of `data` or `dataBase64`. Default is empty.' - type: string - data: - description: 'Data is data used as the body of the event posted to the sink. Default is empty. Mutually exclusive with `dataBase64`.' - type: string - dataBase64: - description: "DataBase64 is the base64-encoded string of the actual event's body posted to the sink. Default is empty. Mutually exclusive with `data`." - type: string - schedule: - description: 'Schedule is the cron schedule. Defaults to `* * * * *`.' - type: string - sink: - description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' - type: object - properties: - ref: - description: 'Ref points to an Addressable.' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' - type: string - timezone: - description: 'Timezone modifies the actual time relative to the specified timezone. Defaults to the system time zone. More general information about time zones: https://www.iana.org/time-zones List of valid timezone values: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones' - type: string - status: - type: object - description: 'PingSourceStatus defines the observed state of PingSource (from the controller).' - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' - type: array - items: - type: object - properties: - source: - description: 'Source is the CloudEvents source attribute.' - type: string - type: - description: 'Type refers to the CloudEvent type attribute.' - type: string - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - observedGeneration: - description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' - type: integer - format: int64 - sinkUri: - description: 'SinkURI is the current active sink URI that has been configured for the Source.' - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: .status.sinkUri - - name: Schedule - type: string - jsonPath: .spec.schedule - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - !!merge <<: *version - name: v1 - served: true - storage: true - # v1 schema is identical to the v1beta2 schema - names: - categories: - - all - - knative - - sources - kind: PingSource - plural: pingsources - singular: pingsource - scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: sequences.flows.knative.dev - labels: - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -spec: - group: flows.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Sequence defines a sequence of Subscribers that will be wired in series through Channels and Subscriptions.' - type: object - properties: - spec: - description: Spec defines the desired state of the Sequence. - type: object - properties: - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - reply: - description: Reply is a Reference to where the result of the last Subscriber gets sent to. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - steps: - description: Steps is the list of Destinations (processors / functions) that will be called in the order provided. Each step has its own delivery options - type: array - items: - type: object - properties: - delivery: - description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - status: - description: Status represents the current state of the Sequence. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - channelStatuses: - description: ChannelStatuses is an array of corresponding Channel statuses. Matches the Spec.Steps array in the order. - type: array - items: - type: object - properties: - channel: - description: Channel is the reference to the underlying channel. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - ready: - description: ReadyCondition indicates whether the Channel is ready or not. - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscriptionStatuses: - description: SubscriptionStatuses is an array of corresponding Subscription statuses. Matches the Spec.Steps array in the order. - type: array - items: - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Sequence - plural: sequences - singular: sequence - categories: - - all - - knative - - flows - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - duck.knative.dev/binding: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing - name: sinkbindings.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'SinkBinding describes a Binding that is also a Source. The `sink` (from the Source duck) is resolved to a URL and then projected into the `subject` by augmenting the runtime contract of the referenced containers to have a `K_SINK` environment variable holding the endpoint to which to send cloud events.' - type: object - properties: - spec: - type: object - properties: - ceOverrides: - description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. - type: object - properties: - extensions: - description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. - type: object - x-kubernetes-preserve-unknown-fields: true - sink: - description: Sink is a reference to an object that will resolve to a uri to use as the sink. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - subject: - description: Subject references the resource(s) whose "runtime contract" should be augmented by Binding implementations. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: Kind of the referent. - type: string - name: - description: Name of the referent. Mutually exclusive with Selector. - type: string - namespace: - description: Namespace of the referent. - type: string - selector: - description: Selector of the referents. Mutually exclusive with Name. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - type: object - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. - type: array - items: - type: object - properties: - source: - description: Source is the CloudEvents source attribute. - type: string - type: - description: Type refers to the CloudEvent type attribute. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - sinkUri: - description: SinkURI is the current active sink URI that has been configured for the Source. - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - categories: - - all - - knative - - sources - - bindings - kind: SinkBinding - plural: sinkbindings - singular: sinkbinding - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: subscriptions.messaging.knative.dev - labels: - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -spec: - group: messaging.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Subscription routes events received on a Channel to a DNS name and corresponds to the subscriptions.channels.knative.dev CRD.' - type: object - properties: - spec: - type: object - properties: - channel: - description: 'Reference to a channel that will be used to create the subscription. You can specify only the following fields of the KReference: kind, apiVersion and name. The resource pointed by this KReference must meet the contract to the ChannelableSpec duck type. If the resource does not meet this contract it will be reflected in the Subscription''s status. This field is immutable. We have no good answer on what happens to the events that are currently in the channel being consumed from and what the semantics there should be. For now, you can always delete the Subscription and recreate it to point to a different channel, giving the user more control over what semantics should be used (drain the channel first, possibly have events dropped, etc.)' - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - delivery: - description: Delivery configuration - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - reply: - description: Reply specifies (optionally) how to handle events returned from the Subscriber target. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - subscriber: - description: Subscriber is reference to (optional) function for processing events. Events from the Channel will be delivered here and replies are sent to a Destination as specified by the Reply. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - physicalSubscription: - description: PhysicalSubscription is the fully resolved values that this Subscription represents. - type: object - properties: - deadLetterSinkUri: - description: ReplyURI is the fully resolved URI for the spec.delivery.deadLetterSink. - type: string - replyUri: - description: ReplyURI is the fully resolved URI for the spec.reply. - type: string - subscriberUri: - description: SubscriberURI is the fully resolved URI for spec.subscriber. - type: string - additionalPrinterColumns: - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Subscription - plural: subscriptions - singular: subscription - categories: - - all - - knative - - messaging - shortNames: - - sub - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: triggers.eventing.knative.dev - labels: - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -spec: - group: eventing.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Broker - type: string - jsonPath: .spec.broker - - name: Subscriber_URI - type: string - jsonPath: .status.subscriberUri - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - schema: - openAPIV3Schema: - description: 'Trigger represents a request to have events delivered to a subscriber from a Broker''s event pool.' - type: object - properties: - spec: - description: Spec defines the desired state of the Trigger. - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - broker: - description: Broker is the broker that this trigger receives events from. - type: string - delivery: - description: Delivery contains the delivery spec for this specific trigger. - type: object - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - filter: - description: 'Filter is the filter to apply against all events from the Broker. Only events that pass this filter will be sent to the Subscriber. If not specified, will default to allowing all events. ' - type: object - properties: - attributes: - description: 'Attributes filters events by exact match on event context attributes. Each key in the map is compared with the equivalent key in the event context. An event passes the filter if all values are equal to the specified values. Nested context attributes are not supported as keys. Only string values are supported. ' - type: object - x-kubernetes-preserve-unknown-fields: true - subscriber: - description: Subscriber is the addressable that receives events from the Broker that pass the Filter. It is required. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - status: - description: Status represents the current state of the Trigger. This data may be out of date. - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter sink for this Trigger, in case there is none this will fallback to it's Broker status DeadLetterSinkURI. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscriberUri: - description: SubscriberURI is the resolved URI of the receiver for this Trigger. - type: string - names: - kind: Trigger - plural: triggers - singular: trigger - categories: - - all - - knative - - eventing - scope: Namespaced - ---- diff --git a/cmd/operator/kodata/knative-eventing/1.10.0/2-eventing-core.yaml b/cmd/operator/kodata/knative-eventing/1.10.0/2-eventing-core.yaml deleted file mode 100644 index 0a78982b5c..0000000000 --- a/cmd/operator/kodata/knative-eventing/1.10.0/2-eventing-core.yaml +++ /dev/null @@ -1,4606 +0,0 @@ -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: Namespace -metadata: - name: knative-eventing - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: eventing-controller - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-controller - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-controller - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-controller-resolver - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: addressable-resolver - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-controller-source-observer - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: source-observer - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-controller-sources-controller - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-sources-controller - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-controller-manipulator - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: channelable-manipulator - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: pingsource-mt-adapter - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-eventing-pingsource-mt-adapter - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: pingsource-mt-adapter - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-pingsource-mt-adapter - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: eventing-webhook - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-webhook - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-webhook - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-webhook - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - namespace: knative-eventing - name: eventing-webhook - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-webhook - namespace: knative-eventing -roleRef: - kind: Role - name: knative-eventing-webhook - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-webhook-resolver - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-webhook - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: addressable-resolver - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-webhook-podspecable-binding - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-webhook - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: podspecable-binding - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-br-default-channel - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -data: - channel-template-spec: | - apiVersion: messaging.knative.dev/v1 - kind: InMemoryChannel - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-br-defaults - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -data: - # Configures the default for any Broker that does not specify a spec.config or Broker class. - default-br-config: | - clusterDefault: - brokerClass: MTChannelBasedBroker - apiVersion: v1 - kind: ConfigMap - name: config-br-default-channel - namespace: knative-eventing - delivery: - retry: 10 - backoffPolicy: exponential - backoffDelay: PT0.2S - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: default-ch-webhook - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -data: - # Configuration for defaulting channels that do not specify CRD implementations. - default-ch-config: | - clusterDefault: - apiVersion: messaging.knative.dev/v1 - kind: InMemoryChannel - namespaceDefaults: - some-namespace: - apiVersion: messaging.knative.dev/v1 - kind: InMemoryChannel - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-ping-defaults - namespace: knative-eventing - labels: - annotations: - knative.dev/example-checksum: "9185c153" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # Max number of bytes allowed to be sent for message excluding any - # base64 decoding. Default is no limit set for data - data-max-size: -1 - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-features - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -data: - # ALPHA feature: The kreference-group allows you to use the Group field in KReferences. - # For more details: https://github.com/knative/eventing/issues/5086 - kreference-group: "disabled" - # ALPHA feature: The delivery-retryafter allows you to use the RetryAfter field in DeliverySpec. - # For more details: https://github.com/knative/eventing/issues/5811 - delivery-retryafter: "disabled" - # BETA feature: The delivery-timeout allows you to use the Timeout field in DeliverySpec. - # For more details: https://github.com/knative/eventing/issues/5148 - delivery-timeout: "enabled" - # ALPHA feature: The kreference-mapping allows you to map kreference onto templated URI - # For more details: https://github.com/knative/eventing/issues/5593 - kreference-mapping: "disabled" - # ALPHA feature: The new-trigger-filters flag allows you to use the new `filters` field - # in Trigger objects with its rich filtering capabilities. - # For more details: https://github.com/knative/eventing/issues/5204 - new-trigger-filters: "disabled" - # ALPHA feature: The transport-encryption flag allows you to encrypt events in transit using the transport layer security (TLS) protocol. - # For more details: https://github.com/knative/eventing/issues/5957 - transport-encryption: "disabled" - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-kreference-mapping - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - annotations: - knative.dev/example-checksum: "7375dbe1" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - - # this is an example of mapping from pod to addressable-pod service - # the data key must be of the form "kind.version.group" - # the data value must be a valid URL. Valid template data are: - # - Name: reference name - # - Namespace: reference namespace - # - SystemNamespace: knative namespace - # - UID: reference UID - # - # Pod.v1: https://addressable-pod.{{ .SystemNamespace }}.svc.cluster.local/{{ .Name }} - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-leader-election - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing - annotations: - knative.dev/example-checksum: "f7948630" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # lease-duration is how long non-leaders will wait to try to acquire the - # lock; 15 seconds is the value used by core kubernetes controllers. - lease-duration: "15s" - - # renew-deadline is how long a leader will try to renew the lease before - # giving up; 10 seconds is the value used by core kubernetes controllers. - renew-deadline: "10s" - - # retry-period is how long the leader election client waits between tries of - # actions; 2 seconds is the value used by core kubernetes controllers. - retry-period: "2s" - - # buckets is the number of buckets used to partition key space of each - # Reconciler. If this number is M and the replica number of the controller - # is N, the N replicas will compete for the M buckets. The owner of a - # bucket will take care of the reconciling for the keys partitioned into - # that bucket. - buckets: "1" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-logging - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -data: - # Common configuration for all Knative codebase - zap-logger-config: | - { - "level": "info", - "development": false, - "outputPaths": ["stdout"], - "errorOutputPaths": ["stderr"], - "encoding": "json", - "encoderConfig": { - "timeKey": "ts", - "levelKey": "level", - "nameKey": "logger", - "callerKey": "caller", - "messageKey": "msg", - "stacktraceKey": "stacktrace", - "lineEnding": "", - "levelEncoder": "", - "timeEncoder": "iso8601", - "durationEncoder": "", - "callerEncoder": "" - } - } - # Log level overrides - # For all components changes are be picked up immediately. - loglevel.controller: "info" - loglevel.webhook: "info" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-observability - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing - annotations: - knative.dev/example-checksum: "f46cf09d" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # metrics.backend-destination field specifies the system metrics destination. - # It supports either prometheus (the default) or stackdriver. - # Note: Using stackdriver will incur additional charges - metrics.backend-destination: prometheus - - # metrics.request-metrics-backend-destination specifies the request metrics - # destination. If non-empty, it enables queue proxy to send request metrics. - # Currently supported values: prometheus, stackdriver. - metrics.request-metrics-backend-destination: prometheus - - # metrics.stackdriver-project-id field specifies the stackdriver project ID. This - # field is optional. When running on GCE, application default credentials will be - # used if this field is not provided. - metrics.stackdriver-project-id: "" - - # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to - # Stackdriver using "global" resource type and custom metric type if the - # metrics are not supported by "knative_broker", "knative_trigger", and "knative_source" resource types. - # Setting this flag to "true" could cause extra Stackdriver charge. - # If metrics.backend-destination is not Stackdriver, this is ignored. - metrics.allow-stackdriver-custom-metrics: "false" - - # profiling.enable indicates whether it is allowed to retrieve runtime profiling data from - # the pods via an HTTP server in the format expected by the pprof visualization tool. When - # enabled, the Knative Eventing pods expose the profiling data on an alternate HTTP port 8008. - # The HTTP context root for profiling is then /debug/pprof/. - profiling.enable: "false" - - # sink-event-error-reporting.enable whether the adapter reports a kube event to the CRD indicating - # a failure to send a cloud event to the sink. - sink-event-error-reporting.enable: "false" - ---- -# Copyright 2022 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-sugar - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing - annotations: - knative.dev/example-checksum: "62dfac6f" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # namespace-selector specifies a LabelSelector which - # determines which namespaces the Sugar Controller should operate upon - # Use an empty value to disable the feature (this is the default): - namespace-selector: "" - - # Use an empty object as a string to enable for all namespaces - namespace-selector: "{}" - - # trigger-selector specifies a LabelSelector which - # determines which triggers the Sugar Controller should operate upon - # Use an empty value to disable the feature (this is the default): - trigger-selector: "" - - # Use an empty object as string to enable for all triggers - trigger-selector: "{}" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-tracing - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing - annotations: - knative.dev/example-checksum: "0492ceb0" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - # - # This may be "zipkin" or "none". the default is "none" - backend: "none" - - # URL to zipkin collector where traces are sent. - # This must be specified when backend is "zipkin" - zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans" - - # Enable zipkin debug mode. This allows all spans to be sent to the server - # bypassing sampling. - debug: "false" - - # Percentage (0-1) of requests to trace - sample-rate: "0.1" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: eventing-controller - namespace: knative-eventing - labels: - knative.dev/high-availability: "true" - app.kubernetes.io/component: eventing-controller - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: - app: eventing-controller - template: - metadata: - labels: - app: eventing-controller - app.kubernetes.io/component: eventing-controller - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: eventing-controller - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: eventing-controller - enableServiceLinks: false - containers: - - name: eventing-controller - terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing/cmd/controller@sha256:6933f880323cad511ba3ce9510f51cab19fbcd35601279f7a039937e63cf86a6 - resources: - requests: - cpu: 100m - memory: 100Mi - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/eventing - # APIServerSource - - name: APISERVER_RA_IMAGE - value: gcr.io/knative-releases/knative.dev/eventing/cmd/apiserver_receive_adapter@sha256:aeaba55fd37cfe8a3cd31eb384987bcc982ef7d51f68da8ebafa0f0459dfaab5 - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - ## Adapter settings - # - name: K_LOGGING_CONFIG - # value: '' - # - name: K_LEADER_ELECTION_CONFIG - # value: '' - # - name: K_NO_SHUTDOWN_AFTER - # value: '' - ## Time in seconds the adapter will wait for the sink to respond. Default is no timeout - # - name: K_SINK_TIMEOUT - # value: '' - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - livenessProbe: - httpGet: - path: /health - port: probes - scheme: HTTP - initialDelaySeconds: 20 - periodSeconds: 10 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /readiness - port: probes - scheme: HTTP - initialDelaySeconds: 20 - periodSeconds: 10 - timeoutSeconds: 5 - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: probes - containerPort: 8080 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: pingsource-mt-adapter - namespace: knative-eventing - labels: - app.kubernetes.io/component: pingsource-mt-adapter - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -spec: - # when set to 0 (and only 0) will be set to 1 when the first PingSource is created. - replicas: 0 - selector: - matchLabels: &labels - eventing.knative.dev/source: ping-source-controller - sources.knative.dev/role: adapter - template: - metadata: - labels: - !!merge <<: *labels - app.kubernetes.io/component: pingsource-mt-adapter - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: *labels - topologyKey: kubernetes.io/hostname - weight: 100 - enableServiceLinks: false - containers: - - name: dispatcher - image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtping@sha256:3ac93279982701aa4a550421942d096c806fe7df61755f01b930284232b0a541 - env: - - name: SYSTEM_NAMESPACE - value: '' - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: NAMESPACE - value: '' - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - # DO NOT MODIFY: The values below are being filled by the ping source controller - # See 500-controller.yaml - - name: K_METRICS_CONFIG - value: '' - - name: K_LOGGING_CONFIG - value: '' - - name: K_LEADER_ELECTION_CONFIG - value: '' - - name: K_NO_SHUTDOWN_AFTER - value: '' - - name: K_SINK_TIMEOUT - value: '-1' - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - ports: - - containerPort: 9090 - name: metrics - protocol: TCP - resources: - requests: - cpu: 125m - memory: 64Mi - limits: - cpu: 1000m - memory: 2048Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - serviceAccountName: pingsource-mt-adapter - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: eventing-webhook - namespace: knative-eventing - labels: - app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: eventing-webhook - minReplicas: 1 - maxReplicas: 5 - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 100 ---- -# Webhook PDB. -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: eventing-webhook - namespace: knative-eventing - labels: - app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -spec: - minAvailable: 80% - selector: - matchLabels: - app: eventing-webhook - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: eventing-webhook - namespace: knative-eventing - labels: - app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: &labels - app: eventing-webhook - role: eventing-webhook - template: - metadata: - labels: - !!merge <<: *labels - app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: eventing-webhook - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: eventing-webhook - enableServiceLinks: false - containers: - - name: eventing-webhook - terminationMessagePolicy: FallbackToLogsOnError - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/eventing/cmd/webhook@sha256:5503ed32305b2d34989fbe310ae107e8616adebc29031cb602748be0d4a61a86 - resources: - requests: - # taken from serving. - cpu: 100m - memory: 50Mi - limits: - # taken from serving. - cpu: 200m - memory: 200Mi - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: METRICS_DOMAIN - value: knative.dev/eventing - - name: WEBHOOK_NAME - value: eventing-webhook - - name: WEBHOOK_PORT - value: "8443" - # SINK_BINDING_SELECTION_MODE specifies the NamespaceSelector and ObjectSelector - # for the sinkbinding webhook. - # If `inclusion` is selected, namespaces/objects labelled as `bindings.knative.dev/include:true` - # will be considered by the sinkbinding webhook; - # If `exclusion` is selected, namespaces/objects labelled as `bindings.knative.dev/exclude:true` - # will NOT be considered by the sinkbinding webhook. - # The default is `exclusion`. - - name: SINK_BINDING_SELECTION_MODE - value: "exclusion" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: https-webhook - containerPort: 8443 - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - readinessProbe: &probe - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - livenessProbe: - !!merge <<: *probe - initialDelaySeconds: 120 - # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently - # high value that we respect whatever value it has configured for the lame duck grace period. - terminationGracePeriodSeconds: 300 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - role: eventing-webhook - app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing - name: eventing-webhook - namespace: knative-eventing -spec: - ports: - - name: https-webhook - port: 443 - targetPort: 8443 - selector: - role: eventing-webhook - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing - annotations: - # TODO add schemas and descriptions - registry.knative.dev/eventTypes: | - [ - { "type": "dev.knative.apiserver.resource.add" }, - { "type": "dev.knative.apiserver.resource.delete" }, - { "type": "dev.knative.apiserver.resource.update" }, - { "type": "dev.knative.apiserver.ref.add" }, - { "type": "dev.knative.apiserver.ref.delete" }, - { "type": "dev.knative.apiserver.ref.update" } - ] - name: apiserversources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'ApiServerSource is an event source that brings Kubernetes API server events into Knative.' - type: object - properties: - spec: - type: object - required: - - resources - properties: - ceOverrides: - description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. - type: object - properties: - extensions: - description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. - type: object - x-kubernetes-preserve-unknown-fields: true - mode: - description: EventMode controls the format of the event. `Reference` sends a dataref event type for the resource under watch. `Resource` send the full resource lifecycle event. Defaults to `Reference` - type: string - owner: - description: ResourceOwner is an additional filter to only track resources that are owned by a specific resource type. If ResourceOwner matches Resources[n] then Resources[n] is allowed to pass the ResourceOwner filter. - type: object - properties: - apiVersion: - description: APIVersion - the API version of the resource to watch. - type: string - kind: - description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - resources: - description: Resource are the resources this source will track and send related lifecycle events from the Kubernetes ApiServer, with an optional label selector to help filter. - type: array - items: - type: object - properties: - apiVersion: - description: APIVersion - the API version of the resource to watch. - type: string - kind: - description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - selector: - description: 'LabelSelector filters this source to objects to those resources pass the label selector. More info: http://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - type: object - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount to use to run this source. Defaults to default if not set. - type: string - sink: - description: Sink is a reference to an object that will resolve to a uri to use as the sink. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - namespaceSelector: - description: NamespaceSelector is a label selector to capture the namespaces that should be watched by the source. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - type: object - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. - type: array - items: - type: object - properties: - source: - description: Source is the CloudEvents source attribute. - type: string - type: - description: Type refers to the CloudEvent type attribute. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - sinkUri: - description: SinkURI is the current active sink URI that has been configured for the Source. - type: string - namespaces: - description: Namespaces show the namespaces currently watched by the ApiServerSource - type: array - items: - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - categories: - - all - - knative - - sources - kind: ApiServerSource - plural: apiserversources - singular: apiserversource - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: brokers.eventing.knative.dev - labels: - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -spec: - group: eventing.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Broker collects a pool of events that are consumable using Triggers. Brokers provide a well-known endpoint for event delivery that senders can use with minimal knowledge of the event routing strategy. Subscribers use Triggers to request delivery of events from a Broker''s pool to a specific URL or Addressable endpoint.' - type: object - properties: - spec: - description: Spec defines the desired state of the Broker. - type: object - properties: - config: - description: Config is a KReference to the configuration that specifies configuration options for this Broker. For example, this could be a pointer to a ConfigMap. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - delivery: - description: Delivery contains the delivery spec for each trigger to this Broker. Each trigger delivery spec, if any, overrides this global delivery spec. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - status: - description: Status represents the current state of the Broker. This data may be out of date. - type: object - properties: - address: - description: Broker is Addressable. It exposes the endpoint as an URI to get events delivered into the Broker mesh. - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - - name: Class - type: string - priority: 1 - jsonPath: '.metadata.annotations.eventing\.knative\.dev/broker\.class' - names: - kind: Broker - plural: brokers - singular: broker - categories: - - all - - knative - - eventing - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: channels.messaging.knative.dev - labels: - knative.dev/crd-install: "true" - messaging.knative.dev/subscribable: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -spec: - group: messaging.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - schema: - openAPIV3Schema: - description: 'Channel represents a generic Channel. It is normally used when we want a Channel, but do not need a specific Channel implementation.' - type: object - properties: - spec: - description: Spec defines the desired state of the Channel. - type: object - properties: - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use to create the CRD Channel backing this Channel. This is immutable after creation. Normally this is set by the Channel defaulter, not directly by the user. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - delivery: - description: DeliverySpec contains the default delivery spec for each subscription to this Channelable. Each subscription delivery spec, if any, overrides this global delivery spec. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - subscribers: - description: This is the list of subscriptions for this subscribable. - type: array - items: - type: object - properties: - delivery: - description: DeliverySpec contains options controlling the event delivery - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - generation: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - replyUri: - description: ReplyURI is the endpoint for the reply - type: string - subscriberUri: - description: SubscriberURI is the endpoint for the subscriber - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - status: - description: Status represents the current state of the Channel. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - channel: - description: Channel is an KReference to the Channel CRD backing this Channel. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - deadLetterChannel: - description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscribers: - description: This is the list of subscription's statuses for this channel. - type: array - items: - type: object - properties: - message: - description: A human readable message indicating details of Ready status. - type: string - observedGeneration: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - ready: - description: Status of the subscriber. - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - names: - kind: Channel - plural: channels - singular: channel - categories: - - all - - knative - - messaging - - channel - shortNames: - - ch - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing - name: containersources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'ContainerSource is an event source that starts a container image which generates events under certain situations and sends messages to a sink URI' - type: object - properties: - spec: - type: object - properties: - ceOverrides: - description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. - type: object - properties: - extensions: - description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. - type: object - x-kubernetes-preserve-unknown-fields: true - sink: - description: Sink is a reference to an object that will resolve to a uri to use as the sink. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - # WARNING: the schema tool can not parse PodTemplateSpec, stub here and redirect to Deployment documentation. - template: - type: object - x-kubernetes-preserve-unknown-fields: true - description: 'A template in the shape of `Deployment.spec.template` to be used for this ContainerSource. More info: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/' - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. - type: array - items: - type: object - properties: - source: - description: Source is the CloudEvents source attribute. - type: string - type: - description: Type refers to the CloudEvent type attribute. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - sinkUri: - description: SinkURI is the current active sink URI that has been configured for the Source. - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - categories: - - all - - knative - - sources - kind: ContainerSource - plural: containersources - singular: containersource - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: eventtypes.eventing.knative.dev - labels: - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -spec: - group: eventing.knative.dev - versions: - - name: v1beta1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - description: 'EventType represents a type of event that can be consumed from a Broker.' - properties: - spec: - description: 'Spec defines the desired state of the EventType.' - type: object - properties: - broker: - type: string - description: - description: 'Description is an optional field used to describe the EventType, in any meaningful way.' - type: string - schema: - description: 'Schema is a URI, it represents the CloudEvents schemaurl extension attribute. It may be a JSON schema, a protobuf schema, etc. It is optional.' - type: string - schemaData: - description: 'SchemaData allows the CloudEvents schema to be stored directly in the EventType. Content is dependent on the encoding. Optional attribute. The contents are not validated or manipulated by the system.' - type: string - source: - description: 'Source is a URI, it represents the CloudEvents source.' - type: string - type: - description: 'Type represents the CloudEvents type. It is authoritative.' - type: string - status: - description: 'Status represents the current state of the EventType. This data may be out of date.' - type: object - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - observedGeneration: - description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' - type: integer - format: int64 - additionalPrinterColumns: - - name: Type - type: string - jsonPath: ".spec.type" - - name: Source - type: string - jsonPath: ".spec.source" - - name: Schema - type: string - jsonPath: ".spec.schema" - - name: Broker - type: string - jsonPath: ".spec.broker" - - name: Description - type: string - jsonPath: ".spec.description" - # TODO remove Status https://github.com/knative/eventing/issues/2750 - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: EventType - plural: eventtypes - singular: eventtype - categories: - - all - - knative - - eventing - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: parallels.flows.knative.dev - labels: - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -spec: - group: flows.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Parallel defines conditional branches that will be wired in series through Channels and Subscriptions.' - type: object - properties: - spec: - description: Spec defines the desired state of the Parallel. - type: object - properties: - branches: - description: Branches is the list of Filter/Subscribers pairs. - type: array - items: - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - delivery: - description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: &addressableProperties - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - filter: - description: Filter is the expression guarding the branch - type: object - properties: - !!merge <<: *addressableProperties - reply: - description: Reply is a Reference to where the result of Subscriber of this case gets sent to. If not specified, sent the result to the Parallel Reply - type: object - properties: - !!merge <<: *addressableProperties - subscriber: - description: Subscriber receiving the event when the filter passes - type: object - properties: - !!merge <<: *addressableProperties - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - reply: - description: Reply is a Reference to where the result of a case Subscriber gets sent to when the case does not have a Reply - type: object - properties: - !!merge <<: *addressableProperties - status: - description: Status represents the current state of the Parallel. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - branchStatuses: - description: BranchStatuses is an array of corresponding to branch statuses. Matches the Spec.Branches array in the order. - type: array - items: - type: object - properties: - filterChannelStatus: - description: FilterChannelStatus corresponds to the filter channel status. - type: object - properties: &channelProperties - channel: - description: Channel is the reference to the underlying channel. - type: object - properties: &referentProperties - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - ready: - description: ReadyCondition indicates whether the Channel is ready or not. - type: object - x-kubernetes-preserve-unknown-fields: true - properties: &readyConditionProperties - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - filterSubscriptionStatus: - description: FilterSubscriptionStatus corresponds to the filter subscription status. - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - properties: - !!merge <<: *readyConditionProperties - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - !!merge <<: *referentProperties - subscriberSubscriptionStatus: - description: SubscriptionStatus corresponds to the subscriber subscription status. - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - properties: - !!merge <<: *readyConditionProperties - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - !!merge <<: *referentProperties - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - properties: - !!merge <<: *readyConditionProperties - ingressChannelStatus: - description: IngressChannelStatus corresponds to the ingress channel status. - type: object - properties: - !!merge <<: *channelProperties - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Parallel - plural: parallels - singular: parallel - categories: - - all - - knative - - flows - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing - annotations: - # TODO add schemas and descriptions - registry.knative.dev/eventTypes: | - [ - { "type": "dev.knative.sources.ping" } - ] - name: pingsources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - &version - name: v1beta2 - served: true - storage: false - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - description: 'PingSource describes an event source with a fixed payload produced on a specified cron schedule.' - properties: - spec: - type: object - description: 'PingSourceSpec defines the desired state of the PingSource (from the client).' - properties: - ceOverrides: - description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' - type: object - properties: - extensions: - description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' - type: object - additionalProperties: - type: string - x-kubernetes-preserve-unknown-fields: true - contentType: - description: 'ContentType is the media type of `data` or `dataBase64`. Default is empty.' - type: string - data: - description: 'Data is data used as the body of the event posted to the sink. Default is empty. Mutually exclusive with `dataBase64`.' - type: string - dataBase64: - description: "DataBase64 is the base64-encoded string of the actual event's body posted to the sink. Default is empty. Mutually exclusive with `data`." - type: string - schedule: - description: 'Schedule is the cron schedule. Defaults to `* * * * *`.' - type: string - sink: - description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' - type: object - properties: - ref: - description: 'Ref points to an Addressable.' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' - type: string - timezone: - description: 'Timezone modifies the actual time relative to the specified timezone. Defaults to the system time zone. More general information about time zones: https://www.iana.org/time-zones List of valid timezone values: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones' - type: string - status: - type: object - description: 'PingSourceStatus defines the observed state of PingSource (from the controller).' - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' - type: array - items: - type: object - properties: - source: - description: 'Source is the CloudEvents source attribute.' - type: string - type: - description: 'Type refers to the CloudEvent type attribute.' - type: string - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - observedGeneration: - description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' - type: integer - format: int64 - sinkUri: - description: 'SinkURI is the current active sink URI that has been configured for the Source.' - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: .status.sinkUri - - name: Schedule - type: string - jsonPath: .spec.schedule - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - !!merge <<: *version - name: v1 - served: true - storage: true - # v1 schema is identical to the v1beta2 schema - names: - categories: - - all - - knative - - sources - kind: PingSource - plural: pingsources - singular: pingsource - scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: sequences.flows.knative.dev - labels: - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -spec: - group: flows.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Sequence defines a sequence of Subscribers that will be wired in series through Channels and Subscriptions.' - type: object - properties: - spec: - description: Spec defines the desired state of the Sequence. - type: object - properties: - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - reply: - description: Reply is a Reference to where the result of the last Subscriber gets sent to. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - steps: - description: Steps is the list of Destinations (processors / functions) that will be called in the order provided. Each step has its own delivery options - type: array - items: - type: object - properties: - delivery: - description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - status: - description: Status represents the current state of the Sequence. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - channelStatuses: - description: ChannelStatuses is an array of corresponding Channel statuses. Matches the Spec.Steps array in the order. - type: array - items: - type: object - properties: - channel: - description: Channel is the reference to the underlying channel. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - ready: - description: ReadyCondition indicates whether the Channel is ready or not. - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscriptionStatuses: - description: SubscriptionStatuses is an array of corresponding Subscription statuses. Matches the Spec.Steps array in the order. - type: array - items: - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Sequence - plural: sequences - singular: sequence - categories: - - all - - knative - - flows - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - duck.knative.dev/binding: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing - name: sinkbindings.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'SinkBinding describes a Binding that is also a Source. The `sink` (from the Source duck) is resolved to a URL and then projected into the `subject` by augmenting the runtime contract of the referenced containers to have a `K_SINK` environment variable holding the endpoint to which to send cloud events.' - type: object - properties: - spec: - type: object - properties: - ceOverrides: - description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. - type: object - properties: - extensions: - description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. - type: object - x-kubernetes-preserve-unknown-fields: true - sink: - description: Sink is a reference to an object that will resolve to a uri to use as the sink. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - subject: - description: Subject references the resource(s) whose "runtime contract" should be augmented by Binding implementations. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: Kind of the referent. - type: string - name: - description: Name of the referent. Mutually exclusive with Selector. - type: string - namespace: - description: Namespace of the referent. - type: string - selector: - description: Selector of the referents. Mutually exclusive with Name. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - type: object - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. - type: array - items: - type: object - properties: - source: - description: Source is the CloudEvents source attribute. - type: string - type: - description: Type refers to the CloudEvent type attribute. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - sinkUri: - description: SinkURI is the current active sink URI that has been configured for the Source. - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - categories: - - all - - knative - - sources - - bindings - kind: SinkBinding - plural: sinkbindings - singular: sinkbinding - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: subscriptions.messaging.knative.dev - labels: - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -spec: - group: messaging.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Subscription routes events received on a Channel to a DNS name and corresponds to the subscriptions.channels.knative.dev CRD.' - type: object - properties: - spec: - type: object - properties: - channel: - description: 'Reference to a channel that will be used to create the subscription. You can specify only the following fields of the KReference: kind, apiVersion and name. The resource pointed by this KReference must meet the contract to the ChannelableSpec duck type. If the resource does not meet this contract it will be reflected in the Subscription''s status. This field is immutable. We have no good answer on what happens to the events that are currently in the channel being consumed from and what the semantics there should be. For now, you can always delete the Subscription and recreate it to point to a different channel, giving the user more control over what semantics should be used (drain the channel first, possibly have events dropped, etc.)' - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - delivery: - description: Delivery configuration - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - reply: - description: Reply specifies (optionally) how to handle events returned from the Subscriber target. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - subscriber: - description: Subscriber is reference to (optional) function for processing events. Events from the Channel will be delivered here and replies are sent to a Destination as specified by the Reply. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - physicalSubscription: - description: PhysicalSubscription is the fully resolved values that this Subscription represents. - type: object - properties: - deadLetterSinkUri: - description: ReplyURI is the fully resolved URI for the spec.delivery.deadLetterSink. - type: string - replyUri: - description: ReplyURI is the fully resolved URI for the spec.reply. - type: string - subscriberUri: - description: SubscriberURI is the fully resolved URI for spec.subscriber. - type: string - additionalPrinterColumns: - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Subscription - plural: subscriptions - singular: subscription - categories: - - all - - knative - - messaging - shortNames: - - sub - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: triggers.eventing.knative.dev - labels: - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -spec: - group: eventing.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Broker - type: string - jsonPath: .spec.broker - - name: Subscriber_URI - type: string - jsonPath: .status.subscriberUri - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - schema: - openAPIV3Schema: - description: 'Trigger represents a request to have events delivered to a subscriber from a Broker''s event pool.' - type: object - properties: - spec: - description: Spec defines the desired state of the Trigger. - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - broker: - description: Broker is the broker that this trigger receives events from. - type: string - delivery: - description: Delivery contains the delivery spec for this specific trigger. - type: object - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - filter: - description: 'Filter is the filter to apply against all events from the Broker. Only events that pass this filter will be sent to the Subscriber. If not specified, will default to allowing all events. ' - type: object - properties: - attributes: - description: 'Attributes filters events by exact match on event context attributes. Each key in the map is compared with the equivalent key in the event context. An event passes the filter if all values are equal to the specified values. Nested context attributes are not supported as keys. Only string values are supported. ' - type: object - x-kubernetes-preserve-unknown-fields: true - subscriber: - description: Subscriber is the addressable that receives events from the Broker that pass the Filter. It is required. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - status: - description: Status represents the current state of the Trigger. This data may be out of date. - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter sink for this Trigger, in case there is none this will fallback to it's Broker status DeadLetterSinkURI. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscriberUri: - description: SubscriberURI is the resolved URI of the receiver for this Trigger. - type: string - names: - kind: Trigger - plural: triggers - singular: trigger - categories: - - all - - knative - - eventing - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Use this aggregated ClusterRole when you need readonly access to "Addressables" -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: addressable-resolver - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -aggregationRule: - clusterRoleSelectors: - - matchLabels: - duck.knative.dev/addressable: "true" -rules: [] # Rules are automatically filled in by the controller manager. ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: service-addressable-resolver - labels: - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: serving-addressable-resolver - labels: - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - serving.knative.dev - resources: - - routes - - routes/status - - services - - services/status - verbs: - - get - - list - - watch ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: channel-addressable-resolver - labels: - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - messaging.knative.dev - resources: - - channels - - channels/status - verbs: - - get - - list - - watch - - apiGroups: - - messaging.knative.dev - resources: - - channels/finalizers - verbs: - - update ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: broker-addressable-resolver - labels: - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - eventing.knative.dev - resources: - - brokers - - brokers/status - verbs: - - get - - list - - watch ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: flows-addressable-resolver - labels: - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - flows.knative.dev - resources: - - sequences - - sequences/status - - parallels - - parallels/status - verbs: - - get - - list - - watch - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: eventing-broker-filter - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - "get" - - "list" - - "watch" - - apiGroups: - - "eventing.knative.dev" - resources: - - "triggers" - - "triggers/status" - verbs: - - "get" - - "list" - - "watch" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: eventing-broker-ingress - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - "get" - - "list" - - "watch" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: eventing-config-reader - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - "get" - - "list" - - "watch" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Use this aggregated ClusterRole when you need read and update permissions on "Channelables". -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: channelable-manipulator - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -aggregationRule: - clusterRoleSelectors: - - matchLabels: - duck.knative.dev/channelable: "true" -rules: [] # Rules are automatically filled in by the controller manager. ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: meta-channelable-manipulator - labels: - duck.knative.dev/channelable: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "channelable-manipulator" role. -rules: - - apiGroups: - - messaging.knative.dev - resources: - - channels - - channels/status - verbs: - - create - - get - - list - - watch - - update - - patch - - delete - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-eventing-namespaced-admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["eventing.knative.dev"] - resources: ["*"] - verbs: ["*"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-messaging-namespaced-admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["messaging.knative.dev"] - resources: ["*"] - verbs: ["*"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-flows-namespaced-admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["flows.knative.dev"] - resources: ["*"] - verbs: ["*"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-sources-namespaced-admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["sources.knative.dev"] - resources: ["*"] - verbs: ["*"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-bindings-namespaced-admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["bindings.knative.dev"] - resources: ["*"] - verbs: ["*"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-eventing-namespaced-edit - labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev"] - resources: ["*"] - verbs: ["create", "update", "patch", "delete"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-eventing-namespaced-view - labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev"] - resources: ["*"] - verbs: ["get", "list", "watch"] - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-controller - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - "" - resources: - - "namespaces" - - "secrets" - - "configmaps" - - "services" - - "endpoints" - - "events" - - "serviceaccounts" - - "pods" - verbs: &everything - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" - # Brokers and the namespace annotation controllers manipulate Deployments. - - apiGroups: - - "apps" - resources: - - "deployments" - verbs: *everything - # PingSource controller manipulates Deployment owner reference - - apiGroups: - - "apps" - resources: - - "deployments/finalizers" - verbs: - - "update" - # The namespace annotation controller needs to manipulate RoleBindings. - - apiGroups: - - "rbac.authorization.k8s.io" - resources: - - "rolebindings" - verbs: *everything - # Our own resources and statuses we care about. - - apiGroups: - - "eventing.knative.dev" - resources: - - "brokers" - - "brokers/status" - - "triggers" - - "triggers/status" - - "eventtypes" - - "eventtypes/status" - verbs: *everything - # Eventing resources and finalizers we care about. - - apiGroups: - - "eventing.knative.dev" - resources: - - "brokers/finalizers" - - "triggers/finalizers" - verbs: - - "update" - # Our own resources and statuses we care about. - - apiGroups: - - "messaging.knative.dev" - resources: - - "sequences" - - "sequences/status" - - "channels" - - "channels/status" - - "parallels" - - "parallels/status" - - "subscriptions" - - "subscriptions/status" - verbs: *everything - # Flow resources and statuses we care about. - - apiGroups: - - "flows.knative.dev" - resources: - - "sequences" - - "sequences/status" - - "parallels" - - "parallels/status" - verbs: *everything - # Messaging resources and finalizers we care about. - - apiGroups: - - "messaging.knative.dev" - resources: - - "sequences/finalizers" - - "parallels/finalizers" - - "channels/finalizers" - verbs: - - "update" - # Flows resources and finalizers we care about. - - apiGroups: - - "flows.knative.dev" - resources: - - "sequences/finalizers" - - "parallels/finalizers" - verbs: - - "update" - # The subscription controller needs to retrieve and watch CustomResourceDefinitions. - - apiGroups: - - "apiextensions.k8s.io" - resources: - - "customresourcedefinitions" - verbs: - - "get" - - "list" - - "watch" - # For leader election - - apiGroups: - - "coordination.k8s.io" - resources: - - "leases" - verbs: *everything - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-pingsource-mt-adapter - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - "get" - - "list" - - "watch" - - apiGroups: - - sources.knative.dev - resources: - - pingsources - - pingsources/status - verbs: - - get - - list - - watch - - patch - - apiGroups: - - sources.knative.dev - resources: - - pingsources/finalizers - verbs: - - "patch" - - apiGroups: - - "" - resources: - - events - verbs: - - "create" - - "patch" - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Use this aggregated ClusterRole when you need readonly access to "PodSpecables" -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: podspecable-binding - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -aggregationRule: - clusterRoleSelectors: - - matchLabels: - duck.knative.dev/podspecable: "true" -rules: [] # Rules are automatically filled in by the controller manager. ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: builtin-podspecable-binding - labels: - duck.knative.dev/podspecable: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "podspecable-binding role. -rules: - # To patch the subjects of our bindings - - apiGroups: - - "apps" - resources: - - "deployments" - - "daemonsets" - - "statefulsets" - - "replicasets" - verbs: - - "list" - - "watch" - - "patch" - - apiGroups: - - "batch" - resources: - - "jobs" - verbs: - - "list" - - "watch" - - "patch" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Use this aggregated ClusterRole when you need to read "Sources". -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: source-observer - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -aggregationRule: - clusterRoleSelectors: - - matchLabels: - duck.knative.dev/source: "true" -rules: [] # Rules are automatically filled in by the controller manager. ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: eventing-sources-source-observer - labels: - duck.knative.dev/source: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "source-observer" role. -rules: - - apiGroups: - - sources.knative.dev - resources: - - apiserversources - - pingsources - - sinkbindings - - containersources - verbs: - - get - - list - - watch - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-sources-controller - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - "" - resources: - - "secrets" - - "configmaps" - - "services" - verbs: &everything - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" - # Deployments admin - - apiGroups: - - "apps" - resources: - - "deployments" - verbs: *everything - # Source resources and statuses we care about. - - apiGroups: - - "sources.knative.dev" - resources: - - "sinkbindings" - - "sinkbindings/status" - - "sinkbindings/finalizers" - - "apiserversources" - - "apiserversources/status" - - "apiserversources/finalizers" - - "pingsources" - - "pingsources/status" - - "pingsources/finalizers" - - "containersources" - - "containersources/status" - - "containersources/finalizers" - verbs: *everything - # Knative Services admin - - apiGroups: - - serving.knative.dev - resources: - - services - verbs: *everything - # EventTypes admin - - apiGroups: - - eventing.knative.dev - resources: - - eventtypes - verbs: *everything - # Events admin - - apiGroups: - - "" - resources: - - events - verbs: *everything - # Authorization checker - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-webhook - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -rules: - # For watching logging configuration and getting certs. - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - "get" - - "list" - - "watch" - # For manipulating certs into secrets. - - apiGroups: - - "" - resources: - - "namespaces" - verbs: - - "get" - - "create" - - "update" - - "list" - - "watch" - - "patch" - # finalizers are needed for the owner reference of the webhook - - apiGroups: - - "" - resources: - - "namespaces/finalizers" - verbs: - - "update" - # For getting our Deployment so we can decorate with ownerref. - - apiGroups: - - "apps" - resources: - - "deployments" - verbs: - - "get" - - apiGroups: - - "apps" - resources: - - "deployments/finalizers" - verbs: - - update - # For actually registering our webhook. - - apiGroups: - - "admissionregistration.k8s.io" - resources: - - "mutatingwebhookconfigurations" - - "validatingwebhookconfigurations" - verbs: &everything - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" - # For running the SinkBinding reconciler. - - apiGroups: - - "sources.knative.dev" - resources: - - "sinkbindings" - - "sinkbindings/status" - - "sinkbindings/finalizers" - verbs: *everything - # For leader election - - apiGroups: - - "coordination.k8s.io" - resources: - - "leases" - verbs: *everything - # For creating events - - apiGroups: - - "" - - "events.k8s.io" - resources: - - "events" - verbs: - - "get" - - "list" - - "create" - - "patch" - # Necessary for conversion webhook. These are copied from the serving - # TODO: Do we really need all these permissions? - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: knative-eventing - name: knative-eventing-webhook - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -rules: - # For manipulating certs into secrets. - - apiGroups: - - "" - resources: - - "secrets" - verbs: - - "get" - - "create" - - "update" - - "list" - - "watch" - - "patch" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: config.webhook.eventing.knative.dev - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing - sideEffects: None - failurePolicy: Ignore - name: config.webhook.eventing.knative.dev - namespaceSelector: - matchExpressions: - timeoutSeconds: 10 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: webhook.eventing.knative.dev - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing - sideEffects: None - failurePolicy: Fail - name: webhook.eventing.knative.dev - timeoutSeconds: 10 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validation.webhook.eventing.knative.dev - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing - sideEffects: None - failurePolicy: Fail - name: validation.webhook.eventing.knative.dev - timeoutSeconds: 10 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: eventing-webhook-certs - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -# The data is populated at install time. - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: sinkbindings.webhook.sources.knative.dev - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing - failurePolicy: Fail - sideEffects: None - name: sinkbindings.webhook.sources.knative.dev - timeoutSeconds: 10 - ---- diff --git a/cmd/operator/kodata/knative-eventing/1.10.0/3-eventing-tls-networking.yaml b/cmd/operator/kodata/knative-eventing/1.10.0/3-eventing-tls-networking.yaml deleted file mode 100644 index f6dfe17d57..0000000000 --- a/cmd/operator/kodata/knative-eventing/1.10.0/3-eventing-tls-networking.yaml +++ /dev/null @@ -1,99 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: selfsigned-issuer - namespace: knative-eventing -spec: - selfSigned: {} - ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: imc-dispatcher-server-tls - namespace: knative-eventing -spec: - # Secret names are always required. - secretName: imc-dispatcher-server-tls - secretTemplate: - labels: - app.kubernetes.io/component: imc-dispatcher - app.kubernetes.io/name: knative-eventing - duration: 2160h # 90d - renewBefore: 360h # 15d - subject: - organizations: - - local - isCA: false - privateKey: - algorithm: RSA - encoding: PKCS1 - size: 2048 - dnsNames: - - imc-dispatcher.knative-eventing.svc.cluster.local - issuerRef: - name: selfsigned-issuer - kind: Issuer - group: cert-manager.io - ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: mt-broker-filter-server-tls - namespace: knative-eventing -spec: - # Secret names are always required. - secretName: mt-broker-filter-server-tls - secretTemplate: - labels: - app.kubernetes.io/component: broker-filter - app.kubernetes.io/name: knative-eventing - duration: 2160h # 90d - renewBefore: 360h # 15d - subject: - organizations: - - local - isCA: false - privateKey: - algorithm: RSA - encoding: PKCS1 - size: 2048 - dnsNames: - - broker-filter.knative-eventing.svc.cluster.local - issuerRef: - name: selfsigned-issuer - kind: Issuer - group: cert-manager.io - ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: mt-broker-ingress-server-tls - namespace: knative-eventing -spec: - # Secret names are always required. - secretName: mt-broker-ingress-server-tls - secretTemplate: - labels: - app.kubernetes.io/component: broker-ingress - app.kubernetes.io/name: knative-eventing - duration: 2160h # 90d - renewBefore: 360h # 15d - subject: - organizations: - - local - isCA: false - privateKey: - algorithm: RSA - encoding: PKCS1 - size: 2048 - dnsNames: - - broker-ingress.knative-eventing.svc.cluster.local - issuerRef: - name: selfsigned-issuer - kind: Issuer - group: cert-manager.io - ---- diff --git a/cmd/operator/kodata/knative-eventing/1.10.0/4-in-memory-channel.yaml b/cmd/operator/kodata/knative-eventing/1.10.0/4-in-memory-channel.yaml deleted file mode 100644 index ae608a3ef3..0000000000 --- a/cmd/operator/kodata/knative-eventing/1.10.0/4-in-memory-channel.yaml +++ /dev/null @@ -1,1193 +0,0 @@ -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: imc-controller - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: imc-controller - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: imc-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: imc-controller - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - namespace: knative-eventing - name: imc-controller - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: imc-controller - namespace: knative-eventing -roleRef: - kind: Role - name: knative-inmemorychannel-webhook - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: imc-controller-resolver - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: imc-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: addressable-resolver - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: imc-dispatcher - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: imc-dispatcher - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: imc-dispatcher - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: imc-dispatcher - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-imc-event-dispatcher - namespace: knative-eventing - labels: - app.kubernetes.io/component: imc-controller - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -data: - MaxIdleConnections: "1000" - MaxIdleConnectionsPerHost: "100" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-observability - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing - annotations: - knative.dev/example-checksum: "f46cf09d" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # metrics.backend-destination field specifies the system metrics destination. - # It supports either prometheus (the default) or stackdriver. - # Note: Using stackdriver will incur additional charges - metrics.backend-destination: prometheus - - # metrics.request-metrics-backend-destination specifies the request metrics - # destination. If non-empty, it enables queue proxy to send request metrics. - # Currently supported values: prometheus, stackdriver. - metrics.request-metrics-backend-destination: prometheus - - # metrics.stackdriver-project-id field specifies the stackdriver project ID. This - # field is optional. When running on GCE, application default credentials will be - # used if this field is not provided. - metrics.stackdriver-project-id: "" - - # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to - # Stackdriver using "global" resource type and custom metric type if the - # metrics are not supported by "knative_broker", "knative_trigger", and "knative_source" resource types. - # Setting this flag to "true" could cause extra Stackdriver charge. - # If metrics.backend-destination is not Stackdriver, this is ignored. - metrics.allow-stackdriver-custom-metrics: "false" - - # profiling.enable indicates whether it is allowed to retrieve runtime profiling data from - # the pods via an HTTP server in the format expected by the pprof visualization tool. When - # enabled, the Knative Eventing pods expose the profiling data on an alternate HTTP port 8008. - # The HTTP context root for profiling is then /debug/pprof/. - profiling.enable: "false" - - # sink-event-error-reporting.enable whether the adapter reports a kube event to the CRD indicating - # a failure to send a cloud event to the sink. - sink-event-error-reporting.enable: "false" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-tracing - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing - annotations: - knative.dev/example-checksum: "0492ceb0" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - # - # This may be "zipkin" or "none". the default is "none" - backend: "none" - - # URL to zipkin collector where traces are sent. - # This must be specified when backend is "zipkin" - zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans" - - # Enable zipkin debug mode. This allows all spans to be sent to the server - # bypassing sampling. - debug: "false" - - # Percentage (0-1) of requests to trace - sample-rate: "0.1" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: imc-controller - namespace: knative-eventing - labels: - knative.dev/high-availability: "true" - app.kubernetes.io/component: imc-controller - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: &labels - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: controller - template: - metadata: - labels: - !!merge <<: *labels - app.kubernetes.io/component: imc-controller - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: *labels - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: imc-controller - enableServiceLinks: false - containers: - - name: controller - image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_controller@sha256:efbbfe4b723603c05cfadd135a52b75a2b3590769e83edcc6b6421b82b7f23c0 - env: - - name: WEBHOOK_NAME - value: inmemorychannel-webhook - - name: WEBHOOK_PORT - value: "8443" - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/inmemorychannel-controller - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: DISPATCHER_IMAGE - value: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:619fe076339f63a015b51ef77644c60e9131fe4706ccaec6b078153ab33d235a - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: https-webhook - containerPort: 8443 - readinessProbe: &probe - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - livenessProbe: - !!merge <<: *probe - initialDelaySeconds: 120 - # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently - # high value that we respect whatever value it has configured for the lame duck grace period. - terminationGracePeriodSeconds: 300 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: imc-controller - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing - name: inmemorychannel-webhook - namespace: knative-eventing -spec: - ports: - - name: https-webhook - port: 443 - targetPort: 8443 - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - selector: - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: controller - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: imc-dispatcher - namespace: knative-eventing - labels: - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: dispatcher - app.kubernetes.io/component: imc-dispatcher - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -spec: - selector: - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: dispatcher - ports: - - name: http-dispatcher - port: 80 - protocol: TCP - targetPort: 8080 - - name: http-metrics - port: 9090 - targetPort: 9090 - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: imc-dispatcher - namespace: knative-eventing - labels: - knative.dev/high-availability: "true" - app.kubernetes.io/component: imc-dispatcher - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: &labels - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: dispatcher - template: - metadata: - labels: - !!merge <<: *labels - app.kubernetes.io/component: imc-dispatcher - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: *labels - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: imc-dispatcher - enableServiceLinks: false - containers: - - name: dispatcher - image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:619fe076339f63a015b51ef77644c60e9131fe4706ccaec6b078153ab33d235a - readinessProbe: &probe - failureThreshold: 3 - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 - livenessProbe: - !!merge <<: *probe - initialDelaySeconds: 5 - env: - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/inmemorychannel-dispatcher - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: CONTAINER_NAME - value: dispatcher - - name: MAX_IDLE_CONNS - value: "1000" - - name: MAX_IDLE_CONNS_PER_HOST - value: "1000" - ports: - - containerPort: 8080 - name: http - protocol: TCP - - containerPort: 9090 - name: metrics - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: inmemorychannels.messaging.knative.dev - labels: - knative.dev/crd-install: "true" - messaging.knative.dev/subscribable: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -spec: - group: messaging.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'InMemoryChannel is a resource representing an in memory channel' - type: object - properties: - spec: - description: Spec defines the desired state of the Channel. - type: object - properties: - delivery: - description: DeliverySpec contains the default delivery spec for each subscription to this Channelable. Each subscription delivery spec, if any, overrides this global delivery spec. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - subscribers: - description: This is the list of subscriptions for this subscribable. - type: array - items: - type: object - properties: - delivery: - description: DeliverySpec contains options controlling the event delivery - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - generation: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - replyUri: - description: ReplyURI is the endpoint for the reply - type: string - subscriberUri: - description: SubscriberURI is the endpoint for the subscriber - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - status: - description: Status represents the current state of the Channel. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - deadLetterChannel: - description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter ref if one is specified in the Spec.Delivery. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscribers: - description: This is the list of subscription's statuses for this channel. - type: array - items: - type: object - properties: - message: - description: A human readable message indicating details of Ready status. - type: string - observedGeneration: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - ready: - description: Status of the subscriber. - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: InMemoryChannel - plural: inmemorychannels - singular: inmemorychannel - categories: - - all - - knative - - messaging - - channel - shortNames: - - imc - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: imc-addressable-resolver - labels: - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels - - inmemorychannels/status - verbs: - - get - - list - - watch - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: imc-channelable-manipulator - labels: - duck.knative.dev/channelable: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "channelable-manipulator" role. -rules: - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels - - inmemorychannels/status - verbs: - - create - - get - - list - - watch - - update - - patch - - delete - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: imc-controller - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels - - inmemorychannels/status - verbs: - - get - - list - - watch - - update - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels/finalizers - verbs: - - update - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels/finalizers - - inmemorychannels/status - - inmemorychannels - verbs: - - patch - - apiGroups: - - "" - resources: - - services - - serviceaccounts - verbs: &everything - - get - - list - - watch - - create - - update - - patch - - apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - "rbac.authorization.k8s.io" - resources: - - rolebindings - verbs: *everything - - apiGroups: - - apps - resources: - - deployments - verbs: *everything - - apiGroups: - - apps - resources: - - deployments/status - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: *everything - # For actually registering our webhook. - - apiGroups: - - "admissionregistration.k8s.io" - resources: - - "mutatingwebhookconfigurations" - - "validatingwebhookconfigurations" - verbs: &everything - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" - # For manipulating certs into secrets. - - apiGroups: - - "" - resources: - - "namespaces" - verbs: - - "get" - - "create" - - "update" - - "list" - - "watch" - - "patch" - # finalizers are needed for the owner reference of the webhook - - apiGroups: - - "" - resources: - - "namespaces/finalizers" - verbs: - - "update" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: imc-dispatcher - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels - - inmemorychannels/status - verbs: - - get - - list - - watch - - apiGroups: - - "" # Core API group. - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - # Updates the finalizer so we can remove our handlers when channel is deleted - # Patches the status.subscribers to reflect when the subscription dataplane has been - # configured. - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels/finalizers - - inmemorychannels/status - - inmemorychannels - verbs: - - patch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: knative-eventing - name: knative-inmemorychannel-webhook - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -rules: - # For manipulating certs into secrets. - - apiGroups: - - "" - resources: - - "secrets" - verbs: - - "get" - - "create" - - "update" - - "list" - - "watch" - - "patch" - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: inmemorychannel.eventing.knative.dev - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -webhooks: - - admissionReviewVersions: ["v1"] - clientConfig: - service: - name: inmemorychannel-webhook - namespace: knative-eventing - sideEffects: None - failurePolicy: Fail - name: inmemorychannel.eventing.knative.dev - timeoutSeconds: 10 - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validation.inmemorychannel.eventing.knative.dev - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -webhooks: - - admissionReviewVersions: ["v1"] - clientConfig: - service: - name: inmemorychannel-webhook - namespace: knative-eventing - sideEffects: None - failurePolicy: Fail - name: validation.inmemorychannel.eventing.knative.dev - timeoutSeconds: 10 - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: inmemorychannel-webhook-certs - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -# The data is populated at install time. - ---- diff --git a/cmd/operator/kodata/knative-eventing/1.10.0/5-mt-channel-broker.yaml b/cmd/operator/kodata/knative-eventing/1.10.0/5-mt-channel-broker.yaml deleted file mode 100644 index 5e0b7e255d..0000000000 --- a/cmd/operator/kodata/knative-eventing/1.10.0/5-mt-channel-broker.yaml +++ /dev/null @@ -1,657 +0,0 @@ -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-mt-channel-broker-controller - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -rules: - # Configs resources and status we care about. - - apiGroups: - - "" - resources: - - "namespaces/finalizers" - verbs: - - "update" - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-mt-broker-filter - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - eventing.knative.dev - resources: - - triggers - - triggers/status - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - get - - list - - watch - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: ServiceAccount -metadata: - name: mt-broker-filter - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-mt-broker-ingress - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - eventing.knative.dev - resources: - - brokers - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - get - - list - - watch - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: ServiceAccount -metadata: - name: mt-broker-ingress - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-mt-channel-broker-controller - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-mt-channel-broker-controller - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-eventing-mt-broker-filter - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: mt-broker-filter - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-mt-broker-filter - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-eventing-mt-broker-ingress - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: mt-broker-ingress - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-mt-broker-ingress - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mt-broker-filter - namespace: knative-eventing - labels: - app.kubernetes.io/component: broker-filter - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: - eventing.knative.dev/brokerRole: filter - template: - metadata: - labels: - eventing.knative.dev/brokerRole: filter - app.kubernetes.io/component: broker-filter - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing - spec: - serviceAccountName: mt-broker-filter - enableServiceLinks: false - containers: - - name: filter - terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing/cmd/broker/filter@sha256:16782b39892d6b65d8a1df5ab2a2eab6a3c32023c420fbcdbd69e246d126c48b - readinessProbe: &probe - failureThreshold: 3 - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 - livenessProbe: - !!merge <<: *probe - initialDelaySeconds: 5 - resources: - requests: - cpu: 100m - memory: 100Mi - ports: - - containerPort: 8080 - name: http - protocol: TCP - - containerPort: 9092 - name: metrics - protocol: TCP - terminationMessagePath: /dev/termination-log - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: CONTAINER_NAME - value: filter - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/internal/eventing - - name: FILTER_PORT - value: "8080" - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault ---- -apiVersion: v1 -kind: Service -metadata: - labels: - eventing.knative.dev/brokerRole: filter - app.kubernetes.io/component: broker-filter - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing - name: broker-filter - namespace: knative-eventing -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 8080 - - name: http-metrics - port: 9092 - protocol: TCP - targetPort: 9092 - selector: - eventing.knative.dev/brokerRole: filter - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mt-broker-ingress - namespace: knative-eventing - labels: - app.kubernetes.io/component: broker-ingress - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: - eventing.knative.dev/brokerRole: ingress - template: - metadata: - labels: - eventing.knative.dev/brokerRole: ingress - app.kubernetes.io/component: broker-ingress - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing - spec: - serviceAccountName: mt-broker-ingress - enableServiceLinks: false - containers: - - name: ingress - terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing/cmd/broker/ingress@sha256:339b84cf4f86fb4cc62920d6840ed650e8932a28283828e644c96c0765ff0c18 - readinessProbe: &probe - failureThreshold: 3 - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 - livenessProbe: - !!merge <<: *probe - initialDelaySeconds: 5 - resources: - requests: - cpu: 100m - memory: 100Mi - ports: - - containerPort: 8080 - name: http - protocol: TCP - - containerPort: 9092 - name: metrics - protocol: TCP - terminationMessagePath: /dev/termination-log - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: CONTAINER_NAME - value: ingress - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/internal/eventing - - name: INGRESS_PORT - value: "8080" - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault ---- -apiVersion: v1 -kind: Service -metadata: - labels: - eventing.knative.dev/brokerRole: ingress - app.kubernetes.io/component: broker-ingress - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing - name: broker-ingress - namespace: knative-eventing -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 8080 - - name: http-metrics - port: 9092 - protocol: TCP - targetPort: 9092 - selector: - eventing.knative.dev/brokerRole: ingress - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mt-broker-controller - namespace: knative-eventing - labels: - app.kubernetes.io/component: mt-broker-controller - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: - app: mt-broker-controller - template: - metadata: - labels: - app: mt-broker-controller - app.kubernetes.io/component: broker-controller - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: mt-broker-controller - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: eventing-controller - enableServiceLinks: false - containers: - - name: mt-broker-controller - terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtchannel_broker@sha256:ebc1df57853d77bd0285e6a0f4462dbf1c3590a08cb89c98e8294229866586a6 - resources: - requests: - cpu: 100m - memory: 100Mi - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/eventing - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: broker-ingress-hpa - namespace: knative-eventing - labels: - app.kubernetes.io/component: broker-ingress - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: mt-broker-ingress - minReplicas: 1 - maxReplicas: 10 - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 70 ---- -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: broker-filter-hpa - namespace: knative-eventing - labels: - app.kubernetes.io/component: broker-filter - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-eventing -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: mt-broker-filter - minReplicas: 1 - maxReplicas: 10 - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 70 - ---- diff --git a/cmd/operator/kodata/knative-eventing/1.10.1/1-eventing-crds.yaml b/cmd/operator/kodata/knative-eventing/1.10.1/1-eventing-crds.yaml deleted file mode 100644 index 50933c7fc6..0000000000 --- a/cmd/operator/kodata/knative-eventing/1.10.1/1-eventing-crds.yaml +++ /dev/null @@ -1,2319 +0,0 @@ -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing - annotations: - # TODO add schemas and descriptions - registry.knative.dev/eventTypes: | - [ - { "type": "dev.knative.apiserver.resource.add" }, - { "type": "dev.knative.apiserver.resource.delete" }, - { "type": "dev.knative.apiserver.resource.update" }, - { "type": "dev.knative.apiserver.ref.add" }, - { "type": "dev.knative.apiserver.ref.delete" }, - { "type": "dev.knative.apiserver.ref.update" } - ] - name: apiserversources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'ApiServerSource is an event source that brings Kubernetes API server events into Knative.' - type: object - properties: - spec: - type: object - required: - - resources - properties: - ceOverrides: - description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. - type: object - properties: - extensions: - description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. - type: object - x-kubernetes-preserve-unknown-fields: true - mode: - description: EventMode controls the format of the event. `Reference` sends a dataref event type for the resource under watch. `Resource` send the full resource lifecycle event. Defaults to `Reference` - type: string - owner: - description: ResourceOwner is an additional filter to only track resources that are owned by a specific resource type. If ResourceOwner matches Resources[n] then Resources[n] is allowed to pass the ResourceOwner filter. - type: object - properties: - apiVersion: - description: APIVersion - the API version of the resource to watch. - type: string - kind: - description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - resources: - description: Resource are the resources this source will track and send related lifecycle events from the Kubernetes ApiServer, with an optional label selector to help filter. - type: array - items: - type: object - properties: - apiVersion: - description: APIVersion - the API version of the resource to watch. - type: string - kind: - description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - selector: - description: 'LabelSelector filters this source to objects to those resources pass the label selector. More info: http://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - type: object - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount to use to run this source. Defaults to default if not set. - type: string - sink: - description: Sink is a reference to an object that will resolve to a uri to use as the sink. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - namespaceSelector: - description: NamespaceSelector is a label selector to capture the namespaces that should be watched by the source. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - type: object - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. - type: array - items: - type: object - properties: - source: - description: Source is the CloudEvents source attribute. - type: string - type: - description: Type refers to the CloudEvent type attribute. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - sinkUri: - description: SinkURI is the current active sink URI that has been configured for the Source. - type: string - namespaces: - description: Namespaces show the namespaces currently watched by the ApiServerSource - type: array - items: - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - categories: - - all - - knative - - sources - kind: ApiServerSource - plural: apiserversources - singular: apiserversource - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: brokers.eventing.knative.dev - labels: - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -spec: - group: eventing.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Broker collects a pool of events that are consumable using Triggers. Brokers provide a well-known endpoint for event delivery that senders can use with minimal knowledge of the event routing strategy. Subscribers use Triggers to request delivery of events from a Broker''s pool to a specific URL or Addressable endpoint.' - type: object - properties: - spec: - description: Spec defines the desired state of the Broker. - type: object - properties: - config: - description: Config is a KReference to the configuration that specifies configuration options for this Broker. For example, this could be a pointer to a ConfigMap. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - delivery: - description: Delivery contains the delivery spec for each trigger to this Broker. Each trigger delivery spec, if any, overrides this global delivery spec. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - status: - description: Status represents the current state of the Broker. This data may be out of date. - type: object - properties: - address: - description: Broker is Addressable. It exposes the endpoint as an URI to get events delivered into the Broker mesh. - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - - name: Class - type: string - priority: 1 - jsonPath: '.metadata.annotations.eventing\.knative\.dev/broker\.class' - names: - kind: Broker - plural: brokers - singular: broker - categories: - - all - - knative - - eventing - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: channels.messaging.knative.dev - labels: - knative.dev/crd-install: "true" - messaging.knative.dev/subscribable: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -spec: - group: messaging.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - schema: - openAPIV3Schema: - description: 'Channel represents a generic Channel. It is normally used when we want a Channel, but do not need a specific Channel implementation.' - type: object - properties: - spec: - description: Spec defines the desired state of the Channel. - type: object - properties: - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use to create the CRD Channel backing this Channel. This is immutable after creation. Normally this is set by the Channel defaulter, not directly by the user. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - delivery: - description: DeliverySpec contains the default delivery spec for each subscription to this Channelable. Each subscription delivery spec, if any, overrides this global delivery spec. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - subscribers: - description: This is the list of subscriptions for this subscribable. - type: array - items: - type: object - properties: - delivery: - description: DeliverySpec contains options controlling the event delivery - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - generation: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - replyUri: - description: ReplyURI is the endpoint for the reply - type: string - subscriberUri: - description: SubscriberURI is the endpoint for the subscriber - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - status: - description: Status represents the current state of the Channel. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - channel: - description: Channel is an KReference to the Channel CRD backing this Channel. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - deadLetterChannel: - description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscribers: - description: This is the list of subscription's statuses for this channel. - type: array - items: - type: object - properties: - message: - description: A human readable message indicating details of Ready status. - type: string - observedGeneration: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - ready: - description: Status of the subscriber. - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - names: - kind: Channel - plural: channels - singular: channel - categories: - - all - - knative - - messaging - - channel - shortNames: - - ch - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing - name: containersources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'ContainerSource is an event source that starts a container image which generates events under certain situations and sends messages to a sink URI' - type: object - properties: - spec: - type: object - properties: - ceOverrides: - description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. - type: object - properties: - extensions: - description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. - type: object - x-kubernetes-preserve-unknown-fields: true - sink: - description: Sink is a reference to an object that will resolve to a uri to use as the sink. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - # WARNING: the schema tool can not parse PodTemplateSpec, stub here and redirect to Deployment documentation. - template: - type: object - x-kubernetes-preserve-unknown-fields: true - description: 'A template in the shape of `Deployment.spec.template` to be used for this ContainerSource. More info: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/' - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. - type: array - items: - type: object - properties: - source: - description: Source is the CloudEvents source attribute. - type: string - type: - description: Type refers to the CloudEvent type attribute. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - sinkUri: - description: SinkURI is the current active sink URI that has been configured for the Source. - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - categories: - - all - - knative - - sources - kind: ContainerSource - plural: containersources - singular: containersource - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: eventtypes.eventing.knative.dev - labels: - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -spec: - group: eventing.knative.dev - versions: - - name: v1beta1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - description: 'EventType represents a type of event that can be consumed from a Broker.' - properties: - spec: - description: 'Spec defines the desired state of the EventType.' - type: object - properties: - broker: - type: string - description: - description: 'Description is an optional field used to describe the EventType, in any meaningful way.' - type: string - schema: - description: 'Schema is a URI, it represents the CloudEvents schemaurl extension attribute. It may be a JSON schema, a protobuf schema, etc. It is optional.' - type: string - schemaData: - description: 'SchemaData allows the CloudEvents schema to be stored directly in the EventType. Content is dependent on the encoding. Optional attribute. The contents are not validated or manipulated by the system.' - type: string - source: - description: 'Source is a URI, it represents the CloudEvents source.' - type: string - type: - description: 'Type represents the CloudEvents type. It is authoritative.' - type: string - status: - description: 'Status represents the current state of the EventType. This data may be out of date.' - type: object - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - observedGeneration: - description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' - type: integer - format: int64 - additionalPrinterColumns: - - name: Type - type: string - jsonPath: ".spec.type" - - name: Source - type: string - jsonPath: ".spec.source" - - name: Schema - type: string - jsonPath: ".spec.schema" - - name: Broker - type: string - jsonPath: ".spec.broker" - - name: Description - type: string - jsonPath: ".spec.description" - # TODO remove Status https://github.com/knative/eventing/issues/2750 - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: EventType - plural: eventtypes - singular: eventtype - categories: - - all - - knative - - eventing - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: parallels.flows.knative.dev - labels: - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -spec: - group: flows.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Parallel defines conditional branches that will be wired in series through Channels and Subscriptions.' - type: object - properties: - spec: - description: Spec defines the desired state of the Parallel. - type: object - properties: - branches: - description: Branches is the list of Filter/Subscribers pairs. - type: array - items: - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - delivery: - description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: &addressableProperties - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - filter: - description: Filter is the expression guarding the branch - type: object - properties: - !!merge <<: *addressableProperties - reply: - description: Reply is a Reference to where the result of Subscriber of this case gets sent to. If not specified, sent the result to the Parallel Reply - type: object - properties: - !!merge <<: *addressableProperties - subscriber: - description: Subscriber receiving the event when the filter passes - type: object - properties: - !!merge <<: *addressableProperties - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - reply: - description: Reply is a Reference to where the result of a case Subscriber gets sent to when the case does not have a Reply - type: object - properties: - !!merge <<: *addressableProperties - status: - description: Status represents the current state of the Parallel. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - branchStatuses: - description: BranchStatuses is an array of corresponding to branch statuses. Matches the Spec.Branches array in the order. - type: array - items: - type: object - properties: - filterChannelStatus: - description: FilterChannelStatus corresponds to the filter channel status. - type: object - properties: &channelProperties - channel: - description: Channel is the reference to the underlying channel. - type: object - properties: &referentProperties - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - ready: - description: ReadyCondition indicates whether the Channel is ready or not. - type: object - x-kubernetes-preserve-unknown-fields: true - properties: &readyConditionProperties - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - filterSubscriptionStatus: - description: FilterSubscriptionStatus corresponds to the filter subscription status. - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - properties: - !!merge <<: *readyConditionProperties - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - !!merge <<: *referentProperties - subscriberSubscriptionStatus: - description: SubscriptionStatus corresponds to the subscriber subscription status. - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - properties: - !!merge <<: *readyConditionProperties - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - !!merge <<: *referentProperties - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - properties: - !!merge <<: *readyConditionProperties - ingressChannelStatus: - description: IngressChannelStatus corresponds to the ingress channel status. - type: object - properties: - !!merge <<: *channelProperties - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Parallel - plural: parallels - singular: parallel - categories: - - all - - knative - - flows - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing - annotations: - # TODO add schemas and descriptions - registry.knative.dev/eventTypes: | - [ - { "type": "dev.knative.sources.ping" } - ] - name: pingsources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - &version - name: v1beta2 - served: true - storage: false - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - description: 'PingSource describes an event source with a fixed payload produced on a specified cron schedule.' - properties: - spec: - type: object - description: 'PingSourceSpec defines the desired state of the PingSource (from the client).' - properties: - ceOverrides: - description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' - type: object - properties: - extensions: - description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' - type: object - additionalProperties: - type: string - x-kubernetes-preserve-unknown-fields: true - contentType: - description: 'ContentType is the media type of `data` or `dataBase64`. Default is empty.' - type: string - data: - description: 'Data is data used as the body of the event posted to the sink. Default is empty. Mutually exclusive with `dataBase64`.' - type: string - dataBase64: - description: "DataBase64 is the base64-encoded string of the actual event's body posted to the sink. Default is empty. Mutually exclusive with `data`." - type: string - schedule: - description: 'Schedule is the cron schedule. Defaults to `* * * * *`.' - type: string - sink: - description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' - type: object - properties: - ref: - description: 'Ref points to an Addressable.' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' - type: string - timezone: - description: 'Timezone modifies the actual time relative to the specified timezone. Defaults to the system time zone. More general information about time zones: https://www.iana.org/time-zones List of valid timezone values: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones' - type: string - status: - type: object - description: 'PingSourceStatus defines the observed state of PingSource (from the controller).' - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' - type: array - items: - type: object - properties: - source: - description: 'Source is the CloudEvents source attribute.' - type: string - type: - description: 'Type refers to the CloudEvent type attribute.' - type: string - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - observedGeneration: - description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' - type: integer - format: int64 - sinkUri: - description: 'SinkURI is the current active sink URI that has been configured for the Source.' - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: .status.sinkUri - - name: Schedule - type: string - jsonPath: .spec.schedule - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - !!merge <<: *version - name: v1 - served: true - storage: true - # v1 schema is identical to the v1beta2 schema - names: - categories: - - all - - knative - - sources - kind: PingSource - plural: pingsources - singular: pingsource - scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: sequences.flows.knative.dev - labels: - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -spec: - group: flows.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Sequence defines a sequence of Subscribers that will be wired in series through Channels and Subscriptions.' - type: object - properties: - spec: - description: Spec defines the desired state of the Sequence. - type: object - properties: - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - reply: - description: Reply is a Reference to where the result of the last Subscriber gets sent to. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - steps: - description: Steps is the list of Destinations (processors / functions) that will be called in the order provided. Each step has its own delivery options - type: array - items: - type: object - properties: - delivery: - description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - status: - description: Status represents the current state of the Sequence. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - channelStatuses: - description: ChannelStatuses is an array of corresponding Channel statuses. Matches the Spec.Steps array in the order. - type: array - items: - type: object - properties: - channel: - description: Channel is the reference to the underlying channel. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - ready: - description: ReadyCondition indicates whether the Channel is ready or not. - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscriptionStatuses: - description: SubscriptionStatuses is an array of corresponding Subscription statuses. Matches the Spec.Steps array in the order. - type: array - items: - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Sequence - plural: sequences - singular: sequence - categories: - - all - - knative - - flows - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - duck.knative.dev/binding: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing - name: sinkbindings.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'SinkBinding describes a Binding that is also a Source. The `sink` (from the Source duck) is resolved to a URL and then projected into the `subject` by augmenting the runtime contract of the referenced containers to have a `K_SINK` environment variable holding the endpoint to which to send cloud events.' - type: object - properties: - spec: - type: object - properties: - ceOverrides: - description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. - type: object - properties: - extensions: - description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. - type: object - x-kubernetes-preserve-unknown-fields: true - sink: - description: Sink is a reference to an object that will resolve to a uri to use as the sink. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - subject: - description: Subject references the resource(s) whose "runtime contract" should be augmented by Binding implementations. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: Kind of the referent. - type: string - name: - description: Name of the referent. Mutually exclusive with Selector. - type: string - namespace: - description: Namespace of the referent. - type: string - selector: - description: Selector of the referents. Mutually exclusive with Name. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - type: object - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. - type: array - items: - type: object - properties: - source: - description: Source is the CloudEvents source attribute. - type: string - type: - description: Type refers to the CloudEvent type attribute. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - sinkUri: - description: SinkURI is the current active sink URI that has been configured for the Source. - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - categories: - - all - - knative - - sources - - bindings - kind: SinkBinding - plural: sinkbindings - singular: sinkbinding - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: subscriptions.messaging.knative.dev - labels: - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -spec: - group: messaging.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Subscription routes events received on a Channel to a DNS name and corresponds to the subscriptions.channels.knative.dev CRD.' - type: object - properties: - spec: - type: object - properties: - channel: - description: 'Reference to a channel that will be used to create the subscription. You can specify only the following fields of the KReference: kind, apiVersion and name. The resource pointed by this KReference must meet the contract to the ChannelableSpec duck type. If the resource does not meet this contract it will be reflected in the Subscription''s status. This field is immutable. We have no good answer on what happens to the events that are currently in the channel being consumed from and what the semantics there should be. For now, you can always delete the Subscription and recreate it to point to a different channel, giving the user more control over what semantics should be used (drain the channel first, possibly have events dropped, etc.)' - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - delivery: - description: Delivery configuration - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - reply: - description: Reply specifies (optionally) how to handle events returned from the Subscriber target. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - subscriber: - description: Subscriber is reference to (optional) function for processing events. Events from the Channel will be delivered here and replies are sent to a Destination as specified by the Reply. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - physicalSubscription: - description: PhysicalSubscription is the fully resolved values that this Subscription represents. - type: object - properties: - deadLetterSinkUri: - description: ReplyURI is the fully resolved URI for the spec.delivery.deadLetterSink. - type: string - replyUri: - description: ReplyURI is the fully resolved URI for the spec.reply. - type: string - subscriberUri: - description: SubscriberURI is the fully resolved URI for spec.subscriber. - type: string - additionalPrinterColumns: - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Subscription - plural: subscriptions - singular: subscription - categories: - - all - - knative - - messaging - shortNames: - - sub - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: triggers.eventing.knative.dev - labels: - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -spec: - group: eventing.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Broker - type: string - jsonPath: .spec.broker - - name: Subscriber_URI - type: string - jsonPath: .status.subscriberUri - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - schema: - openAPIV3Schema: - description: 'Trigger represents a request to have events delivered to a subscriber from a Broker''s event pool.' - type: object - properties: - spec: - description: Spec defines the desired state of the Trigger. - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - broker: - description: Broker is the broker that this trigger receives events from. - type: string - delivery: - description: Delivery contains the delivery spec for this specific trigger. - type: object - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - filter: - description: 'Filter is the filter to apply against all events from the Broker. Only events that pass this filter will be sent to the Subscriber. If not specified, will default to allowing all events. ' - type: object - properties: - attributes: - description: 'Attributes filters events by exact match on event context attributes. Each key in the map is compared with the equivalent key in the event context. An event passes the filter if all values are equal to the specified values. Nested context attributes are not supported as keys. Only string values are supported. ' - type: object - x-kubernetes-preserve-unknown-fields: true - subscriber: - description: Subscriber is the addressable that receives events from the Broker that pass the Filter. It is required. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - status: - description: Status represents the current state of the Trigger. This data may be out of date. - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter sink for this Trigger, in case there is none this will fallback to it's Broker status DeadLetterSinkURI. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscriberUri: - description: SubscriberURI is the resolved URI of the receiver for this Trigger. - type: string - names: - kind: Trigger - plural: triggers - singular: trigger - categories: - - all - - knative - - eventing - scope: Namespaced - ---- diff --git a/cmd/operator/kodata/knative-eventing/1.10.1/2-eventing-core.yaml b/cmd/operator/kodata/knative-eventing/1.10.1/2-eventing-core.yaml deleted file mode 100644 index f329ed8f72..0000000000 --- a/cmd/operator/kodata/knative-eventing/1.10.1/2-eventing-core.yaml +++ /dev/null @@ -1,4606 +0,0 @@ -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: Namespace -metadata: - name: knative-eventing - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: eventing-controller - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-controller - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-controller - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-controller-resolver - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: addressable-resolver - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-controller-source-observer - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: source-observer - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-controller-sources-controller - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-sources-controller - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-controller-manipulator - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: channelable-manipulator - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: pingsource-mt-adapter - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-eventing-pingsource-mt-adapter - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: pingsource-mt-adapter - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-pingsource-mt-adapter - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: eventing-webhook - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-webhook - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-webhook - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-webhook - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - namespace: knative-eventing - name: eventing-webhook - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-webhook - namespace: knative-eventing -roleRef: - kind: Role - name: knative-eventing-webhook - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-webhook-resolver - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-webhook - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: addressable-resolver - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-webhook-podspecable-binding - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-webhook - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: podspecable-binding - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-br-default-channel - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -data: - channel-template-spec: | - apiVersion: messaging.knative.dev/v1 - kind: InMemoryChannel - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-br-defaults - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -data: - # Configures the default for any Broker that does not specify a spec.config or Broker class. - default-br-config: | - clusterDefault: - brokerClass: MTChannelBasedBroker - apiVersion: v1 - kind: ConfigMap - name: config-br-default-channel - namespace: knative-eventing - delivery: - retry: 10 - backoffPolicy: exponential - backoffDelay: PT0.2S - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: default-ch-webhook - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -data: - # Configuration for defaulting channels that do not specify CRD implementations. - default-ch-config: | - clusterDefault: - apiVersion: messaging.knative.dev/v1 - kind: InMemoryChannel - namespaceDefaults: - some-namespace: - apiVersion: messaging.knative.dev/v1 - kind: InMemoryChannel - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-ping-defaults - namespace: knative-eventing - labels: - annotations: - knative.dev/example-checksum: "9185c153" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # Max number of bytes allowed to be sent for message excluding any - # base64 decoding. Default is no limit set for data - data-max-size: -1 - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-features - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -data: - # ALPHA feature: The kreference-group allows you to use the Group field in KReferences. - # For more details: https://github.com/knative/eventing/issues/5086 - kreference-group: "disabled" - # ALPHA feature: The delivery-retryafter allows you to use the RetryAfter field in DeliverySpec. - # For more details: https://github.com/knative/eventing/issues/5811 - delivery-retryafter: "disabled" - # BETA feature: The delivery-timeout allows you to use the Timeout field in DeliverySpec. - # For more details: https://github.com/knative/eventing/issues/5148 - delivery-timeout: "enabled" - # ALPHA feature: The kreference-mapping allows you to map kreference onto templated URI - # For more details: https://github.com/knative/eventing/issues/5593 - kreference-mapping: "disabled" - # ALPHA feature: The new-trigger-filters flag allows you to use the new `filters` field - # in Trigger objects with its rich filtering capabilities. - # For more details: https://github.com/knative/eventing/issues/5204 - new-trigger-filters: "disabled" - # ALPHA feature: The transport-encryption flag allows you to encrypt events in transit using the transport layer security (TLS) protocol. - # For more details: https://github.com/knative/eventing/issues/5957 - transport-encryption: "disabled" - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-kreference-mapping - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - annotations: - knative.dev/example-checksum: "7375dbe1" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - - # this is an example of mapping from pod to addressable-pod service - # the data key must be of the form "kind.version.group" - # the data value must be a valid URL. Valid template data are: - # - Name: reference name - # - Namespace: reference namespace - # - SystemNamespace: knative namespace - # - UID: reference UID - # - # Pod.v1: https://addressable-pod.{{ .SystemNamespace }}.svc.cluster.local/{{ .Name }} - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-leader-election - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing - annotations: - knative.dev/example-checksum: "f7948630" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # lease-duration is how long non-leaders will wait to try to acquire the - # lock; 15 seconds is the value used by core kubernetes controllers. - lease-duration: "15s" - - # renew-deadline is how long a leader will try to renew the lease before - # giving up; 10 seconds is the value used by core kubernetes controllers. - renew-deadline: "10s" - - # retry-period is how long the leader election client waits between tries of - # actions; 2 seconds is the value used by core kubernetes controllers. - retry-period: "2s" - - # buckets is the number of buckets used to partition key space of each - # Reconciler. If this number is M and the replica number of the controller - # is N, the N replicas will compete for the M buckets. The owner of a - # bucket will take care of the reconciling for the keys partitioned into - # that bucket. - buckets: "1" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-logging - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -data: - # Common configuration for all Knative codebase - zap-logger-config: | - { - "level": "info", - "development": false, - "outputPaths": ["stdout"], - "errorOutputPaths": ["stderr"], - "encoding": "json", - "encoderConfig": { - "timeKey": "ts", - "levelKey": "level", - "nameKey": "logger", - "callerKey": "caller", - "messageKey": "msg", - "stacktraceKey": "stacktrace", - "lineEnding": "", - "levelEncoder": "", - "timeEncoder": "iso8601", - "durationEncoder": "", - "callerEncoder": "" - } - } - # Log level overrides - # For all components changes are be picked up immediately. - loglevel.controller: "info" - loglevel.webhook: "info" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-observability - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing - annotations: - knative.dev/example-checksum: "f46cf09d" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # metrics.backend-destination field specifies the system metrics destination. - # It supports either prometheus (the default) or stackdriver. - # Note: Using stackdriver will incur additional charges - metrics.backend-destination: prometheus - - # metrics.request-metrics-backend-destination specifies the request metrics - # destination. If non-empty, it enables queue proxy to send request metrics. - # Currently supported values: prometheus, stackdriver. - metrics.request-metrics-backend-destination: prometheus - - # metrics.stackdriver-project-id field specifies the stackdriver project ID. This - # field is optional. When running on GCE, application default credentials will be - # used if this field is not provided. - metrics.stackdriver-project-id: "" - - # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to - # Stackdriver using "global" resource type and custom metric type if the - # metrics are not supported by "knative_broker", "knative_trigger", and "knative_source" resource types. - # Setting this flag to "true" could cause extra Stackdriver charge. - # If metrics.backend-destination is not Stackdriver, this is ignored. - metrics.allow-stackdriver-custom-metrics: "false" - - # profiling.enable indicates whether it is allowed to retrieve runtime profiling data from - # the pods via an HTTP server in the format expected by the pprof visualization tool. When - # enabled, the Knative Eventing pods expose the profiling data on an alternate HTTP port 8008. - # The HTTP context root for profiling is then /debug/pprof/. - profiling.enable: "false" - - # sink-event-error-reporting.enable whether the adapter reports a kube event to the CRD indicating - # a failure to send a cloud event to the sink. - sink-event-error-reporting.enable: "false" - ---- -# Copyright 2022 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-sugar - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing - annotations: - knative.dev/example-checksum: "62dfac6f" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # namespace-selector specifies a LabelSelector which - # determines which namespaces the Sugar Controller should operate upon - # Use an empty value to disable the feature (this is the default): - namespace-selector: "" - - # Use an empty object as a string to enable for all namespaces - namespace-selector: "{}" - - # trigger-selector specifies a LabelSelector which - # determines which triggers the Sugar Controller should operate upon - # Use an empty value to disable the feature (this is the default): - trigger-selector: "" - - # Use an empty object as string to enable for all triggers - trigger-selector: "{}" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-tracing - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing - annotations: - knative.dev/example-checksum: "0492ceb0" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - # - # This may be "zipkin" or "none". the default is "none" - backend: "none" - - # URL to zipkin collector where traces are sent. - # This must be specified when backend is "zipkin" - zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans" - - # Enable zipkin debug mode. This allows all spans to be sent to the server - # bypassing sampling. - debug: "false" - - # Percentage (0-1) of requests to trace - sample-rate: "0.1" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: eventing-controller - namespace: knative-eventing - labels: - knative.dev/high-availability: "true" - app.kubernetes.io/component: eventing-controller - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: - app: eventing-controller - template: - metadata: - labels: - app: eventing-controller - app.kubernetes.io/component: eventing-controller - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: eventing-controller - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: eventing-controller - enableServiceLinks: false - containers: - - name: eventing-controller - terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing/cmd/controller@sha256:92967bab4ad8f7d55ce3a77ba8868f3f2ce173c010958c28b9a690964ad6ee9b - resources: - requests: - cpu: 100m - memory: 100Mi - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/eventing - # APIServerSource - - name: APISERVER_RA_IMAGE - value: gcr.io/knative-releases/knative.dev/eventing/cmd/apiserver_receive_adapter@sha256:828db8155996e40c13b77c1d039dba98153dcfcbe272248e92866bd7b6d6a17d - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - ## Adapter settings - # - name: K_LOGGING_CONFIG - # value: '' - # - name: K_LEADER_ELECTION_CONFIG - # value: '' - # - name: K_NO_SHUTDOWN_AFTER - # value: '' - ## Time in seconds the adapter will wait for the sink to respond. Default is no timeout - # - name: K_SINK_TIMEOUT - # value: '' - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - livenessProbe: - httpGet: - path: /health - port: probes - scheme: HTTP - initialDelaySeconds: 20 - periodSeconds: 10 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /readiness - port: probes - scheme: HTTP - initialDelaySeconds: 20 - periodSeconds: 10 - timeoutSeconds: 5 - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: probes - containerPort: 8080 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: pingsource-mt-adapter - namespace: knative-eventing - labels: - app.kubernetes.io/component: pingsource-mt-adapter - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -spec: - # when set to 0 (and only 0) will be set to 1 when the first PingSource is created. - replicas: 0 - selector: - matchLabels: &labels - eventing.knative.dev/source: ping-source-controller - sources.knative.dev/role: adapter - template: - metadata: - labels: - !!merge <<: *labels - app.kubernetes.io/component: pingsource-mt-adapter - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: *labels - topologyKey: kubernetes.io/hostname - weight: 100 - enableServiceLinks: false - containers: - - name: dispatcher - image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtping@sha256:6d35cc98baa098fc0c5b4290859e363a8350a9dadc31d1191b0b5c9796958223 - env: - - name: SYSTEM_NAMESPACE - value: '' - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: NAMESPACE - value: '' - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - # DO NOT MODIFY: The values below are being filled by the ping source controller - # See 500-controller.yaml - - name: K_METRICS_CONFIG - value: '' - - name: K_LOGGING_CONFIG - value: '' - - name: K_LEADER_ELECTION_CONFIG - value: '' - - name: K_NO_SHUTDOWN_AFTER - value: '' - - name: K_SINK_TIMEOUT - value: '-1' - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - ports: - - containerPort: 9090 - name: metrics - protocol: TCP - resources: - requests: - cpu: 125m - memory: 64Mi - limits: - cpu: 1000m - memory: 2048Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - serviceAccountName: pingsource-mt-adapter - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: eventing-webhook - namespace: knative-eventing - labels: - app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: eventing-webhook - minReplicas: 1 - maxReplicas: 5 - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 100 ---- -# Webhook PDB. -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: eventing-webhook - namespace: knative-eventing - labels: - app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -spec: - minAvailable: 80% - selector: - matchLabels: - app: eventing-webhook - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: eventing-webhook - namespace: knative-eventing - labels: - app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: &labels - app: eventing-webhook - role: eventing-webhook - template: - metadata: - labels: - !!merge <<: *labels - app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: eventing-webhook - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: eventing-webhook - enableServiceLinks: false - containers: - - name: eventing-webhook - terminationMessagePolicy: FallbackToLogsOnError - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/eventing/cmd/webhook@sha256:ebf93652f0254ac56600bedf4a7d81611b3e1e7f6526c6998da5dd24cdc67ee1 - resources: - requests: - # taken from serving. - cpu: 100m - memory: 50Mi - limits: - # taken from serving. - cpu: 200m - memory: 200Mi - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: METRICS_DOMAIN - value: knative.dev/eventing - - name: WEBHOOK_NAME - value: eventing-webhook - - name: WEBHOOK_PORT - value: "8443" - # SINK_BINDING_SELECTION_MODE specifies the NamespaceSelector and ObjectSelector - # for the sinkbinding webhook. - # If `inclusion` is selected, namespaces/objects labelled as `bindings.knative.dev/include:true` - # will be considered by the sinkbinding webhook; - # If `exclusion` is selected, namespaces/objects labelled as `bindings.knative.dev/exclude:true` - # will NOT be considered by the sinkbinding webhook. - # The default is `exclusion`. - - name: SINK_BINDING_SELECTION_MODE - value: "exclusion" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: https-webhook - containerPort: 8443 - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - readinessProbe: &probe - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - livenessProbe: - !!merge <<: *probe - initialDelaySeconds: 120 - # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently - # high value that we respect whatever value it has configured for the lame duck grace period. - terminationGracePeriodSeconds: 300 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - role: eventing-webhook - app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing - name: eventing-webhook - namespace: knative-eventing -spec: - ports: - - name: https-webhook - port: 443 - targetPort: 8443 - selector: - role: eventing-webhook - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing - annotations: - # TODO add schemas and descriptions - registry.knative.dev/eventTypes: | - [ - { "type": "dev.knative.apiserver.resource.add" }, - { "type": "dev.knative.apiserver.resource.delete" }, - { "type": "dev.knative.apiserver.resource.update" }, - { "type": "dev.knative.apiserver.ref.add" }, - { "type": "dev.knative.apiserver.ref.delete" }, - { "type": "dev.knative.apiserver.ref.update" } - ] - name: apiserversources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'ApiServerSource is an event source that brings Kubernetes API server events into Knative.' - type: object - properties: - spec: - type: object - required: - - resources - properties: - ceOverrides: - description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. - type: object - properties: - extensions: - description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. - type: object - x-kubernetes-preserve-unknown-fields: true - mode: - description: EventMode controls the format of the event. `Reference` sends a dataref event type for the resource under watch. `Resource` send the full resource lifecycle event. Defaults to `Reference` - type: string - owner: - description: ResourceOwner is an additional filter to only track resources that are owned by a specific resource type. If ResourceOwner matches Resources[n] then Resources[n] is allowed to pass the ResourceOwner filter. - type: object - properties: - apiVersion: - description: APIVersion - the API version of the resource to watch. - type: string - kind: - description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - resources: - description: Resource are the resources this source will track and send related lifecycle events from the Kubernetes ApiServer, with an optional label selector to help filter. - type: array - items: - type: object - properties: - apiVersion: - description: APIVersion - the API version of the resource to watch. - type: string - kind: - description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - selector: - description: 'LabelSelector filters this source to objects to those resources pass the label selector. More info: http://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - type: object - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount to use to run this source. Defaults to default if not set. - type: string - sink: - description: Sink is a reference to an object that will resolve to a uri to use as the sink. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - namespaceSelector: - description: NamespaceSelector is a label selector to capture the namespaces that should be watched by the source. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - type: object - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. - type: array - items: - type: object - properties: - source: - description: Source is the CloudEvents source attribute. - type: string - type: - description: Type refers to the CloudEvent type attribute. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - sinkUri: - description: SinkURI is the current active sink URI that has been configured for the Source. - type: string - namespaces: - description: Namespaces show the namespaces currently watched by the ApiServerSource - type: array - items: - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - categories: - - all - - knative - - sources - kind: ApiServerSource - plural: apiserversources - singular: apiserversource - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: brokers.eventing.knative.dev - labels: - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -spec: - group: eventing.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Broker collects a pool of events that are consumable using Triggers. Brokers provide a well-known endpoint for event delivery that senders can use with minimal knowledge of the event routing strategy. Subscribers use Triggers to request delivery of events from a Broker''s pool to a specific URL or Addressable endpoint.' - type: object - properties: - spec: - description: Spec defines the desired state of the Broker. - type: object - properties: - config: - description: Config is a KReference to the configuration that specifies configuration options for this Broker. For example, this could be a pointer to a ConfigMap. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - delivery: - description: Delivery contains the delivery spec for each trigger to this Broker. Each trigger delivery spec, if any, overrides this global delivery spec. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - status: - description: Status represents the current state of the Broker. This data may be out of date. - type: object - properties: - address: - description: Broker is Addressable. It exposes the endpoint as an URI to get events delivered into the Broker mesh. - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - - name: Class - type: string - priority: 1 - jsonPath: '.metadata.annotations.eventing\.knative\.dev/broker\.class' - names: - kind: Broker - plural: brokers - singular: broker - categories: - - all - - knative - - eventing - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: channels.messaging.knative.dev - labels: - knative.dev/crd-install: "true" - messaging.knative.dev/subscribable: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -spec: - group: messaging.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - schema: - openAPIV3Schema: - description: 'Channel represents a generic Channel. It is normally used when we want a Channel, but do not need a specific Channel implementation.' - type: object - properties: - spec: - description: Spec defines the desired state of the Channel. - type: object - properties: - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use to create the CRD Channel backing this Channel. This is immutable after creation. Normally this is set by the Channel defaulter, not directly by the user. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - delivery: - description: DeliverySpec contains the default delivery spec for each subscription to this Channelable. Each subscription delivery spec, if any, overrides this global delivery spec. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - subscribers: - description: This is the list of subscriptions for this subscribable. - type: array - items: - type: object - properties: - delivery: - description: DeliverySpec contains options controlling the event delivery - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - generation: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - replyUri: - description: ReplyURI is the endpoint for the reply - type: string - subscriberUri: - description: SubscriberURI is the endpoint for the subscriber - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - status: - description: Status represents the current state of the Channel. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - channel: - description: Channel is an KReference to the Channel CRD backing this Channel. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - deadLetterChannel: - description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscribers: - description: This is the list of subscription's statuses for this channel. - type: array - items: - type: object - properties: - message: - description: A human readable message indicating details of Ready status. - type: string - observedGeneration: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - ready: - description: Status of the subscriber. - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - names: - kind: Channel - plural: channels - singular: channel - categories: - - all - - knative - - messaging - - channel - shortNames: - - ch - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing - name: containersources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'ContainerSource is an event source that starts a container image which generates events under certain situations and sends messages to a sink URI' - type: object - properties: - spec: - type: object - properties: - ceOverrides: - description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. - type: object - properties: - extensions: - description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. - type: object - x-kubernetes-preserve-unknown-fields: true - sink: - description: Sink is a reference to an object that will resolve to a uri to use as the sink. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - # WARNING: the schema tool can not parse PodTemplateSpec, stub here and redirect to Deployment documentation. - template: - type: object - x-kubernetes-preserve-unknown-fields: true - description: 'A template in the shape of `Deployment.spec.template` to be used for this ContainerSource. More info: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/' - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. - type: array - items: - type: object - properties: - source: - description: Source is the CloudEvents source attribute. - type: string - type: - description: Type refers to the CloudEvent type attribute. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - sinkUri: - description: SinkURI is the current active sink URI that has been configured for the Source. - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - categories: - - all - - knative - - sources - kind: ContainerSource - plural: containersources - singular: containersource - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: eventtypes.eventing.knative.dev - labels: - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -spec: - group: eventing.knative.dev - versions: - - name: v1beta1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - description: 'EventType represents a type of event that can be consumed from a Broker.' - properties: - spec: - description: 'Spec defines the desired state of the EventType.' - type: object - properties: - broker: - type: string - description: - description: 'Description is an optional field used to describe the EventType, in any meaningful way.' - type: string - schema: - description: 'Schema is a URI, it represents the CloudEvents schemaurl extension attribute. It may be a JSON schema, a protobuf schema, etc. It is optional.' - type: string - schemaData: - description: 'SchemaData allows the CloudEvents schema to be stored directly in the EventType. Content is dependent on the encoding. Optional attribute. The contents are not validated or manipulated by the system.' - type: string - source: - description: 'Source is a URI, it represents the CloudEvents source.' - type: string - type: - description: 'Type represents the CloudEvents type. It is authoritative.' - type: string - status: - description: 'Status represents the current state of the EventType. This data may be out of date.' - type: object - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - observedGeneration: - description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' - type: integer - format: int64 - additionalPrinterColumns: - - name: Type - type: string - jsonPath: ".spec.type" - - name: Source - type: string - jsonPath: ".spec.source" - - name: Schema - type: string - jsonPath: ".spec.schema" - - name: Broker - type: string - jsonPath: ".spec.broker" - - name: Description - type: string - jsonPath: ".spec.description" - # TODO remove Status https://github.com/knative/eventing/issues/2750 - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: EventType - plural: eventtypes - singular: eventtype - categories: - - all - - knative - - eventing - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: parallels.flows.knative.dev - labels: - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -spec: - group: flows.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Parallel defines conditional branches that will be wired in series through Channels and Subscriptions.' - type: object - properties: - spec: - description: Spec defines the desired state of the Parallel. - type: object - properties: - branches: - description: Branches is the list of Filter/Subscribers pairs. - type: array - items: - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - delivery: - description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: &addressableProperties - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - filter: - description: Filter is the expression guarding the branch - type: object - properties: - !!merge <<: *addressableProperties - reply: - description: Reply is a Reference to where the result of Subscriber of this case gets sent to. If not specified, sent the result to the Parallel Reply - type: object - properties: - !!merge <<: *addressableProperties - subscriber: - description: Subscriber receiving the event when the filter passes - type: object - properties: - !!merge <<: *addressableProperties - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - reply: - description: Reply is a Reference to where the result of a case Subscriber gets sent to when the case does not have a Reply - type: object - properties: - !!merge <<: *addressableProperties - status: - description: Status represents the current state of the Parallel. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - branchStatuses: - description: BranchStatuses is an array of corresponding to branch statuses. Matches the Spec.Branches array in the order. - type: array - items: - type: object - properties: - filterChannelStatus: - description: FilterChannelStatus corresponds to the filter channel status. - type: object - properties: &channelProperties - channel: - description: Channel is the reference to the underlying channel. - type: object - properties: &referentProperties - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - ready: - description: ReadyCondition indicates whether the Channel is ready or not. - type: object - x-kubernetes-preserve-unknown-fields: true - properties: &readyConditionProperties - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - filterSubscriptionStatus: - description: FilterSubscriptionStatus corresponds to the filter subscription status. - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - properties: - !!merge <<: *readyConditionProperties - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - !!merge <<: *referentProperties - subscriberSubscriptionStatus: - description: SubscriptionStatus corresponds to the subscriber subscription status. - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - properties: - !!merge <<: *readyConditionProperties - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - !!merge <<: *referentProperties - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - properties: - !!merge <<: *readyConditionProperties - ingressChannelStatus: - description: IngressChannelStatus corresponds to the ingress channel status. - type: object - properties: - !!merge <<: *channelProperties - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Parallel - plural: parallels - singular: parallel - categories: - - all - - knative - - flows - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing - annotations: - # TODO add schemas and descriptions - registry.knative.dev/eventTypes: | - [ - { "type": "dev.knative.sources.ping" } - ] - name: pingsources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - &version - name: v1beta2 - served: true - storage: false - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - description: 'PingSource describes an event source with a fixed payload produced on a specified cron schedule.' - properties: - spec: - type: object - description: 'PingSourceSpec defines the desired state of the PingSource (from the client).' - properties: - ceOverrides: - description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' - type: object - properties: - extensions: - description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' - type: object - additionalProperties: - type: string - x-kubernetes-preserve-unknown-fields: true - contentType: - description: 'ContentType is the media type of `data` or `dataBase64`. Default is empty.' - type: string - data: - description: 'Data is data used as the body of the event posted to the sink. Default is empty. Mutually exclusive with `dataBase64`.' - type: string - dataBase64: - description: "DataBase64 is the base64-encoded string of the actual event's body posted to the sink. Default is empty. Mutually exclusive with `data`." - type: string - schedule: - description: 'Schedule is the cron schedule. Defaults to `* * * * *`.' - type: string - sink: - description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' - type: object - properties: - ref: - description: 'Ref points to an Addressable.' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' - type: string - timezone: - description: 'Timezone modifies the actual time relative to the specified timezone. Defaults to the system time zone. More general information about time zones: https://www.iana.org/time-zones List of valid timezone values: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones' - type: string - status: - type: object - description: 'PingSourceStatus defines the observed state of PingSource (from the controller).' - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' - type: array - items: - type: object - properties: - source: - description: 'Source is the CloudEvents source attribute.' - type: string - type: - description: 'Type refers to the CloudEvent type attribute.' - type: string - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - observedGeneration: - description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' - type: integer - format: int64 - sinkUri: - description: 'SinkURI is the current active sink URI that has been configured for the Source.' - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: .status.sinkUri - - name: Schedule - type: string - jsonPath: .spec.schedule - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - !!merge <<: *version - name: v1 - served: true - storage: true - # v1 schema is identical to the v1beta2 schema - names: - categories: - - all - - knative - - sources - kind: PingSource - plural: pingsources - singular: pingsource - scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: sequences.flows.knative.dev - labels: - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -spec: - group: flows.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Sequence defines a sequence of Subscribers that will be wired in series through Channels and Subscriptions.' - type: object - properties: - spec: - description: Spec defines the desired state of the Sequence. - type: object - properties: - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - reply: - description: Reply is a Reference to where the result of the last Subscriber gets sent to. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - steps: - description: Steps is the list of Destinations (processors / functions) that will be called in the order provided. Each step has its own delivery options - type: array - items: - type: object - properties: - delivery: - description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - status: - description: Status represents the current state of the Sequence. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - channelStatuses: - description: ChannelStatuses is an array of corresponding Channel statuses. Matches the Spec.Steps array in the order. - type: array - items: - type: object - properties: - channel: - description: Channel is the reference to the underlying channel. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - ready: - description: ReadyCondition indicates whether the Channel is ready or not. - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscriptionStatuses: - description: SubscriptionStatuses is an array of corresponding Subscription statuses. Matches the Spec.Steps array in the order. - type: array - items: - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Sequence - plural: sequences - singular: sequence - categories: - - all - - knative - - flows - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - duck.knative.dev/binding: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing - name: sinkbindings.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'SinkBinding describes a Binding that is also a Source. The `sink` (from the Source duck) is resolved to a URL and then projected into the `subject` by augmenting the runtime contract of the referenced containers to have a `K_SINK` environment variable holding the endpoint to which to send cloud events.' - type: object - properties: - spec: - type: object - properties: - ceOverrides: - description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. - type: object - properties: - extensions: - description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. - type: object - x-kubernetes-preserve-unknown-fields: true - sink: - description: Sink is a reference to an object that will resolve to a uri to use as the sink. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - subject: - description: Subject references the resource(s) whose "runtime contract" should be augmented by Binding implementations. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: Kind of the referent. - type: string - name: - description: Name of the referent. Mutually exclusive with Selector. - type: string - namespace: - description: Namespace of the referent. - type: string - selector: - description: Selector of the referents. Mutually exclusive with Name. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - type: object - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. - type: array - items: - type: object - properties: - source: - description: Source is the CloudEvents source attribute. - type: string - type: - description: Type refers to the CloudEvent type attribute. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - sinkUri: - description: SinkURI is the current active sink URI that has been configured for the Source. - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - categories: - - all - - knative - - sources - - bindings - kind: SinkBinding - plural: sinkbindings - singular: sinkbinding - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: subscriptions.messaging.knative.dev - labels: - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -spec: - group: messaging.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Subscription routes events received on a Channel to a DNS name and corresponds to the subscriptions.channels.knative.dev CRD.' - type: object - properties: - spec: - type: object - properties: - channel: - description: 'Reference to a channel that will be used to create the subscription. You can specify only the following fields of the KReference: kind, apiVersion and name. The resource pointed by this KReference must meet the contract to the ChannelableSpec duck type. If the resource does not meet this contract it will be reflected in the Subscription''s status. This field is immutable. We have no good answer on what happens to the events that are currently in the channel being consumed from and what the semantics there should be. For now, you can always delete the Subscription and recreate it to point to a different channel, giving the user more control over what semantics should be used (drain the channel first, possibly have events dropped, etc.)' - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - delivery: - description: Delivery configuration - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - reply: - description: Reply specifies (optionally) how to handle events returned from the Subscriber target. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - subscriber: - description: Subscriber is reference to (optional) function for processing events. Events from the Channel will be delivered here and replies are sent to a Destination as specified by the Reply. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - physicalSubscription: - description: PhysicalSubscription is the fully resolved values that this Subscription represents. - type: object - properties: - deadLetterSinkUri: - description: ReplyURI is the fully resolved URI for the spec.delivery.deadLetterSink. - type: string - replyUri: - description: ReplyURI is the fully resolved URI for the spec.reply. - type: string - subscriberUri: - description: SubscriberURI is the fully resolved URI for spec.subscriber. - type: string - additionalPrinterColumns: - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Subscription - plural: subscriptions - singular: subscription - categories: - - all - - knative - - messaging - shortNames: - - sub - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: triggers.eventing.knative.dev - labels: - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -spec: - group: eventing.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Broker - type: string - jsonPath: .spec.broker - - name: Subscriber_URI - type: string - jsonPath: .status.subscriberUri - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - schema: - openAPIV3Schema: - description: 'Trigger represents a request to have events delivered to a subscriber from a Broker''s event pool.' - type: object - properties: - spec: - description: Spec defines the desired state of the Trigger. - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - broker: - description: Broker is the broker that this trigger receives events from. - type: string - delivery: - description: Delivery contains the delivery spec for this specific trigger. - type: object - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - filter: - description: 'Filter is the filter to apply against all events from the Broker. Only events that pass this filter will be sent to the Subscriber. If not specified, will default to allowing all events. ' - type: object - properties: - attributes: - description: 'Attributes filters events by exact match on event context attributes. Each key in the map is compared with the equivalent key in the event context. An event passes the filter if all values are equal to the specified values. Nested context attributes are not supported as keys. Only string values are supported. ' - type: object - x-kubernetes-preserve-unknown-fields: true - subscriber: - description: Subscriber is the addressable that receives events from the Broker that pass the Filter. It is required. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - status: - description: Status represents the current state of the Trigger. This data may be out of date. - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter sink for this Trigger, in case there is none this will fallback to it's Broker status DeadLetterSinkURI. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscriberUri: - description: SubscriberURI is the resolved URI of the receiver for this Trigger. - type: string - names: - kind: Trigger - plural: triggers - singular: trigger - categories: - - all - - knative - - eventing - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Use this aggregated ClusterRole when you need readonly access to "Addressables" -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: addressable-resolver - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -aggregationRule: - clusterRoleSelectors: - - matchLabels: - duck.knative.dev/addressable: "true" -rules: [] # Rules are automatically filled in by the controller manager. ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: service-addressable-resolver - labels: - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: serving-addressable-resolver - labels: - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - serving.knative.dev - resources: - - routes - - routes/status - - services - - services/status - verbs: - - get - - list - - watch ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: channel-addressable-resolver - labels: - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - messaging.knative.dev - resources: - - channels - - channels/status - verbs: - - get - - list - - watch - - apiGroups: - - messaging.knative.dev - resources: - - channels/finalizers - verbs: - - update ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: broker-addressable-resolver - labels: - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - eventing.knative.dev - resources: - - brokers - - brokers/status - verbs: - - get - - list - - watch ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: flows-addressable-resolver - labels: - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - flows.knative.dev - resources: - - sequences - - sequences/status - - parallels - - parallels/status - verbs: - - get - - list - - watch - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: eventing-broker-filter - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - "get" - - "list" - - "watch" - - apiGroups: - - "eventing.knative.dev" - resources: - - "triggers" - - "triggers/status" - verbs: - - "get" - - "list" - - "watch" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: eventing-broker-ingress - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - "get" - - "list" - - "watch" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: eventing-config-reader - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - "get" - - "list" - - "watch" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Use this aggregated ClusterRole when you need read and update permissions on "Channelables". -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: channelable-manipulator - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -aggregationRule: - clusterRoleSelectors: - - matchLabels: - duck.knative.dev/channelable: "true" -rules: [] # Rules are automatically filled in by the controller manager. ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: meta-channelable-manipulator - labels: - duck.knative.dev/channelable: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "channelable-manipulator" role. -rules: - - apiGroups: - - messaging.knative.dev - resources: - - channels - - channels/status - verbs: - - create - - get - - list - - watch - - update - - patch - - delete - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-eventing-namespaced-admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["eventing.knative.dev"] - resources: ["*"] - verbs: ["*"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-messaging-namespaced-admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["messaging.knative.dev"] - resources: ["*"] - verbs: ["*"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-flows-namespaced-admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["flows.knative.dev"] - resources: ["*"] - verbs: ["*"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-sources-namespaced-admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["sources.knative.dev"] - resources: ["*"] - verbs: ["*"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-bindings-namespaced-admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["bindings.knative.dev"] - resources: ["*"] - verbs: ["*"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-eventing-namespaced-edit - labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev"] - resources: ["*"] - verbs: ["create", "update", "patch", "delete"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-eventing-namespaced-view - labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev"] - resources: ["*"] - verbs: ["get", "list", "watch"] - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-controller - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - "" - resources: - - "namespaces" - - "secrets" - - "configmaps" - - "services" - - "endpoints" - - "events" - - "serviceaccounts" - - "pods" - verbs: &everything - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" - # Brokers and the namespace annotation controllers manipulate Deployments. - - apiGroups: - - "apps" - resources: - - "deployments" - verbs: *everything - # PingSource controller manipulates Deployment owner reference - - apiGroups: - - "apps" - resources: - - "deployments/finalizers" - verbs: - - "update" - # The namespace annotation controller needs to manipulate RoleBindings. - - apiGroups: - - "rbac.authorization.k8s.io" - resources: - - "rolebindings" - verbs: *everything - # Our own resources and statuses we care about. - - apiGroups: - - "eventing.knative.dev" - resources: - - "brokers" - - "brokers/status" - - "triggers" - - "triggers/status" - - "eventtypes" - - "eventtypes/status" - verbs: *everything - # Eventing resources and finalizers we care about. - - apiGroups: - - "eventing.knative.dev" - resources: - - "brokers/finalizers" - - "triggers/finalizers" - verbs: - - "update" - # Our own resources and statuses we care about. - - apiGroups: - - "messaging.knative.dev" - resources: - - "sequences" - - "sequences/status" - - "channels" - - "channels/status" - - "parallels" - - "parallels/status" - - "subscriptions" - - "subscriptions/status" - verbs: *everything - # Flow resources and statuses we care about. - - apiGroups: - - "flows.knative.dev" - resources: - - "sequences" - - "sequences/status" - - "parallels" - - "parallels/status" - verbs: *everything - # Messaging resources and finalizers we care about. - - apiGroups: - - "messaging.knative.dev" - resources: - - "sequences/finalizers" - - "parallels/finalizers" - - "channels/finalizers" - verbs: - - "update" - # Flows resources and finalizers we care about. - - apiGroups: - - "flows.knative.dev" - resources: - - "sequences/finalizers" - - "parallels/finalizers" - verbs: - - "update" - # The subscription controller needs to retrieve and watch CustomResourceDefinitions. - - apiGroups: - - "apiextensions.k8s.io" - resources: - - "customresourcedefinitions" - verbs: - - "get" - - "list" - - "watch" - # For leader election - - apiGroups: - - "coordination.k8s.io" - resources: - - "leases" - verbs: *everything - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-pingsource-mt-adapter - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - "get" - - "list" - - "watch" - - apiGroups: - - sources.knative.dev - resources: - - pingsources - - pingsources/status - verbs: - - get - - list - - watch - - patch - - apiGroups: - - sources.knative.dev - resources: - - pingsources/finalizers - verbs: - - "patch" - - apiGroups: - - "" - resources: - - events - verbs: - - "create" - - "patch" - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Use this aggregated ClusterRole when you need readonly access to "PodSpecables" -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: podspecable-binding - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -aggregationRule: - clusterRoleSelectors: - - matchLabels: - duck.knative.dev/podspecable: "true" -rules: [] # Rules are automatically filled in by the controller manager. ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: builtin-podspecable-binding - labels: - duck.knative.dev/podspecable: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "podspecable-binding role. -rules: - # To patch the subjects of our bindings - - apiGroups: - - "apps" - resources: - - "deployments" - - "daemonsets" - - "statefulsets" - - "replicasets" - verbs: - - "list" - - "watch" - - "patch" - - apiGroups: - - "batch" - resources: - - "jobs" - verbs: - - "list" - - "watch" - - "patch" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Use this aggregated ClusterRole when you need to read "Sources". -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: source-observer - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -aggregationRule: - clusterRoleSelectors: - - matchLabels: - duck.knative.dev/source: "true" -rules: [] # Rules are automatically filled in by the controller manager. ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: eventing-sources-source-observer - labels: - duck.knative.dev/source: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "source-observer" role. -rules: - - apiGroups: - - sources.knative.dev - resources: - - apiserversources - - pingsources - - sinkbindings - - containersources - verbs: - - get - - list - - watch - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-sources-controller - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - "" - resources: - - "secrets" - - "configmaps" - - "services" - verbs: &everything - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" - # Deployments admin - - apiGroups: - - "apps" - resources: - - "deployments" - verbs: *everything - # Source resources and statuses we care about. - - apiGroups: - - "sources.knative.dev" - resources: - - "sinkbindings" - - "sinkbindings/status" - - "sinkbindings/finalizers" - - "apiserversources" - - "apiserversources/status" - - "apiserversources/finalizers" - - "pingsources" - - "pingsources/status" - - "pingsources/finalizers" - - "containersources" - - "containersources/status" - - "containersources/finalizers" - verbs: *everything - # Knative Services admin - - apiGroups: - - serving.knative.dev - resources: - - services - verbs: *everything - # EventTypes admin - - apiGroups: - - eventing.knative.dev - resources: - - eventtypes - verbs: *everything - # Events admin - - apiGroups: - - "" - resources: - - events - verbs: *everything - # Authorization checker - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-webhook - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -rules: - # For watching logging configuration and getting certs. - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - "get" - - "list" - - "watch" - # For manipulating certs into secrets. - - apiGroups: - - "" - resources: - - "namespaces" - verbs: - - "get" - - "create" - - "update" - - "list" - - "watch" - - "patch" - # finalizers are needed for the owner reference of the webhook - - apiGroups: - - "" - resources: - - "namespaces/finalizers" - verbs: - - "update" - # For getting our Deployment so we can decorate with ownerref. - - apiGroups: - - "apps" - resources: - - "deployments" - verbs: - - "get" - - apiGroups: - - "apps" - resources: - - "deployments/finalizers" - verbs: - - update - # For actually registering our webhook. - - apiGroups: - - "admissionregistration.k8s.io" - resources: - - "mutatingwebhookconfigurations" - - "validatingwebhookconfigurations" - verbs: &everything - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" - # For running the SinkBinding reconciler. - - apiGroups: - - "sources.knative.dev" - resources: - - "sinkbindings" - - "sinkbindings/status" - - "sinkbindings/finalizers" - verbs: *everything - # For leader election - - apiGroups: - - "coordination.k8s.io" - resources: - - "leases" - verbs: *everything - # For creating events - - apiGroups: - - "" - - "events.k8s.io" - resources: - - "events" - verbs: - - "get" - - "list" - - "create" - - "patch" - # Necessary for conversion webhook. These are copied from the serving - # TODO: Do we really need all these permissions? - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: knative-eventing - name: knative-eventing-webhook - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -rules: - # For manipulating certs into secrets. - - apiGroups: - - "" - resources: - - "secrets" - verbs: - - "get" - - "create" - - "update" - - "list" - - "watch" - - "patch" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: config.webhook.eventing.knative.dev - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing - sideEffects: None - failurePolicy: Ignore - name: config.webhook.eventing.knative.dev - namespaceSelector: - matchExpressions: - timeoutSeconds: 10 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: webhook.eventing.knative.dev - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing - sideEffects: None - failurePolicy: Fail - name: webhook.eventing.knative.dev - timeoutSeconds: 10 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validation.webhook.eventing.knative.dev - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing - sideEffects: None - failurePolicy: Fail - name: validation.webhook.eventing.knative.dev - timeoutSeconds: 10 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: eventing-webhook-certs - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -# The data is populated at install time. - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: sinkbindings.webhook.sources.knative.dev - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing - failurePolicy: Fail - sideEffects: None - name: sinkbindings.webhook.sources.knative.dev - timeoutSeconds: 10 - ---- diff --git a/cmd/operator/kodata/knative-eventing/1.10.1/3-eventing-tls-networking.yaml b/cmd/operator/kodata/knative-eventing/1.10.1/3-eventing-tls-networking.yaml deleted file mode 100644 index f6dfe17d57..0000000000 --- a/cmd/operator/kodata/knative-eventing/1.10.1/3-eventing-tls-networking.yaml +++ /dev/null @@ -1,99 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: selfsigned-issuer - namespace: knative-eventing -spec: - selfSigned: {} - ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: imc-dispatcher-server-tls - namespace: knative-eventing -spec: - # Secret names are always required. - secretName: imc-dispatcher-server-tls - secretTemplate: - labels: - app.kubernetes.io/component: imc-dispatcher - app.kubernetes.io/name: knative-eventing - duration: 2160h # 90d - renewBefore: 360h # 15d - subject: - organizations: - - local - isCA: false - privateKey: - algorithm: RSA - encoding: PKCS1 - size: 2048 - dnsNames: - - imc-dispatcher.knative-eventing.svc.cluster.local - issuerRef: - name: selfsigned-issuer - kind: Issuer - group: cert-manager.io - ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: mt-broker-filter-server-tls - namespace: knative-eventing -spec: - # Secret names are always required. - secretName: mt-broker-filter-server-tls - secretTemplate: - labels: - app.kubernetes.io/component: broker-filter - app.kubernetes.io/name: knative-eventing - duration: 2160h # 90d - renewBefore: 360h # 15d - subject: - organizations: - - local - isCA: false - privateKey: - algorithm: RSA - encoding: PKCS1 - size: 2048 - dnsNames: - - broker-filter.knative-eventing.svc.cluster.local - issuerRef: - name: selfsigned-issuer - kind: Issuer - group: cert-manager.io - ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: mt-broker-ingress-server-tls - namespace: knative-eventing -spec: - # Secret names are always required. - secretName: mt-broker-ingress-server-tls - secretTemplate: - labels: - app.kubernetes.io/component: broker-ingress - app.kubernetes.io/name: knative-eventing - duration: 2160h # 90d - renewBefore: 360h # 15d - subject: - organizations: - - local - isCA: false - privateKey: - algorithm: RSA - encoding: PKCS1 - size: 2048 - dnsNames: - - broker-ingress.knative-eventing.svc.cluster.local - issuerRef: - name: selfsigned-issuer - kind: Issuer - group: cert-manager.io - ---- diff --git a/cmd/operator/kodata/knative-eventing/1.10.1/4-in-memory-channel.yaml b/cmd/operator/kodata/knative-eventing/1.10.1/4-in-memory-channel.yaml deleted file mode 100644 index 04c012eb8c..0000000000 --- a/cmd/operator/kodata/knative-eventing/1.10.1/4-in-memory-channel.yaml +++ /dev/null @@ -1,1193 +0,0 @@ -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: imc-controller - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: imc-controller - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: imc-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: imc-controller - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - namespace: knative-eventing - name: imc-controller - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: imc-controller - namespace: knative-eventing -roleRef: - kind: Role - name: knative-inmemorychannel-webhook - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: imc-controller-resolver - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: imc-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: addressable-resolver - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: imc-dispatcher - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: imc-dispatcher - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: imc-dispatcher - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: imc-dispatcher - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-imc-event-dispatcher - namespace: knative-eventing - labels: - app.kubernetes.io/component: imc-controller - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -data: - MaxIdleConnections: "1000" - MaxIdleConnectionsPerHost: "100" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-observability - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing - annotations: - knative.dev/example-checksum: "f46cf09d" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # metrics.backend-destination field specifies the system metrics destination. - # It supports either prometheus (the default) or stackdriver. - # Note: Using stackdriver will incur additional charges - metrics.backend-destination: prometheus - - # metrics.request-metrics-backend-destination specifies the request metrics - # destination. If non-empty, it enables queue proxy to send request metrics. - # Currently supported values: prometheus, stackdriver. - metrics.request-metrics-backend-destination: prometheus - - # metrics.stackdriver-project-id field specifies the stackdriver project ID. This - # field is optional. When running on GCE, application default credentials will be - # used if this field is not provided. - metrics.stackdriver-project-id: "" - - # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to - # Stackdriver using "global" resource type and custom metric type if the - # metrics are not supported by "knative_broker", "knative_trigger", and "knative_source" resource types. - # Setting this flag to "true" could cause extra Stackdriver charge. - # If metrics.backend-destination is not Stackdriver, this is ignored. - metrics.allow-stackdriver-custom-metrics: "false" - - # profiling.enable indicates whether it is allowed to retrieve runtime profiling data from - # the pods via an HTTP server in the format expected by the pprof visualization tool. When - # enabled, the Knative Eventing pods expose the profiling data on an alternate HTTP port 8008. - # The HTTP context root for profiling is then /debug/pprof/. - profiling.enable: "false" - - # sink-event-error-reporting.enable whether the adapter reports a kube event to the CRD indicating - # a failure to send a cloud event to the sink. - sink-event-error-reporting.enable: "false" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-tracing - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing - annotations: - knative.dev/example-checksum: "0492ceb0" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - # - # This may be "zipkin" or "none". the default is "none" - backend: "none" - - # URL to zipkin collector where traces are sent. - # This must be specified when backend is "zipkin" - zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans" - - # Enable zipkin debug mode. This allows all spans to be sent to the server - # bypassing sampling. - debug: "false" - - # Percentage (0-1) of requests to trace - sample-rate: "0.1" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: imc-controller - namespace: knative-eventing - labels: - knative.dev/high-availability: "true" - app.kubernetes.io/component: imc-controller - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: &labels - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: controller - template: - metadata: - labels: - !!merge <<: *labels - app.kubernetes.io/component: imc-controller - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: *labels - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: imc-controller - enableServiceLinks: false - containers: - - name: controller - image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_controller@sha256:e004174a896811aec46520b1f2857f1973762389426bb0e0fc5d2332d5e36c7a - env: - - name: WEBHOOK_NAME - value: inmemorychannel-webhook - - name: WEBHOOK_PORT - value: "8443" - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/inmemorychannel-controller - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: DISPATCHER_IMAGE - value: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:521234b4cff9d3cd32f8264cd7c830caa06f9982637b4866e983591fa1abc418 - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: https-webhook - containerPort: 8443 - readinessProbe: &probe - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - livenessProbe: - !!merge <<: *probe - initialDelaySeconds: 120 - # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently - # high value that we respect whatever value it has configured for the lame duck grace period. - terminationGracePeriodSeconds: 300 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: imc-controller - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing - name: inmemorychannel-webhook - namespace: knative-eventing -spec: - ports: - - name: https-webhook - port: 443 - targetPort: 8443 - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - selector: - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: controller - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: imc-dispatcher - namespace: knative-eventing - labels: - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: dispatcher - app.kubernetes.io/component: imc-dispatcher - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -spec: - selector: - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: dispatcher - ports: - - name: http-dispatcher - port: 80 - protocol: TCP - targetPort: 8080 - - name: http-metrics - port: 9090 - targetPort: 9090 - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: imc-dispatcher - namespace: knative-eventing - labels: - knative.dev/high-availability: "true" - app.kubernetes.io/component: imc-dispatcher - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: &labels - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: dispatcher - template: - metadata: - labels: - !!merge <<: *labels - app.kubernetes.io/component: imc-dispatcher - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: *labels - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: imc-dispatcher - enableServiceLinks: false - containers: - - name: dispatcher - image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:521234b4cff9d3cd32f8264cd7c830caa06f9982637b4866e983591fa1abc418 - readinessProbe: &probe - failureThreshold: 3 - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 - livenessProbe: - !!merge <<: *probe - initialDelaySeconds: 5 - env: - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/inmemorychannel-dispatcher - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: CONTAINER_NAME - value: dispatcher - - name: MAX_IDLE_CONNS - value: "1000" - - name: MAX_IDLE_CONNS_PER_HOST - value: "1000" - ports: - - containerPort: 8080 - name: http - protocol: TCP - - containerPort: 9090 - name: metrics - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: inmemorychannels.messaging.knative.dev - labels: - knative.dev/crd-install: "true" - messaging.knative.dev/subscribable: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -spec: - group: messaging.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'InMemoryChannel is a resource representing an in memory channel' - type: object - properties: - spec: - description: Spec defines the desired state of the Channel. - type: object - properties: - delivery: - description: DeliverySpec contains the default delivery spec for each subscription to this Channelable. Each subscription delivery spec, if any, overrides this global delivery spec. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - subscribers: - description: This is the list of subscriptions for this subscribable. - type: array - items: - type: object - properties: - delivery: - description: DeliverySpec contains options controlling the event delivery - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - generation: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - replyUri: - description: ReplyURI is the endpoint for the reply - type: string - subscriberUri: - description: SubscriberURI is the endpoint for the subscriber - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - status: - description: Status represents the current state of the Channel. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - deadLetterChannel: - description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter ref if one is specified in the Spec.Delivery. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscribers: - description: This is the list of subscription's statuses for this channel. - type: array - items: - type: object - properties: - message: - description: A human readable message indicating details of Ready status. - type: string - observedGeneration: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - ready: - description: Status of the subscriber. - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: InMemoryChannel - plural: inmemorychannels - singular: inmemorychannel - categories: - - all - - knative - - messaging - - channel - shortNames: - - imc - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: imc-addressable-resolver - labels: - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels - - inmemorychannels/status - verbs: - - get - - list - - watch - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: imc-channelable-manipulator - labels: - duck.knative.dev/channelable: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "channelable-manipulator" role. -rules: - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels - - inmemorychannels/status - verbs: - - create - - get - - list - - watch - - update - - patch - - delete - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: imc-controller - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels - - inmemorychannels/status - verbs: - - get - - list - - watch - - update - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels/finalizers - verbs: - - update - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels/finalizers - - inmemorychannels/status - - inmemorychannels - verbs: - - patch - - apiGroups: - - "" - resources: - - services - - serviceaccounts - verbs: &everything - - get - - list - - watch - - create - - update - - patch - - apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - "rbac.authorization.k8s.io" - resources: - - rolebindings - verbs: *everything - - apiGroups: - - apps - resources: - - deployments - verbs: *everything - - apiGroups: - - apps - resources: - - deployments/status - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: *everything - # For actually registering our webhook. - - apiGroups: - - "admissionregistration.k8s.io" - resources: - - "mutatingwebhookconfigurations" - - "validatingwebhookconfigurations" - verbs: &everything - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" - # For manipulating certs into secrets. - - apiGroups: - - "" - resources: - - "namespaces" - verbs: - - "get" - - "create" - - "update" - - "list" - - "watch" - - "patch" - # finalizers are needed for the owner reference of the webhook - - apiGroups: - - "" - resources: - - "namespaces/finalizers" - verbs: - - "update" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: imc-dispatcher - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels - - inmemorychannels/status - verbs: - - get - - list - - watch - - apiGroups: - - "" # Core API group. - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - # Updates the finalizer so we can remove our handlers when channel is deleted - # Patches the status.subscribers to reflect when the subscription dataplane has been - # configured. - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels/finalizers - - inmemorychannels/status - - inmemorychannels - verbs: - - patch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: knative-eventing - name: knative-inmemorychannel-webhook - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -rules: - # For manipulating certs into secrets. - - apiGroups: - - "" - resources: - - "secrets" - verbs: - - "get" - - "create" - - "update" - - "list" - - "watch" - - "patch" - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: inmemorychannel.eventing.knative.dev - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -webhooks: - - admissionReviewVersions: ["v1"] - clientConfig: - service: - name: inmemorychannel-webhook - namespace: knative-eventing - sideEffects: None - failurePolicy: Fail - name: inmemorychannel.eventing.knative.dev - timeoutSeconds: 10 - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validation.inmemorychannel.eventing.knative.dev - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -webhooks: - - admissionReviewVersions: ["v1"] - clientConfig: - service: - name: inmemorychannel-webhook - namespace: knative-eventing - sideEffects: None - failurePolicy: Fail - name: validation.inmemorychannel.eventing.knative.dev - timeoutSeconds: 10 - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: inmemorychannel-webhook-certs - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -# The data is populated at install time. - ---- diff --git a/cmd/operator/kodata/knative-eventing/1.10.1/6-eventing-post-install.yaml b/cmd/operator/kodata/knative-eventing/1.10.1/6-eventing-post-install.yaml deleted file mode 100644 index 5b0ce416f4..0000000000 --- a/cmd/operator/kodata/knative-eventing/1.10.1/6-eventing-post-install.yaml +++ /dev/null @@ -1,226 +0,0 @@ -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-post-install-job-role - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -rules: - # Storage version upgrader needs to be able to patch CRDs. - - apiGroups: - - "apiextensions.k8s.io" - resources: - - "customresourcedefinitions" - - "customresourcedefinitions/status" - verbs: - - "get" - - "list" - - "update" - - "patch" - - "watch" - # Our own resources we care about. - - apiGroups: - - "sources.knative.dev" - resources: - - "apiserversources" - - "apiserversources/finalizers" - - "apiserversources/status" - - "containersources" - - "containersources/finalizers" - - "containersources/status" - - "pingsources" - - "pingsources/finalizers" - - "pingsources/status" - - "sinkbindings" - - "sinkbindings/finalizers" - - "sinkbindings/status" - verbs: - - "get" - - "list" - - "create" - - "update" - - "patch" - - "watch" - - apiGroups: - - "eventing.knative.dev" - resources: - - "brokers" - - "brokers/finalizers" - - "brokers/status" - - "eventtypes" - - "eventtypes/finalizers" - - "eventtypes/status" - - "triggers" - - "triggers/finalizers" - - "triggers/status" - verbs: - - "get" - - "list" - - "create" - - "update" - - "patch" - - "watch" - - apiGroups: - - "messaging.knative.dev" - resources: - - "channels" - - "channels/finalizers" - - "channels/status" - - "inmemorychannels" - - "inmemorychannels/finalizers" - - "inmemorychannels/status" - - "subscriptions" - - "subscriptions/finalizers" - - "subscriptions/status" - verbs: - - "get" - - "list" - - "create" - - "update" - - "patch" - - "watch" - - apiGroups: - - "flows.knative.dev" - resources: - - "parallels" - - "parallels/finalizers" - - "parallels/status" - - "sequences" - - "sequences/finalizers" - - "sequences/status" - verbs: - - "get" - - "list" - - "create" - - "update" - - "patch" - - "watch" - - apiGroups: - - "" - resources: - - "namespaces" - verbs: - - "get" - - "list" - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: knative-eventing-post-install-job - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-eventing-post-install-job-role-binding - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: knative-eventing-post-install-job - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-post-install-job-role - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: batch/v1 -kind: Job -metadata: - generateName: storage-version-migration-eventing- - namespace: knative-eventing - labels: - app: "storage-version-migration-eventing" - app.kubernetes.io/name: knative-eventing - app.kubernetes.io/component: storage-version-migration-job - app.kubernetes.io/version: "1.10.1" -spec: - ttlSecondsAfterFinished: 600 - backoffLimit: 10 - template: - metadata: - labels: - app: "storage-version-migration-eventing" - app.kubernetes.io/name: knative-eventing - app.kubernetes.io/component: storage-version-migration-job - app.kubernetes.io/version: "1.10.1" - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: knative-eventing-post-install-job - restartPolicy: OnFailure - containers: - - name: migrate - image: gcr.io/knative-releases/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:56780f69e6496bb4790b0c147deb652a2b020ff81e08d58cc58a61cd649b1121 - args: - - "apiserversources.sources.knative.dev" - - "brokers.eventing.knative.dev" - - "channels.messaging.knative.dev" - - "containersources.sources.knative.dev" - - "eventtypes.eventing.knative.dev" - - "inmemorychannels.messaging.knative.dev" - - "parallels.flows.knative.dev" - - "pingsources.sources.knative.dev" - - "sequences.flows.knative.dev" - - "sinkbindings.sources.knative.dev" - - "subscriptions.messaging.knative.dev" - - "triggers.eventing.knative.dev" - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ---- diff --git a/cmd/operator/kodata/knative-eventing/1.10.2/2-eventing-core.yaml b/cmd/operator/kodata/knative-eventing/1.10.2/2-eventing-core.yaml deleted file mode 100644 index e7a79d66b1..0000000000 --- a/cmd/operator/kodata/knative-eventing/1.10.2/2-eventing-core.yaml +++ /dev/null @@ -1,4606 +0,0 @@ -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: Namespace -metadata: - name: knative-eventing - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: eventing-controller - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-controller - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-controller - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-controller-resolver - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: addressable-resolver - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-controller-source-observer - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: source-observer - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-controller-sources-controller - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-sources-controller - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-controller-manipulator - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: channelable-manipulator - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: pingsource-mt-adapter - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-eventing-pingsource-mt-adapter - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: pingsource-mt-adapter - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-pingsource-mt-adapter - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: eventing-webhook - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-webhook - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-webhook - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-webhook - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - namespace: knative-eventing - name: eventing-webhook - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-webhook - namespace: knative-eventing -roleRef: - kind: Role - name: knative-eventing-webhook - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-webhook-resolver - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-webhook - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: addressable-resolver - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-webhook-podspecable-binding - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-webhook - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: podspecable-binding - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-br-default-channel - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -data: - channel-template-spec: | - apiVersion: messaging.knative.dev/v1 - kind: InMemoryChannel - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-br-defaults - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -data: - # Configures the default for any Broker that does not specify a spec.config or Broker class. - default-br-config: | - clusterDefault: - brokerClass: MTChannelBasedBroker - apiVersion: v1 - kind: ConfigMap - name: config-br-default-channel - namespace: knative-eventing - delivery: - retry: 10 - backoffPolicy: exponential - backoffDelay: PT0.2S - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: default-ch-webhook - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -data: - # Configuration for defaulting channels that do not specify CRD implementations. - default-ch-config: | - clusterDefault: - apiVersion: messaging.knative.dev/v1 - kind: InMemoryChannel - namespaceDefaults: - some-namespace: - apiVersion: messaging.knative.dev/v1 - kind: InMemoryChannel - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-ping-defaults - namespace: knative-eventing - labels: - annotations: - knative.dev/example-checksum: "9185c153" - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # Max number of bytes allowed to be sent for message excluding any - # base64 decoding. Default is no limit set for data - data-max-size: -1 - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-features - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -data: - # ALPHA feature: The kreference-group allows you to use the Group field in KReferences. - # For more details: https://github.com/knative/eventing/issues/5086 - kreference-group: "disabled" - # ALPHA feature: The delivery-retryafter allows you to use the RetryAfter field in DeliverySpec. - # For more details: https://github.com/knative/eventing/issues/5811 - delivery-retryafter: "disabled" - # BETA feature: The delivery-timeout allows you to use the Timeout field in DeliverySpec. - # For more details: https://github.com/knative/eventing/issues/5148 - delivery-timeout: "enabled" - # ALPHA feature: The kreference-mapping allows you to map kreference onto templated URI - # For more details: https://github.com/knative/eventing/issues/5593 - kreference-mapping: "disabled" - # ALPHA feature: The new-trigger-filters flag allows you to use the new `filters` field - # in Trigger objects with its rich filtering capabilities. - # For more details: https://github.com/knative/eventing/issues/5204 - new-trigger-filters: "disabled" - # ALPHA feature: The transport-encryption flag allows you to encrypt events in transit using the transport layer security (TLS) protocol. - # For more details: https://github.com/knative/eventing/issues/5957 - transport-encryption: "disabled" - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-kreference-mapping - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - annotations: - knative.dev/example-checksum: "7375dbe1" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - - # this is an example of mapping from pod to addressable-pod service - # the data key must be of the form "kind.version.group" - # the data value must be a valid URL. Valid template data are: - # - Name: reference name - # - Namespace: reference namespace - # - SystemNamespace: knative namespace - # - UID: reference UID - # - # Pod.v1: https://addressable-pod.{{ .SystemNamespace }}.svc.cluster.local/{{ .Name }} - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-leader-election - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing - annotations: - knative.dev/example-checksum: "f7948630" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # lease-duration is how long non-leaders will wait to try to acquire the - # lock; 15 seconds is the value used by core kubernetes controllers. - lease-duration: "15s" - - # renew-deadline is how long a leader will try to renew the lease before - # giving up; 10 seconds is the value used by core kubernetes controllers. - renew-deadline: "10s" - - # retry-period is how long the leader election client waits between tries of - # actions; 2 seconds is the value used by core kubernetes controllers. - retry-period: "2s" - - # buckets is the number of buckets used to partition key space of each - # Reconciler. If this number is M and the replica number of the controller - # is N, the N replicas will compete for the M buckets. The owner of a - # bucket will take care of the reconciling for the keys partitioned into - # that bucket. - buckets: "1" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-logging - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -data: - # Common configuration for all Knative codebase - zap-logger-config: | - { - "level": "info", - "development": false, - "outputPaths": ["stdout"], - "errorOutputPaths": ["stderr"], - "encoding": "json", - "encoderConfig": { - "timeKey": "ts", - "levelKey": "level", - "nameKey": "logger", - "callerKey": "caller", - "messageKey": "msg", - "stacktraceKey": "stacktrace", - "lineEnding": "", - "levelEncoder": "", - "timeEncoder": "iso8601", - "durationEncoder": "", - "callerEncoder": "" - } - } - # Log level overrides - # For all components changes are be picked up immediately. - loglevel.controller: "info" - loglevel.webhook: "info" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-observability - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing - annotations: - knative.dev/example-checksum: "f46cf09d" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # metrics.backend-destination field specifies the system metrics destination. - # It supports either prometheus (the default) or stackdriver. - # Note: Using stackdriver will incur additional charges - metrics.backend-destination: prometheus - - # metrics.request-metrics-backend-destination specifies the request metrics - # destination. If non-empty, it enables queue proxy to send request metrics. - # Currently supported values: prometheus, stackdriver. - metrics.request-metrics-backend-destination: prometheus - - # metrics.stackdriver-project-id field specifies the stackdriver project ID. This - # field is optional. When running on GCE, application default credentials will be - # used if this field is not provided. - metrics.stackdriver-project-id: "" - - # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to - # Stackdriver using "global" resource type and custom metric type if the - # metrics are not supported by "knative_broker", "knative_trigger", and "knative_source" resource types. - # Setting this flag to "true" could cause extra Stackdriver charge. - # If metrics.backend-destination is not Stackdriver, this is ignored. - metrics.allow-stackdriver-custom-metrics: "false" - - # profiling.enable indicates whether it is allowed to retrieve runtime profiling data from - # the pods via an HTTP server in the format expected by the pprof visualization tool. When - # enabled, the Knative Eventing pods expose the profiling data on an alternate HTTP port 8008. - # The HTTP context root for profiling is then /debug/pprof/. - profiling.enable: "false" - - # sink-event-error-reporting.enable whether the adapter reports a kube event to the CRD indicating - # a failure to send a cloud event to the sink. - sink-event-error-reporting.enable: "false" - ---- -# Copyright 2022 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-sugar - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing - annotations: - knative.dev/example-checksum: "62dfac6f" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # namespace-selector specifies a LabelSelector which - # determines which namespaces the Sugar Controller should operate upon - # Use an empty value to disable the feature (this is the default): - namespace-selector: "" - - # Use an empty object as a string to enable for all namespaces - namespace-selector: "{}" - - # trigger-selector specifies a LabelSelector which - # determines which triggers the Sugar Controller should operate upon - # Use an empty value to disable the feature (this is the default): - trigger-selector: "" - - # Use an empty object as string to enable for all triggers - trigger-selector: "{}" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-tracing - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing - annotations: - knative.dev/example-checksum: "0492ceb0" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - # - # This may be "zipkin" or "none". the default is "none" - backend: "none" - - # URL to zipkin collector where traces are sent. - # This must be specified when backend is "zipkin" - zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans" - - # Enable zipkin debug mode. This allows all spans to be sent to the server - # bypassing sampling. - debug: "false" - - # Percentage (0-1) of requests to trace - sample-rate: "0.1" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: eventing-controller - namespace: knative-eventing - labels: - knative.dev/high-availability: "true" - app.kubernetes.io/component: eventing-controller - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: - app: eventing-controller - template: - metadata: - labels: - app: eventing-controller - app.kubernetes.io/component: eventing-controller - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: eventing-controller - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: eventing-controller - enableServiceLinks: false - containers: - - name: eventing-controller - terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing/cmd/controller@sha256:e71a7001fa94023e3783084d0c1dac0346f91b1400f4f0ad122632307439fc8f - resources: - requests: - cpu: 100m - memory: 100Mi - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/eventing - # APIServerSource - - name: APISERVER_RA_IMAGE - value: gcr.io/knative-releases/knative.dev/eventing/cmd/apiserver_receive_adapter@sha256:fd8af0453c2c65734fefd4fd3643ebd2288ad2afb9bf93782fbcd952bcd5a86d - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - ## Adapter settings - # - name: K_LOGGING_CONFIG - # value: '' - # - name: K_LEADER_ELECTION_CONFIG - # value: '' - # - name: K_NO_SHUTDOWN_AFTER - # value: '' - ## Time in seconds the adapter will wait for the sink to respond. Default is no timeout - # - name: K_SINK_TIMEOUT - # value: '' - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - livenessProbe: - httpGet: - path: /health - port: probes - scheme: HTTP - initialDelaySeconds: 20 - periodSeconds: 10 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /readiness - port: probes - scheme: HTTP - initialDelaySeconds: 20 - periodSeconds: 10 - timeoutSeconds: 5 - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: probes - containerPort: 8080 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: pingsource-mt-adapter - namespace: knative-eventing - labels: - app.kubernetes.io/component: pingsource-mt-adapter - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -spec: - # when set to 0 (and only 0) will be set to 1 when the first PingSource is created. - replicas: 0 - selector: - matchLabels: &labels - eventing.knative.dev/source: ping-source-controller - sources.knative.dev/role: adapter - template: - metadata: - labels: - !!merge <<: *labels - app.kubernetes.io/component: pingsource-mt-adapter - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: *labels - topologyKey: kubernetes.io/hostname - weight: 100 - enableServiceLinks: false - containers: - - name: dispatcher - image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtping@sha256:80ef00a94ecbc4efc29dd8a4b717427bd6cdcd1cb0b3d80423e80b5a9340fcd0 - env: - - name: SYSTEM_NAMESPACE - value: '' - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: NAMESPACE - value: '' - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - # DO NOT MODIFY: The values below are being filled by the ping source controller - # See 500-controller.yaml - - name: K_METRICS_CONFIG - value: '' - - name: K_LOGGING_CONFIG - value: '' - - name: K_LEADER_ELECTION_CONFIG - value: '' - - name: K_NO_SHUTDOWN_AFTER - value: '' - - name: K_SINK_TIMEOUT - value: '-1' - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - ports: - - containerPort: 9090 - name: metrics - protocol: TCP - resources: - requests: - cpu: 125m - memory: 64Mi - limits: - cpu: 1000m - memory: 2048Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - serviceAccountName: pingsource-mt-adapter - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: eventing-webhook - namespace: knative-eventing - labels: - app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: eventing-webhook - minReplicas: 1 - maxReplicas: 5 - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 100 ---- -# Webhook PDB. -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: eventing-webhook - namespace: knative-eventing - labels: - app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -spec: - minAvailable: 80% - selector: - matchLabels: - app: eventing-webhook - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: eventing-webhook - namespace: knative-eventing - labels: - app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: &labels - app: eventing-webhook - role: eventing-webhook - template: - metadata: - labels: - !!merge <<: *labels - app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: eventing-webhook - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: eventing-webhook - enableServiceLinks: false - containers: - - name: eventing-webhook - terminationMessagePolicy: FallbackToLogsOnError - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/eventing/cmd/webhook@sha256:5e46d9450c3894b5edbe8650526277e17cf1f6d2988ed36a0c38d626b2d1bd68 - resources: - requests: - # taken from serving. - cpu: 100m - memory: 50Mi - limits: - # taken from serving. - cpu: 200m - memory: 200Mi - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: METRICS_DOMAIN - value: knative.dev/eventing - - name: WEBHOOK_NAME - value: eventing-webhook - - name: WEBHOOK_PORT - value: "8443" - # SINK_BINDING_SELECTION_MODE specifies the NamespaceSelector and ObjectSelector - # for the sinkbinding webhook. - # If `inclusion` is selected, namespaces/objects labelled as `bindings.knative.dev/include:true` - # will be considered by the sinkbinding webhook; - # If `exclusion` is selected, namespaces/objects labelled as `bindings.knative.dev/exclude:true` - # will NOT be considered by the sinkbinding webhook. - # The default is `exclusion`. - - name: SINK_BINDING_SELECTION_MODE - value: "exclusion" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: https-webhook - containerPort: 8443 - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - readinessProbe: &probe - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - livenessProbe: - !!merge <<: *probe - initialDelaySeconds: 120 - # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently - # high value that we respect whatever value it has configured for the lame duck grace period. - terminationGracePeriodSeconds: 300 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - role: eventing-webhook - app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing - name: eventing-webhook - namespace: knative-eventing -spec: - ports: - - name: https-webhook - port: 443 - targetPort: 8443 - selector: - role: eventing-webhook - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing - annotations: - # TODO add schemas and descriptions - registry.knative.dev/eventTypes: | - [ - { "type": "dev.knative.apiserver.resource.add" }, - { "type": "dev.knative.apiserver.resource.delete" }, - { "type": "dev.knative.apiserver.resource.update" }, - { "type": "dev.knative.apiserver.ref.add" }, - { "type": "dev.knative.apiserver.ref.delete" }, - { "type": "dev.knative.apiserver.ref.update" } - ] - name: apiserversources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'ApiServerSource is an event source that brings Kubernetes API server events into Knative.' - type: object - properties: - spec: - type: object - required: - - resources - properties: - ceOverrides: - description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. - type: object - properties: - extensions: - description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. - type: object - x-kubernetes-preserve-unknown-fields: true - mode: - description: EventMode controls the format of the event. `Reference` sends a dataref event type for the resource under watch. `Resource` send the full resource lifecycle event. Defaults to `Reference` - type: string - owner: - description: ResourceOwner is an additional filter to only track resources that are owned by a specific resource type. If ResourceOwner matches Resources[n] then Resources[n] is allowed to pass the ResourceOwner filter. - type: object - properties: - apiVersion: - description: APIVersion - the API version of the resource to watch. - type: string - kind: - description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - resources: - description: Resource are the resources this source will track and send related lifecycle events from the Kubernetes ApiServer, with an optional label selector to help filter. - type: array - items: - type: object - properties: - apiVersion: - description: APIVersion - the API version of the resource to watch. - type: string - kind: - description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - selector: - description: 'LabelSelector filters this source to objects to those resources pass the label selector. More info: http://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - type: object - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount to use to run this source. Defaults to default if not set. - type: string - sink: - description: Sink is a reference to an object that will resolve to a uri to use as the sink. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - namespaceSelector: - description: NamespaceSelector is a label selector to capture the namespaces that should be watched by the source. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - type: object - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. - type: array - items: - type: object - properties: - source: - description: Source is the CloudEvents source attribute. - type: string - type: - description: Type refers to the CloudEvent type attribute. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - sinkUri: - description: SinkURI is the current active sink URI that has been configured for the Source. - type: string - namespaces: - description: Namespaces show the namespaces currently watched by the ApiServerSource - type: array - items: - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - categories: - - all - - knative - - sources - kind: ApiServerSource - plural: apiserversources - singular: apiserversource - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: brokers.eventing.knative.dev - labels: - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -spec: - group: eventing.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Broker collects a pool of events that are consumable using Triggers. Brokers provide a well-known endpoint for event delivery that senders can use with minimal knowledge of the event routing strategy. Subscribers use Triggers to request delivery of events from a Broker''s pool to a specific URL or Addressable endpoint.' - type: object - properties: - spec: - description: Spec defines the desired state of the Broker. - type: object - properties: - config: - description: Config is a KReference to the configuration that specifies configuration options for this Broker. For example, this could be a pointer to a ConfigMap. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - delivery: - description: Delivery contains the delivery spec for each trigger to this Broker. Each trigger delivery spec, if any, overrides this global delivery spec. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - status: - description: Status represents the current state of the Broker. This data may be out of date. - type: object - properties: - address: - description: Broker is Addressable. It exposes the endpoint as an URI to get events delivered into the Broker mesh. - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - - name: Class - type: string - priority: 1 - jsonPath: '.metadata.annotations.eventing\.knative\.dev/broker\.class' - names: - kind: Broker - plural: brokers - singular: broker - categories: - - all - - knative - - eventing - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: channels.messaging.knative.dev - labels: - knative.dev/crd-install: "true" - messaging.knative.dev/subscribable: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -spec: - group: messaging.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - schema: - openAPIV3Schema: - description: 'Channel represents a generic Channel. It is normally used when we want a Channel, but do not need a specific Channel implementation.' - type: object - properties: - spec: - description: Spec defines the desired state of the Channel. - type: object - properties: - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use to create the CRD Channel backing this Channel. This is immutable after creation. Normally this is set by the Channel defaulter, not directly by the user. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - delivery: - description: DeliverySpec contains the default delivery spec for each subscription to this Channelable. Each subscription delivery spec, if any, overrides this global delivery spec. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - subscribers: - description: This is the list of subscriptions for this subscribable. - type: array - items: - type: object - properties: - delivery: - description: DeliverySpec contains options controlling the event delivery - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - generation: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - replyUri: - description: ReplyURI is the endpoint for the reply - type: string - subscriberUri: - description: SubscriberURI is the endpoint for the subscriber - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - status: - description: Status represents the current state of the Channel. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - channel: - description: Channel is an KReference to the Channel CRD backing this Channel. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - deadLetterChannel: - description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscribers: - description: This is the list of subscription's statuses for this channel. - type: array - items: - type: object - properties: - message: - description: A human readable message indicating details of Ready status. - type: string - observedGeneration: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - ready: - description: Status of the subscriber. - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - names: - kind: Channel - plural: channels - singular: channel - categories: - - all - - knative - - messaging - - channel - shortNames: - - ch - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing - name: containersources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'ContainerSource is an event source that starts a container image which generates events under certain situations and sends messages to a sink URI' - type: object - properties: - spec: - type: object - properties: - ceOverrides: - description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. - type: object - properties: - extensions: - description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. - type: object - x-kubernetes-preserve-unknown-fields: true - sink: - description: Sink is a reference to an object that will resolve to a uri to use as the sink. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - # WARNING: the schema tool can not parse PodTemplateSpec, stub here and redirect to Deployment documentation. - template: - type: object - x-kubernetes-preserve-unknown-fields: true - description: 'A template in the shape of `Deployment.spec.template` to be used for this ContainerSource. More info: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/' - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. - type: array - items: - type: object - properties: - source: - description: Source is the CloudEvents source attribute. - type: string - type: - description: Type refers to the CloudEvent type attribute. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - sinkUri: - description: SinkURI is the current active sink URI that has been configured for the Source. - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - categories: - - all - - knative - - sources - kind: ContainerSource - plural: containersources - singular: containersource - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: eventtypes.eventing.knative.dev - labels: - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -spec: - group: eventing.knative.dev - versions: - - name: v1beta1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - description: 'EventType represents a type of event that can be consumed from a Broker.' - properties: - spec: - description: 'Spec defines the desired state of the EventType.' - type: object - properties: - broker: - type: string - description: - description: 'Description is an optional field used to describe the EventType, in any meaningful way.' - type: string - schema: - description: 'Schema is a URI, it represents the CloudEvents schemaurl extension attribute. It may be a JSON schema, a protobuf schema, etc. It is optional.' - type: string - schemaData: - description: 'SchemaData allows the CloudEvents schema to be stored directly in the EventType. Content is dependent on the encoding. Optional attribute. The contents are not validated or manipulated by the system.' - type: string - source: - description: 'Source is a URI, it represents the CloudEvents source.' - type: string - type: - description: 'Type represents the CloudEvents type. It is authoritative.' - type: string - status: - description: 'Status represents the current state of the EventType. This data may be out of date.' - type: object - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - observedGeneration: - description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' - type: integer - format: int64 - additionalPrinterColumns: - - name: Type - type: string - jsonPath: ".spec.type" - - name: Source - type: string - jsonPath: ".spec.source" - - name: Schema - type: string - jsonPath: ".spec.schema" - - name: Broker - type: string - jsonPath: ".spec.broker" - - name: Description - type: string - jsonPath: ".spec.description" - # TODO remove Status https://github.com/knative/eventing/issues/2750 - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: EventType - plural: eventtypes - singular: eventtype - categories: - - all - - knative - - eventing - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: parallels.flows.knative.dev - labels: - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -spec: - group: flows.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Parallel defines conditional branches that will be wired in series through Channels and Subscriptions.' - type: object - properties: - spec: - description: Spec defines the desired state of the Parallel. - type: object - properties: - branches: - description: Branches is the list of Filter/Subscribers pairs. - type: array - items: - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - delivery: - description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: &addressableProperties - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - filter: - description: Filter is the expression guarding the branch - type: object - properties: - !!merge <<: *addressableProperties - reply: - description: Reply is a Reference to where the result of Subscriber of this case gets sent to. If not specified, sent the result to the Parallel Reply - type: object - properties: - !!merge <<: *addressableProperties - subscriber: - description: Subscriber receiving the event when the filter passes - type: object - properties: - !!merge <<: *addressableProperties - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - reply: - description: Reply is a Reference to where the result of a case Subscriber gets sent to when the case does not have a Reply - type: object - properties: - !!merge <<: *addressableProperties - status: - description: Status represents the current state of the Parallel. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - branchStatuses: - description: BranchStatuses is an array of corresponding to branch statuses. Matches the Spec.Branches array in the order. - type: array - items: - type: object - properties: - filterChannelStatus: - description: FilterChannelStatus corresponds to the filter channel status. - type: object - properties: &channelProperties - channel: - description: Channel is the reference to the underlying channel. - type: object - properties: &referentProperties - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - ready: - description: ReadyCondition indicates whether the Channel is ready or not. - type: object - x-kubernetes-preserve-unknown-fields: true - properties: &readyConditionProperties - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - filterSubscriptionStatus: - description: FilterSubscriptionStatus corresponds to the filter subscription status. - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - properties: - !!merge <<: *readyConditionProperties - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - !!merge <<: *referentProperties - subscriberSubscriptionStatus: - description: SubscriptionStatus corresponds to the subscriber subscription status. - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - properties: - !!merge <<: *readyConditionProperties - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - !!merge <<: *referentProperties - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - properties: - !!merge <<: *readyConditionProperties - ingressChannelStatus: - description: IngressChannelStatus corresponds to the ingress channel status. - type: object - properties: - !!merge <<: *channelProperties - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Parallel - plural: parallels - singular: parallel - categories: - - all - - knative - - flows - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing - annotations: - # TODO add schemas and descriptions - registry.knative.dev/eventTypes: | - [ - { "type": "dev.knative.sources.ping" } - ] - name: pingsources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - &version - name: v1beta2 - served: true - storage: false - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - description: 'PingSource describes an event source with a fixed payload produced on a specified cron schedule.' - properties: - spec: - type: object - description: 'PingSourceSpec defines the desired state of the PingSource (from the client).' - properties: - ceOverrides: - description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' - type: object - properties: - extensions: - description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' - type: object - additionalProperties: - type: string - x-kubernetes-preserve-unknown-fields: true - contentType: - description: 'ContentType is the media type of `data` or `dataBase64`. Default is empty.' - type: string - data: - description: 'Data is data used as the body of the event posted to the sink. Default is empty. Mutually exclusive with `dataBase64`.' - type: string - dataBase64: - description: "DataBase64 is the base64-encoded string of the actual event's body posted to the sink. Default is empty. Mutually exclusive with `data`." - type: string - schedule: - description: 'Schedule is the cron schedule. Defaults to `* * * * *`.' - type: string - sink: - description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' - type: object - properties: - ref: - description: 'Ref points to an Addressable.' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' - type: string - timezone: - description: 'Timezone modifies the actual time relative to the specified timezone. Defaults to the system time zone. More general information about time zones: https://www.iana.org/time-zones List of valid timezone values: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones' - type: string - status: - type: object - description: 'PingSourceStatus defines the observed state of PingSource (from the controller).' - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' - type: array - items: - type: object - properties: - source: - description: 'Source is the CloudEvents source attribute.' - type: string - type: - description: 'Type refers to the CloudEvent type attribute.' - type: string - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - observedGeneration: - description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' - type: integer - format: int64 - sinkUri: - description: 'SinkURI is the current active sink URI that has been configured for the Source.' - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: .status.sinkUri - - name: Schedule - type: string - jsonPath: .spec.schedule - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - !!merge <<: *version - name: v1 - served: true - storage: true - # v1 schema is identical to the v1beta2 schema - names: - categories: - - all - - knative - - sources - kind: PingSource - plural: pingsources - singular: pingsource - scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: sequences.flows.knative.dev - labels: - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -spec: - group: flows.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Sequence defines a sequence of Subscribers that will be wired in series through Channels and Subscriptions.' - type: object - properties: - spec: - description: Spec defines the desired state of the Sequence. - type: object - properties: - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - reply: - description: Reply is a Reference to where the result of the last Subscriber gets sent to. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - steps: - description: Steps is the list of Destinations (processors / functions) that will be called in the order provided. Each step has its own delivery options - type: array - items: - type: object - properties: - delivery: - description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - status: - description: Status represents the current state of the Sequence. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - channelStatuses: - description: ChannelStatuses is an array of corresponding Channel statuses. Matches the Spec.Steps array in the order. - type: array - items: - type: object - properties: - channel: - description: Channel is the reference to the underlying channel. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - ready: - description: ReadyCondition indicates whether the Channel is ready or not. - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscriptionStatuses: - description: SubscriptionStatuses is an array of corresponding Subscription statuses. Matches the Spec.Steps array in the order. - type: array - items: - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Sequence - plural: sequences - singular: sequence - categories: - - all - - knative - - flows - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - duck.knative.dev/binding: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing - name: sinkbindings.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'SinkBinding describes a Binding that is also a Source. The `sink` (from the Source duck) is resolved to a URL and then projected into the `subject` by augmenting the runtime contract of the referenced containers to have a `K_SINK` environment variable holding the endpoint to which to send cloud events.' - type: object - properties: - spec: - type: object - properties: - ceOverrides: - description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. - type: object - properties: - extensions: - description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. - type: object - x-kubernetes-preserve-unknown-fields: true - sink: - description: Sink is a reference to an object that will resolve to a uri to use as the sink. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - subject: - description: Subject references the resource(s) whose "runtime contract" should be augmented by Binding implementations. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: Kind of the referent. - type: string - name: - description: Name of the referent. Mutually exclusive with Selector. - type: string - namespace: - description: Namespace of the referent. - type: string - selector: - description: Selector of the referents. Mutually exclusive with Name. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - type: object - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. - type: array - items: - type: object - properties: - source: - description: Source is the CloudEvents source attribute. - type: string - type: - description: Type refers to the CloudEvent type attribute. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - sinkUri: - description: SinkURI is the current active sink URI that has been configured for the Source. - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - categories: - - all - - knative - - sources - - bindings - kind: SinkBinding - plural: sinkbindings - singular: sinkbinding - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: subscriptions.messaging.knative.dev - labels: - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -spec: - group: messaging.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Subscription routes events received on a Channel to a DNS name and corresponds to the subscriptions.channels.knative.dev CRD.' - type: object - properties: - spec: - type: object - properties: - channel: - description: 'Reference to a channel that will be used to create the subscription. You can specify only the following fields of the KReference: kind, apiVersion and name. The resource pointed by this KReference must meet the contract to the ChannelableSpec duck type. If the resource does not meet this contract it will be reflected in the Subscription''s status. This field is immutable. We have no good answer on what happens to the events that are currently in the channel being consumed from and what the semantics there should be. For now, you can always delete the Subscription and recreate it to point to a different channel, giving the user more control over what semantics should be used (drain the channel first, possibly have events dropped, etc.)' - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - delivery: - description: Delivery configuration - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - reply: - description: Reply specifies (optionally) how to handle events returned from the Subscriber target. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - subscriber: - description: Subscriber is reference to (optional) function for processing events. Events from the Channel will be delivered here and replies are sent to a Destination as specified by the Reply. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - physicalSubscription: - description: PhysicalSubscription is the fully resolved values that this Subscription represents. - type: object - properties: - deadLetterSinkUri: - description: ReplyURI is the fully resolved URI for the spec.delivery.deadLetterSink. - type: string - replyUri: - description: ReplyURI is the fully resolved URI for the spec.reply. - type: string - subscriberUri: - description: SubscriberURI is the fully resolved URI for spec.subscriber. - type: string - additionalPrinterColumns: - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Subscription - plural: subscriptions - singular: subscription - categories: - - all - - knative - - messaging - shortNames: - - sub - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: triggers.eventing.knative.dev - labels: - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -spec: - group: eventing.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Broker - type: string - jsonPath: .spec.broker - - name: Subscriber_URI - type: string - jsonPath: .status.subscriberUri - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - schema: - openAPIV3Schema: - description: 'Trigger represents a request to have events delivered to a subscriber from a Broker''s event pool.' - type: object - properties: - spec: - description: Spec defines the desired state of the Trigger. - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - broker: - description: Broker is the broker that this trigger receives events from. - type: string - delivery: - description: Delivery contains the delivery spec for this specific trigger. - type: object - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - filter: - description: 'Filter is the filter to apply against all events from the Broker. Only events that pass this filter will be sent to the Subscriber. If not specified, will default to allowing all events. ' - type: object - properties: - attributes: - description: 'Attributes filters events by exact match on event context attributes. Each key in the map is compared with the equivalent key in the event context. An event passes the filter if all values are equal to the specified values. Nested context attributes are not supported as keys. Only string values are supported. ' - type: object - x-kubernetes-preserve-unknown-fields: true - subscriber: - description: Subscriber is the addressable that receives events from the Broker that pass the Filter. It is required. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - status: - description: Status represents the current state of the Trigger. This data may be out of date. - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter sink for this Trigger, in case there is none this will fallback to it's Broker status DeadLetterSinkURI. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscriberUri: - description: SubscriberURI is the resolved URI of the receiver for this Trigger. - type: string - names: - kind: Trigger - plural: triggers - singular: trigger - categories: - - all - - knative - - eventing - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Use this aggregated ClusterRole when you need readonly access to "Addressables" -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: addressable-resolver - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -aggregationRule: - clusterRoleSelectors: - - matchLabels: - duck.knative.dev/addressable: "true" -rules: [] # Rules are automatically filled in by the controller manager. ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: service-addressable-resolver - labels: - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: serving-addressable-resolver - labels: - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - serving.knative.dev - resources: - - routes - - routes/status - - services - - services/status - verbs: - - get - - list - - watch ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: channel-addressable-resolver - labels: - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - messaging.knative.dev - resources: - - channels - - channels/status - verbs: - - get - - list - - watch - - apiGroups: - - messaging.knative.dev - resources: - - channels/finalizers - verbs: - - update ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: broker-addressable-resolver - labels: - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - eventing.knative.dev - resources: - - brokers - - brokers/status - verbs: - - get - - list - - watch ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: flows-addressable-resolver - labels: - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - flows.knative.dev - resources: - - sequences - - sequences/status - - parallels - - parallels/status - verbs: - - get - - list - - watch - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: eventing-broker-filter - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - "get" - - "list" - - "watch" - - apiGroups: - - "eventing.knative.dev" - resources: - - "triggers" - - "triggers/status" - verbs: - - "get" - - "list" - - "watch" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: eventing-broker-ingress - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - "get" - - "list" - - "watch" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: eventing-config-reader - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - "get" - - "list" - - "watch" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Use this aggregated ClusterRole when you need read and update permissions on "Channelables". -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: channelable-manipulator - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -aggregationRule: - clusterRoleSelectors: - - matchLabels: - duck.knative.dev/channelable: "true" -rules: [] # Rules are automatically filled in by the controller manager. ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: meta-channelable-manipulator - labels: - duck.knative.dev/channelable: "true" - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "channelable-manipulator" role. -rules: - - apiGroups: - - messaging.knative.dev - resources: - - channels - - channels/status - verbs: - - create - - get - - list - - watch - - update - - patch - - delete - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-eventing-namespaced-admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["eventing.knative.dev"] - resources: ["*"] - verbs: ["*"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-messaging-namespaced-admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["messaging.knative.dev"] - resources: ["*"] - verbs: ["*"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-flows-namespaced-admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["flows.knative.dev"] - resources: ["*"] - verbs: ["*"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-sources-namespaced-admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["sources.knative.dev"] - resources: ["*"] - verbs: ["*"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-bindings-namespaced-admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["bindings.knative.dev"] - resources: ["*"] - verbs: ["*"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-eventing-namespaced-edit - labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev"] - resources: ["*"] - verbs: ["create", "update", "patch", "delete"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-eventing-namespaced-view - labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev"] - resources: ["*"] - verbs: ["get", "list", "watch"] - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-controller - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - "" - resources: - - "namespaces" - - "secrets" - - "configmaps" - - "services" - - "endpoints" - - "events" - - "serviceaccounts" - - "pods" - verbs: &everything - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" - # Brokers and the namespace annotation controllers manipulate Deployments. - - apiGroups: - - "apps" - resources: - - "deployments" - verbs: *everything - # PingSource controller manipulates Deployment owner reference - - apiGroups: - - "apps" - resources: - - "deployments/finalizers" - verbs: - - "update" - # The namespace annotation controller needs to manipulate RoleBindings. - - apiGroups: - - "rbac.authorization.k8s.io" - resources: - - "rolebindings" - verbs: *everything - # Our own resources and statuses we care about. - - apiGroups: - - "eventing.knative.dev" - resources: - - "brokers" - - "brokers/status" - - "triggers" - - "triggers/status" - - "eventtypes" - - "eventtypes/status" - verbs: *everything - # Eventing resources and finalizers we care about. - - apiGroups: - - "eventing.knative.dev" - resources: - - "brokers/finalizers" - - "triggers/finalizers" - verbs: - - "update" - # Our own resources and statuses we care about. - - apiGroups: - - "messaging.knative.dev" - resources: - - "sequences" - - "sequences/status" - - "channels" - - "channels/status" - - "parallels" - - "parallels/status" - - "subscriptions" - - "subscriptions/status" - verbs: *everything - # Flow resources and statuses we care about. - - apiGroups: - - "flows.knative.dev" - resources: - - "sequences" - - "sequences/status" - - "parallels" - - "parallels/status" - verbs: *everything - # Messaging resources and finalizers we care about. - - apiGroups: - - "messaging.knative.dev" - resources: - - "sequences/finalizers" - - "parallels/finalizers" - - "channels/finalizers" - verbs: - - "update" - # Flows resources and finalizers we care about. - - apiGroups: - - "flows.knative.dev" - resources: - - "sequences/finalizers" - - "parallels/finalizers" - verbs: - - "update" - # The subscription controller needs to retrieve and watch CustomResourceDefinitions. - - apiGroups: - - "apiextensions.k8s.io" - resources: - - "customresourcedefinitions" - verbs: - - "get" - - "list" - - "watch" - # For leader election - - apiGroups: - - "coordination.k8s.io" - resources: - - "leases" - verbs: *everything - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-pingsource-mt-adapter - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - "get" - - "list" - - "watch" - - apiGroups: - - sources.knative.dev - resources: - - pingsources - - pingsources/status - verbs: - - get - - list - - watch - - patch - - apiGroups: - - sources.knative.dev - resources: - - pingsources/finalizers - verbs: - - "patch" - - apiGroups: - - "" - resources: - - events - verbs: - - "create" - - "patch" - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Use this aggregated ClusterRole when you need readonly access to "PodSpecables" -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: podspecable-binding - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -aggregationRule: - clusterRoleSelectors: - - matchLabels: - duck.knative.dev/podspecable: "true" -rules: [] # Rules are automatically filled in by the controller manager. ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: builtin-podspecable-binding - labels: - duck.knative.dev/podspecable: "true" - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "podspecable-binding role. -rules: - # To patch the subjects of our bindings - - apiGroups: - - "apps" - resources: - - "deployments" - - "daemonsets" - - "statefulsets" - - "replicasets" - verbs: - - "list" - - "watch" - - "patch" - - apiGroups: - - "batch" - resources: - - "jobs" - verbs: - - "list" - - "watch" - - "patch" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Use this aggregated ClusterRole when you need to read "Sources". -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: source-observer - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -aggregationRule: - clusterRoleSelectors: - - matchLabels: - duck.knative.dev/source: "true" -rules: [] # Rules are automatically filled in by the controller manager. ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: eventing-sources-source-observer - labels: - duck.knative.dev/source: "true" - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "source-observer" role. -rules: - - apiGroups: - - sources.knative.dev - resources: - - apiserversources - - pingsources - - sinkbindings - - containersources - verbs: - - get - - list - - watch - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-sources-controller - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - "" - resources: - - "secrets" - - "configmaps" - - "services" - verbs: &everything - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" - # Deployments admin - - apiGroups: - - "apps" - resources: - - "deployments" - verbs: *everything - # Source resources and statuses we care about. - - apiGroups: - - "sources.knative.dev" - resources: - - "sinkbindings" - - "sinkbindings/status" - - "sinkbindings/finalizers" - - "apiserversources" - - "apiserversources/status" - - "apiserversources/finalizers" - - "pingsources" - - "pingsources/status" - - "pingsources/finalizers" - - "containersources" - - "containersources/status" - - "containersources/finalizers" - verbs: *everything - # Knative Services admin - - apiGroups: - - serving.knative.dev - resources: - - services - verbs: *everything - # EventTypes admin - - apiGroups: - - eventing.knative.dev - resources: - - eventtypes - verbs: *everything - # Events admin - - apiGroups: - - "" - resources: - - events - verbs: *everything - # Authorization checker - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-webhook - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -rules: - # For watching logging configuration and getting certs. - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - "get" - - "list" - - "watch" - # For manipulating certs into secrets. - - apiGroups: - - "" - resources: - - "namespaces" - verbs: - - "get" - - "create" - - "update" - - "list" - - "watch" - - "patch" - # finalizers are needed for the owner reference of the webhook - - apiGroups: - - "" - resources: - - "namespaces/finalizers" - verbs: - - "update" - # For getting our Deployment so we can decorate with ownerref. - - apiGroups: - - "apps" - resources: - - "deployments" - verbs: - - "get" - - apiGroups: - - "apps" - resources: - - "deployments/finalizers" - verbs: - - update - # For actually registering our webhook. - - apiGroups: - - "admissionregistration.k8s.io" - resources: - - "mutatingwebhookconfigurations" - - "validatingwebhookconfigurations" - verbs: &everything - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" - # For running the SinkBinding reconciler. - - apiGroups: - - "sources.knative.dev" - resources: - - "sinkbindings" - - "sinkbindings/status" - - "sinkbindings/finalizers" - verbs: *everything - # For leader election - - apiGroups: - - "coordination.k8s.io" - resources: - - "leases" - verbs: *everything - # For creating events - - apiGroups: - - "" - - "events.k8s.io" - resources: - - "events" - verbs: - - "get" - - "list" - - "create" - - "patch" - # Necessary for conversion webhook. These are copied from the serving - # TODO: Do we really need all these permissions? - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: knative-eventing - name: knative-eventing-webhook - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -rules: - # For manipulating certs into secrets. - - apiGroups: - - "" - resources: - - "secrets" - verbs: - - "get" - - "create" - - "update" - - "list" - - "watch" - - "patch" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: config.webhook.eventing.knative.dev - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing - sideEffects: None - failurePolicy: Ignore - name: config.webhook.eventing.knative.dev - namespaceSelector: - matchExpressions: - timeoutSeconds: 10 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: webhook.eventing.knative.dev - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing - sideEffects: None - failurePolicy: Fail - name: webhook.eventing.knative.dev - timeoutSeconds: 10 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validation.webhook.eventing.knative.dev - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing - sideEffects: None - failurePolicy: Fail - name: validation.webhook.eventing.knative.dev - timeoutSeconds: 10 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: eventing-webhook-certs - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -# The data is populated at install time. - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: sinkbindings.webhook.sources.knative.dev - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing - failurePolicy: Fail - sideEffects: None - name: sinkbindings.webhook.sources.knative.dev - timeoutSeconds: 10 - ---- diff --git a/cmd/operator/kodata/knative-eventing/1.10.2/3-eventing-tls-networking.yaml b/cmd/operator/kodata/knative-eventing/1.10.2/3-eventing-tls-networking.yaml deleted file mode 100644 index f6dfe17d57..0000000000 --- a/cmd/operator/kodata/knative-eventing/1.10.2/3-eventing-tls-networking.yaml +++ /dev/null @@ -1,99 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: selfsigned-issuer - namespace: knative-eventing -spec: - selfSigned: {} - ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: imc-dispatcher-server-tls - namespace: knative-eventing -spec: - # Secret names are always required. - secretName: imc-dispatcher-server-tls - secretTemplate: - labels: - app.kubernetes.io/component: imc-dispatcher - app.kubernetes.io/name: knative-eventing - duration: 2160h # 90d - renewBefore: 360h # 15d - subject: - organizations: - - local - isCA: false - privateKey: - algorithm: RSA - encoding: PKCS1 - size: 2048 - dnsNames: - - imc-dispatcher.knative-eventing.svc.cluster.local - issuerRef: - name: selfsigned-issuer - kind: Issuer - group: cert-manager.io - ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: mt-broker-filter-server-tls - namespace: knative-eventing -spec: - # Secret names are always required. - secretName: mt-broker-filter-server-tls - secretTemplate: - labels: - app.kubernetes.io/component: broker-filter - app.kubernetes.io/name: knative-eventing - duration: 2160h # 90d - renewBefore: 360h # 15d - subject: - organizations: - - local - isCA: false - privateKey: - algorithm: RSA - encoding: PKCS1 - size: 2048 - dnsNames: - - broker-filter.knative-eventing.svc.cluster.local - issuerRef: - name: selfsigned-issuer - kind: Issuer - group: cert-manager.io - ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: mt-broker-ingress-server-tls - namespace: knative-eventing -spec: - # Secret names are always required. - secretName: mt-broker-ingress-server-tls - secretTemplate: - labels: - app.kubernetes.io/component: broker-ingress - app.kubernetes.io/name: knative-eventing - duration: 2160h # 90d - renewBefore: 360h # 15d - subject: - organizations: - - local - isCA: false - privateKey: - algorithm: RSA - encoding: PKCS1 - size: 2048 - dnsNames: - - broker-ingress.knative-eventing.svc.cluster.local - issuerRef: - name: selfsigned-issuer - kind: Issuer - group: cert-manager.io - ---- diff --git a/cmd/operator/kodata/knative-eventing/1.10.2/4-in-memory-channel.yaml b/cmd/operator/kodata/knative-eventing/1.10.2/4-in-memory-channel.yaml deleted file mode 100644 index 881c7c1935..0000000000 --- a/cmd/operator/kodata/knative-eventing/1.10.2/4-in-memory-channel.yaml +++ /dev/null @@ -1,1193 +0,0 @@ -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: imc-controller - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: imc-controller - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: imc-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: imc-controller - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - namespace: knative-eventing - name: imc-controller - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: imc-controller - namespace: knative-eventing -roleRef: - kind: Role - name: knative-inmemorychannel-webhook - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: imc-controller-resolver - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: imc-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: addressable-resolver - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: imc-dispatcher - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: imc-dispatcher - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: imc-dispatcher - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: imc-dispatcher - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-imc-event-dispatcher - namespace: knative-eventing - labels: - app.kubernetes.io/component: imc-controller - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -data: - MaxIdleConnections: "1000" - MaxIdleConnectionsPerHost: "100" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-observability - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing - annotations: - knative.dev/example-checksum: "f46cf09d" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # metrics.backend-destination field specifies the system metrics destination. - # It supports either prometheus (the default) or stackdriver. - # Note: Using stackdriver will incur additional charges - metrics.backend-destination: prometheus - - # metrics.request-metrics-backend-destination specifies the request metrics - # destination. If non-empty, it enables queue proxy to send request metrics. - # Currently supported values: prometheus, stackdriver. - metrics.request-metrics-backend-destination: prometheus - - # metrics.stackdriver-project-id field specifies the stackdriver project ID. This - # field is optional. When running on GCE, application default credentials will be - # used if this field is not provided. - metrics.stackdriver-project-id: "" - - # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to - # Stackdriver using "global" resource type and custom metric type if the - # metrics are not supported by "knative_broker", "knative_trigger", and "knative_source" resource types. - # Setting this flag to "true" could cause extra Stackdriver charge. - # If metrics.backend-destination is not Stackdriver, this is ignored. - metrics.allow-stackdriver-custom-metrics: "false" - - # profiling.enable indicates whether it is allowed to retrieve runtime profiling data from - # the pods via an HTTP server in the format expected by the pprof visualization tool. When - # enabled, the Knative Eventing pods expose the profiling data on an alternate HTTP port 8008. - # The HTTP context root for profiling is then /debug/pprof/. - profiling.enable: "false" - - # sink-event-error-reporting.enable whether the adapter reports a kube event to the CRD indicating - # a failure to send a cloud event to the sink. - sink-event-error-reporting.enable: "false" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-tracing - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing - annotations: - knative.dev/example-checksum: "0492ceb0" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - # - # This may be "zipkin" or "none". the default is "none" - backend: "none" - - # URL to zipkin collector where traces are sent. - # This must be specified when backend is "zipkin" - zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans" - - # Enable zipkin debug mode. This allows all spans to be sent to the server - # bypassing sampling. - debug: "false" - - # Percentage (0-1) of requests to trace - sample-rate: "0.1" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: imc-controller - namespace: knative-eventing - labels: - knative.dev/high-availability: "true" - app.kubernetes.io/component: imc-controller - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: &labels - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: controller - template: - metadata: - labels: - !!merge <<: *labels - app.kubernetes.io/component: imc-controller - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: *labels - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: imc-controller - enableServiceLinks: false - containers: - - name: controller - image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_controller@sha256:edc60b0a0d4f41efe4908f7193168c4c0848f8b4f4b3e9ba732f30ab5d3482a5 - env: - - name: WEBHOOK_NAME - value: inmemorychannel-webhook - - name: WEBHOOK_PORT - value: "8443" - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/inmemorychannel-controller - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: DISPATCHER_IMAGE - value: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:926718cfd6b2662b0d2fb78bb917e695d12a1b597413d644d31ccbcbe2df5fe6 - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: https-webhook - containerPort: 8443 - readinessProbe: &probe - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - livenessProbe: - !!merge <<: *probe - initialDelaySeconds: 120 - # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently - # high value that we respect whatever value it has configured for the lame duck grace period. - terminationGracePeriodSeconds: 300 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: imc-controller - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing - name: inmemorychannel-webhook - namespace: knative-eventing -spec: - ports: - - name: https-webhook - port: 443 - targetPort: 8443 - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - selector: - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: controller - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: imc-dispatcher - namespace: knative-eventing - labels: - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: dispatcher - app.kubernetes.io/component: imc-dispatcher - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -spec: - selector: - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: dispatcher - ports: - - name: http-dispatcher - port: 80 - protocol: TCP - targetPort: 8080 - - name: http-metrics - port: 9090 - targetPort: 9090 - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: imc-dispatcher - namespace: knative-eventing - labels: - knative.dev/high-availability: "true" - app.kubernetes.io/component: imc-dispatcher - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: &labels - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: dispatcher - template: - metadata: - labels: - !!merge <<: *labels - app.kubernetes.io/component: imc-dispatcher - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: *labels - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: imc-dispatcher - enableServiceLinks: false - containers: - - name: dispatcher - image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:926718cfd6b2662b0d2fb78bb917e695d12a1b597413d644d31ccbcbe2df5fe6 - readinessProbe: &probe - failureThreshold: 3 - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 - livenessProbe: - !!merge <<: *probe - initialDelaySeconds: 5 - env: - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/inmemorychannel-dispatcher - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: CONTAINER_NAME - value: dispatcher - - name: MAX_IDLE_CONNS - value: "1000" - - name: MAX_IDLE_CONNS_PER_HOST - value: "1000" - ports: - - containerPort: 8080 - name: http - protocol: TCP - - containerPort: 9090 - name: metrics - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: inmemorychannels.messaging.knative.dev - labels: - knative.dev/crd-install: "true" - messaging.knative.dev/subscribable: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -spec: - group: messaging.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'InMemoryChannel is a resource representing an in memory channel' - type: object - properties: - spec: - description: Spec defines the desired state of the Channel. - type: object - properties: - delivery: - description: DeliverySpec contains the default delivery spec for each subscription to this Channelable. Each subscription delivery spec, if any, overrides this global delivery spec. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - subscribers: - description: This is the list of subscriptions for this subscribable. - type: array - items: - type: object - properties: - delivery: - description: DeliverySpec contains options controlling the event delivery - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - generation: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - replyUri: - description: ReplyURI is the endpoint for the reply - type: string - subscriberUri: - description: SubscriberURI is the endpoint for the subscriber - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - status: - description: Status represents the current state of the Channel. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - deadLetterChannel: - description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter ref if one is specified in the Spec.Delivery. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscribers: - description: This is the list of subscription's statuses for this channel. - type: array - items: - type: object - properties: - message: - description: A human readable message indicating details of Ready status. - type: string - observedGeneration: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - ready: - description: Status of the subscriber. - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: InMemoryChannel - plural: inmemorychannels - singular: inmemorychannel - categories: - - all - - knative - - messaging - - channel - shortNames: - - imc - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: imc-addressable-resolver - labels: - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels - - inmemorychannels/status - verbs: - - get - - list - - watch - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: imc-channelable-manipulator - labels: - duck.knative.dev/channelable: "true" - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "channelable-manipulator" role. -rules: - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels - - inmemorychannels/status - verbs: - - create - - get - - list - - watch - - update - - patch - - delete - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: imc-controller - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels - - inmemorychannels/status - verbs: - - get - - list - - watch - - update - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels/finalizers - verbs: - - update - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels/finalizers - - inmemorychannels/status - - inmemorychannels - verbs: - - patch - - apiGroups: - - "" - resources: - - services - - serviceaccounts - verbs: &everything - - get - - list - - watch - - create - - update - - patch - - apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - "rbac.authorization.k8s.io" - resources: - - rolebindings - verbs: *everything - - apiGroups: - - apps - resources: - - deployments - verbs: *everything - - apiGroups: - - apps - resources: - - deployments/status - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: *everything - # For actually registering our webhook. - - apiGroups: - - "admissionregistration.k8s.io" - resources: - - "mutatingwebhookconfigurations" - - "validatingwebhookconfigurations" - verbs: &everything - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" - # For manipulating certs into secrets. - - apiGroups: - - "" - resources: - - "namespaces" - verbs: - - "get" - - "create" - - "update" - - "list" - - "watch" - - "patch" - # finalizers are needed for the owner reference of the webhook - - apiGroups: - - "" - resources: - - "namespaces/finalizers" - verbs: - - "update" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: imc-dispatcher - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels - - inmemorychannels/status - verbs: - - get - - list - - watch - - apiGroups: - - "" # Core API group. - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - # Updates the finalizer so we can remove our handlers when channel is deleted - # Patches the status.subscribers to reflect when the subscription dataplane has been - # configured. - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels/finalizers - - inmemorychannels/status - - inmemorychannels - verbs: - - patch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: knative-eventing - name: knative-inmemorychannel-webhook - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -rules: - # For manipulating certs into secrets. - - apiGroups: - - "" - resources: - - "secrets" - verbs: - - "get" - - "create" - - "update" - - "list" - - "watch" - - "patch" - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: inmemorychannel.eventing.knative.dev - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -webhooks: - - admissionReviewVersions: ["v1"] - clientConfig: - service: - name: inmemorychannel-webhook - namespace: knative-eventing - sideEffects: None - failurePolicy: Fail - name: inmemorychannel.eventing.knative.dev - timeoutSeconds: 10 - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validation.inmemorychannel.eventing.knative.dev - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -webhooks: - - admissionReviewVersions: ["v1"] - clientConfig: - service: - name: inmemorychannel-webhook - namespace: knative-eventing - sideEffects: None - failurePolicy: Fail - name: validation.inmemorychannel.eventing.knative.dev - timeoutSeconds: 10 - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: inmemorychannel-webhook-certs - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -# The data is populated at install time. - ---- diff --git a/cmd/operator/kodata/knative-eventing/1.10.2/5-mt-channel-broker.yaml b/cmd/operator/kodata/knative-eventing/1.10.2/5-mt-channel-broker.yaml deleted file mode 100644 index f114cfb8cb..0000000000 --- a/cmd/operator/kodata/knative-eventing/1.10.2/5-mt-channel-broker.yaml +++ /dev/null @@ -1,657 +0,0 @@ -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-mt-channel-broker-controller - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -rules: - # Configs resources and status we care about. - - apiGroups: - - "" - resources: - - "namespaces/finalizers" - verbs: - - "update" - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-mt-broker-filter - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - eventing.knative.dev - resources: - - triggers - - triggers/status - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - get - - list - - watch - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: ServiceAccount -metadata: - name: mt-broker-filter - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-mt-broker-ingress - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - eventing.knative.dev - resources: - - brokers - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - get - - list - - watch - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: ServiceAccount -metadata: - name: mt-broker-ingress - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-mt-channel-broker-controller - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-mt-channel-broker-controller - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-eventing-mt-broker-filter - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: mt-broker-filter - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-mt-broker-filter - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-eventing-mt-broker-ingress - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: mt-broker-ingress - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-mt-broker-ingress - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mt-broker-filter - namespace: knative-eventing - labels: - app.kubernetes.io/component: broker-filter - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: - eventing.knative.dev/brokerRole: filter - template: - metadata: - labels: - eventing.knative.dev/brokerRole: filter - app.kubernetes.io/component: broker-filter - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing - spec: - serviceAccountName: mt-broker-filter - enableServiceLinks: false - containers: - - name: filter - terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing/cmd/broker/filter@sha256:d2ff79257562aa5f37c35a3f92a9c6d07331b325049d2e9f1a11210eb89433cf - readinessProbe: &probe - failureThreshold: 3 - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 - livenessProbe: - !!merge <<: *probe - initialDelaySeconds: 5 - resources: - requests: - cpu: 100m - memory: 100Mi - ports: - - containerPort: 8080 - name: http - protocol: TCP - - containerPort: 9092 - name: metrics - protocol: TCP - terminationMessagePath: /dev/termination-log - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: CONTAINER_NAME - value: filter - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/internal/eventing - - name: FILTER_PORT - value: "8080" - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault ---- -apiVersion: v1 -kind: Service -metadata: - labels: - eventing.knative.dev/brokerRole: filter - app.kubernetes.io/component: broker-filter - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing - name: broker-filter - namespace: knative-eventing -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 8080 - - name: http-metrics - port: 9092 - protocol: TCP - targetPort: 9092 - selector: - eventing.knative.dev/brokerRole: filter - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mt-broker-ingress - namespace: knative-eventing - labels: - app.kubernetes.io/component: broker-ingress - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: - eventing.knative.dev/brokerRole: ingress - template: - metadata: - labels: - eventing.knative.dev/brokerRole: ingress - app.kubernetes.io/component: broker-ingress - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing - spec: - serviceAccountName: mt-broker-ingress - enableServiceLinks: false - containers: - - name: ingress - terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing/cmd/broker/ingress@sha256:174473c0724521d5263ef1a334fa137c6e5fe1bf0968be2b0be4aa1786ee6550 - readinessProbe: &probe - failureThreshold: 3 - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 - livenessProbe: - !!merge <<: *probe - initialDelaySeconds: 5 - resources: - requests: - cpu: 100m - memory: 100Mi - ports: - - containerPort: 8080 - name: http - protocol: TCP - - containerPort: 9092 - name: metrics - protocol: TCP - terminationMessagePath: /dev/termination-log - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: CONTAINER_NAME - value: ingress - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/internal/eventing - - name: INGRESS_PORT - value: "8080" - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault ---- -apiVersion: v1 -kind: Service -metadata: - labels: - eventing.knative.dev/brokerRole: ingress - app.kubernetes.io/component: broker-ingress - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing - name: broker-ingress - namespace: knative-eventing -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 8080 - - name: http-metrics - port: 9092 - protocol: TCP - targetPort: 9092 - selector: - eventing.knative.dev/brokerRole: ingress - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mt-broker-controller - namespace: knative-eventing - labels: - app.kubernetes.io/component: mt-broker-controller - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: - app: mt-broker-controller - template: - metadata: - labels: - app: mt-broker-controller - app.kubernetes.io/component: broker-controller - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: mt-broker-controller - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: eventing-controller - enableServiceLinks: false - containers: - - name: mt-broker-controller - terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtchannel_broker@sha256:dfee8157ab27cd2150e3720018d7c083d047f60a57a22256287ae0dcf5c1b80c - resources: - requests: - cpu: 100m - memory: 100Mi - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/eventing - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: broker-ingress-hpa - namespace: knative-eventing - labels: - app.kubernetes.io/component: broker-ingress - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: mt-broker-ingress - minReplicas: 1 - maxReplicas: 10 - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 70 ---- -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: broker-filter-hpa - namespace: knative-eventing - labels: - app.kubernetes.io/component: broker-filter - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: mt-broker-filter - minReplicas: 1 - maxReplicas: 10 - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 70 - ---- diff --git a/cmd/operator/kodata/knative-eventing/1.10.2/6-eventing-post-install.yaml b/cmd/operator/kodata/knative-eventing/1.10.2/6-eventing-post-install.yaml deleted file mode 100644 index e1c4761703..0000000000 --- a/cmd/operator/kodata/knative-eventing/1.10.2/6-eventing-post-install.yaml +++ /dev/null @@ -1,226 +0,0 @@ -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-post-install-job-role - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -rules: - # Storage version upgrader needs to be able to patch CRDs. - - apiGroups: - - "apiextensions.k8s.io" - resources: - - "customresourcedefinitions" - - "customresourcedefinitions/status" - verbs: - - "get" - - "list" - - "update" - - "patch" - - "watch" - # Our own resources we care about. - - apiGroups: - - "sources.knative.dev" - resources: - - "apiserversources" - - "apiserversources/finalizers" - - "apiserversources/status" - - "containersources" - - "containersources/finalizers" - - "containersources/status" - - "pingsources" - - "pingsources/finalizers" - - "pingsources/status" - - "sinkbindings" - - "sinkbindings/finalizers" - - "sinkbindings/status" - verbs: - - "get" - - "list" - - "create" - - "update" - - "patch" - - "watch" - - apiGroups: - - "eventing.knative.dev" - resources: - - "brokers" - - "brokers/finalizers" - - "brokers/status" - - "eventtypes" - - "eventtypes/finalizers" - - "eventtypes/status" - - "triggers" - - "triggers/finalizers" - - "triggers/status" - verbs: - - "get" - - "list" - - "create" - - "update" - - "patch" - - "watch" - - apiGroups: - - "messaging.knative.dev" - resources: - - "channels" - - "channels/finalizers" - - "channels/status" - - "inmemorychannels" - - "inmemorychannels/finalizers" - - "inmemorychannels/status" - - "subscriptions" - - "subscriptions/finalizers" - - "subscriptions/status" - verbs: - - "get" - - "list" - - "create" - - "update" - - "patch" - - "watch" - - apiGroups: - - "flows.knative.dev" - resources: - - "parallels" - - "parallels/finalizers" - - "parallels/status" - - "sequences" - - "sequences/finalizers" - - "sequences/status" - verbs: - - "get" - - "list" - - "create" - - "update" - - "patch" - - "watch" - - apiGroups: - - "" - resources: - - "namespaces" - verbs: - - "get" - - "list" - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: knative-eventing-post-install-job - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-eventing-post-install-job-role-binding - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: knative-eventing-post-install-job - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-post-install-job-role - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: batch/v1 -kind: Job -metadata: - generateName: storage-version-migration-eventing- - namespace: knative-eventing - labels: - app: "storage-version-migration-eventing" - app.kubernetes.io/name: knative-eventing - app.kubernetes.io/component: storage-version-migration-job - app.kubernetes.io/version: "1.10.2" -spec: - ttlSecondsAfterFinished: 600 - backoffLimit: 10 - template: - metadata: - labels: - app: "storage-version-migration-eventing" - app.kubernetes.io/name: knative-eventing - app.kubernetes.io/component: storage-version-migration-job - app.kubernetes.io/version: "1.10.2" - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: knative-eventing-post-install-job - restartPolicy: OnFailure - containers: - - name: migrate - image: gcr.io/knative-releases/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:3f19c740efc2f2bc3175e57e8d6adab350a37df90bffb39d2aa5a33790cf033d - args: - - "apiserversources.sources.knative.dev" - - "brokers.eventing.knative.dev" - - "channels.messaging.knative.dev" - - "containersources.sources.knative.dev" - - "eventtypes.eventing.knative.dev" - - "inmemorychannels.messaging.knative.dev" - - "parallels.flows.knative.dev" - - "pingsources.sources.knative.dev" - - "sequences.flows.knative.dev" - - "sinkbindings.sources.knative.dev" - - "subscriptions.messaging.knative.dev" - - "triggers.eventing.knative.dev" - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ---- diff --git a/cmd/operator/kodata/knative-eventing/1.10.3/1-eventing-crds.yaml b/cmd/operator/kodata/knative-eventing/1.10.3/1-eventing-crds.yaml deleted file mode 100644 index af6775353f..0000000000 --- a/cmd/operator/kodata/knative-eventing/1.10.3/1-eventing-crds.yaml +++ /dev/null @@ -1,2319 +0,0 @@ -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing - annotations: - # TODO add schemas and descriptions - registry.knative.dev/eventTypes: | - [ - { "type": "dev.knative.apiserver.resource.add" }, - { "type": "dev.knative.apiserver.resource.delete" }, - { "type": "dev.knative.apiserver.resource.update" }, - { "type": "dev.knative.apiserver.ref.add" }, - { "type": "dev.knative.apiserver.ref.delete" }, - { "type": "dev.knative.apiserver.ref.update" } - ] - name: apiserversources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'ApiServerSource is an event source that brings Kubernetes API server events into Knative.' - type: object - properties: - spec: - type: object - required: - - resources - properties: - ceOverrides: - description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. - type: object - properties: - extensions: - description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. - type: object - x-kubernetes-preserve-unknown-fields: true - mode: - description: EventMode controls the format of the event. `Reference` sends a dataref event type for the resource under watch. `Resource` send the full resource lifecycle event. Defaults to `Reference` - type: string - owner: - description: ResourceOwner is an additional filter to only track resources that are owned by a specific resource type. If ResourceOwner matches Resources[n] then Resources[n] is allowed to pass the ResourceOwner filter. - type: object - properties: - apiVersion: - description: APIVersion - the API version of the resource to watch. - type: string - kind: - description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - resources: - description: Resource are the resources this source will track and send related lifecycle events from the Kubernetes ApiServer, with an optional label selector to help filter. - type: array - items: - type: object - properties: - apiVersion: - description: APIVersion - the API version of the resource to watch. - type: string - kind: - description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - selector: - description: 'LabelSelector filters this source to objects to those resources pass the label selector. More info: http://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - type: object - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount to use to run this source. Defaults to default if not set. - type: string - sink: - description: Sink is a reference to an object that will resolve to a uri to use as the sink. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - namespaceSelector: - description: NamespaceSelector is a label selector to capture the namespaces that should be watched by the source. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - type: object - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. - type: array - items: - type: object - properties: - source: - description: Source is the CloudEvents source attribute. - type: string - type: - description: Type refers to the CloudEvent type attribute. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - sinkUri: - description: SinkURI is the current active sink URI that has been configured for the Source. - type: string - namespaces: - description: Namespaces show the namespaces currently watched by the ApiServerSource - type: array - items: - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - categories: - - all - - knative - - sources - kind: ApiServerSource - plural: apiserversources - singular: apiserversource - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: brokers.eventing.knative.dev - labels: - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -spec: - group: eventing.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Broker collects a pool of events that are consumable using Triggers. Brokers provide a well-known endpoint for event delivery that senders can use with minimal knowledge of the event routing strategy. Subscribers use Triggers to request delivery of events from a Broker''s pool to a specific URL or Addressable endpoint.' - type: object - properties: - spec: - description: Spec defines the desired state of the Broker. - type: object - properties: - config: - description: Config is a KReference to the configuration that specifies configuration options for this Broker. For example, this could be a pointer to a ConfigMap. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - delivery: - description: Delivery contains the delivery spec for each trigger to this Broker. Each trigger delivery spec, if any, overrides this global delivery spec. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - status: - description: Status represents the current state of the Broker. This data may be out of date. - type: object - properties: - address: - description: Broker is Addressable. It exposes the endpoint as an URI to get events delivered into the Broker mesh. - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - - name: Class - type: string - priority: 1 - jsonPath: '.metadata.annotations.eventing\.knative\.dev/broker\.class' - names: - kind: Broker - plural: brokers - singular: broker - categories: - - all - - knative - - eventing - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: channels.messaging.knative.dev - labels: - knative.dev/crd-install: "true" - messaging.knative.dev/subscribable: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -spec: - group: messaging.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - schema: - openAPIV3Schema: - description: 'Channel represents a generic Channel. It is normally used when we want a Channel, but do not need a specific Channel implementation.' - type: object - properties: - spec: - description: Spec defines the desired state of the Channel. - type: object - properties: - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use to create the CRD Channel backing this Channel. This is immutable after creation. Normally this is set by the Channel defaulter, not directly by the user. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - delivery: - description: DeliverySpec contains the default delivery spec for each subscription to this Channelable. Each subscription delivery spec, if any, overrides this global delivery spec. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - subscribers: - description: This is the list of subscriptions for this subscribable. - type: array - items: - type: object - properties: - delivery: - description: DeliverySpec contains options controlling the event delivery - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - generation: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - replyUri: - description: ReplyURI is the endpoint for the reply - type: string - subscriberUri: - description: SubscriberURI is the endpoint for the subscriber - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - status: - description: Status represents the current state of the Channel. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - channel: - description: Channel is an KReference to the Channel CRD backing this Channel. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - deadLetterChannel: - description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscribers: - description: This is the list of subscription's statuses for this channel. - type: array - items: - type: object - properties: - message: - description: A human readable message indicating details of Ready status. - type: string - observedGeneration: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - ready: - description: Status of the subscriber. - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - names: - kind: Channel - plural: channels - singular: channel - categories: - - all - - knative - - messaging - - channel - shortNames: - - ch - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing - name: containersources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'ContainerSource is an event source that starts a container image which generates events under certain situations and sends messages to a sink URI' - type: object - properties: - spec: - type: object - properties: - ceOverrides: - description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. - type: object - properties: - extensions: - description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. - type: object - x-kubernetes-preserve-unknown-fields: true - sink: - description: Sink is a reference to an object that will resolve to a uri to use as the sink. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - # WARNING: the schema tool can not parse PodTemplateSpec, stub here and redirect to Deployment documentation. - template: - type: object - x-kubernetes-preserve-unknown-fields: true - description: 'A template in the shape of `Deployment.spec.template` to be used for this ContainerSource. More info: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/' - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. - type: array - items: - type: object - properties: - source: - description: Source is the CloudEvents source attribute. - type: string - type: - description: Type refers to the CloudEvent type attribute. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - sinkUri: - description: SinkURI is the current active sink URI that has been configured for the Source. - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - categories: - - all - - knative - - sources - kind: ContainerSource - plural: containersources - singular: containersource - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: eventtypes.eventing.knative.dev - labels: - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -spec: - group: eventing.knative.dev - versions: - - name: v1beta1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - description: 'EventType represents a type of event that can be consumed from a Broker.' - properties: - spec: - description: 'Spec defines the desired state of the EventType.' - type: object - properties: - broker: - type: string - description: - description: 'Description is an optional field used to describe the EventType, in any meaningful way.' - type: string - schema: - description: 'Schema is a URI, it represents the CloudEvents schemaurl extension attribute. It may be a JSON schema, a protobuf schema, etc. It is optional.' - type: string - schemaData: - description: 'SchemaData allows the CloudEvents schema to be stored directly in the EventType. Content is dependent on the encoding. Optional attribute. The contents are not validated or manipulated by the system.' - type: string - source: - description: 'Source is a URI, it represents the CloudEvents source.' - type: string - type: - description: 'Type represents the CloudEvents type. It is authoritative.' - type: string - status: - description: 'Status represents the current state of the EventType. This data may be out of date.' - type: object - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - observedGeneration: - description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' - type: integer - format: int64 - additionalPrinterColumns: - - name: Type - type: string - jsonPath: ".spec.type" - - name: Source - type: string - jsonPath: ".spec.source" - - name: Schema - type: string - jsonPath: ".spec.schema" - - name: Broker - type: string - jsonPath: ".spec.broker" - - name: Description - type: string - jsonPath: ".spec.description" - # TODO remove Status https://github.com/knative/eventing/issues/2750 - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: EventType - plural: eventtypes - singular: eventtype - categories: - - all - - knative - - eventing - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: parallels.flows.knative.dev - labels: - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -spec: - group: flows.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Parallel defines conditional branches that will be wired in series through Channels and Subscriptions.' - type: object - properties: - spec: - description: Spec defines the desired state of the Parallel. - type: object - properties: - branches: - description: Branches is the list of Filter/Subscribers pairs. - type: array - items: - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - delivery: - description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: &addressableProperties - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - filter: - description: Filter is the expression guarding the branch - type: object - properties: - !!merge <<: *addressableProperties - reply: - description: Reply is a Reference to where the result of Subscriber of this case gets sent to. If not specified, sent the result to the Parallel Reply - type: object - properties: - !!merge <<: *addressableProperties - subscriber: - description: Subscriber receiving the event when the filter passes - type: object - properties: - !!merge <<: *addressableProperties - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - reply: - description: Reply is a Reference to where the result of a case Subscriber gets sent to when the case does not have a Reply - type: object - properties: - !!merge <<: *addressableProperties - status: - description: Status represents the current state of the Parallel. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - branchStatuses: - description: BranchStatuses is an array of corresponding to branch statuses. Matches the Spec.Branches array in the order. - type: array - items: - type: object - properties: - filterChannelStatus: - description: FilterChannelStatus corresponds to the filter channel status. - type: object - properties: &channelProperties - channel: - description: Channel is the reference to the underlying channel. - type: object - properties: &referentProperties - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - ready: - description: ReadyCondition indicates whether the Channel is ready or not. - type: object - x-kubernetes-preserve-unknown-fields: true - properties: &readyConditionProperties - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - filterSubscriptionStatus: - description: FilterSubscriptionStatus corresponds to the filter subscription status. - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - properties: - !!merge <<: *readyConditionProperties - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - !!merge <<: *referentProperties - subscriberSubscriptionStatus: - description: SubscriptionStatus corresponds to the subscriber subscription status. - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - properties: - !!merge <<: *readyConditionProperties - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - !!merge <<: *referentProperties - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - properties: - !!merge <<: *readyConditionProperties - ingressChannelStatus: - description: IngressChannelStatus corresponds to the ingress channel status. - type: object - properties: - !!merge <<: *channelProperties - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Parallel - plural: parallels - singular: parallel - categories: - - all - - knative - - flows - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing - annotations: - # TODO add schemas and descriptions - registry.knative.dev/eventTypes: | - [ - { "type": "dev.knative.sources.ping" } - ] - name: pingsources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - &version - name: v1beta2 - served: true - storage: false - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - description: 'PingSource describes an event source with a fixed payload produced on a specified cron schedule.' - properties: - spec: - type: object - description: 'PingSourceSpec defines the desired state of the PingSource (from the client).' - properties: - ceOverrides: - description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' - type: object - properties: - extensions: - description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' - type: object - additionalProperties: - type: string - x-kubernetes-preserve-unknown-fields: true - contentType: - description: 'ContentType is the media type of `data` or `dataBase64`. Default is empty.' - type: string - data: - description: 'Data is data used as the body of the event posted to the sink. Default is empty. Mutually exclusive with `dataBase64`.' - type: string - dataBase64: - description: "DataBase64 is the base64-encoded string of the actual event's body posted to the sink. Default is empty. Mutually exclusive with `data`." - type: string - schedule: - description: 'Schedule is the cron schedule. Defaults to `* * * * *`.' - type: string - sink: - description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' - type: object - properties: - ref: - description: 'Ref points to an Addressable.' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' - type: string - timezone: - description: 'Timezone modifies the actual time relative to the specified timezone. Defaults to the system time zone. More general information about time zones: https://www.iana.org/time-zones List of valid timezone values: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones' - type: string - status: - type: object - description: 'PingSourceStatus defines the observed state of PingSource (from the controller).' - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' - type: array - items: - type: object - properties: - source: - description: 'Source is the CloudEvents source attribute.' - type: string - type: - description: 'Type refers to the CloudEvent type attribute.' - type: string - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - observedGeneration: - description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' - type: integer - format: int64 - sinkUri: - description: 'SinkURI is the current active sink URI that has been configured for the Source.' - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: .status.sinkUri - - name: Schedule - type: string - jsonPath: .spec.schedule - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - !!merge <<: *version - name: v1 - served: true - storage: true - # v1 schema is identical to the v1beta2 schema - names: - categories: - - all - - knative - - sources - kind: PingSource - plural: pingsources - singular: pingsource - scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: sequences.flows.knative.dev - labels: - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -spec: - group: flows.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Sequence defines a sequence of Subscribers that will be wired in series through Channels and Subscriptions.' - type: object - properties: - spec: - description: Spec defines the desired state of the Sequence. - type: object - properties: - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - reply: - description: Reply is a Reference to where the result of the last Subscriber gets sent to. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - steps: - description: Steps is the list of Destinations (processors / functions) that will be called in the order provided. Each step has its own delivery options - type: array - items: - type: object - properties: - delivery: - description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - status: - description: Status represents the current state of the Sequence. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - channelStatuses: - description: ChannelStatuses is an array of corresponding Channel statuses. Matches the Spec.Steps array in the order. - type: array - items: - type: object - properties: - channel: - description: Channel is the reference to the underlying channel. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - ready: - description: ReadyCondition indicates whether the Channel is ready or not. - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscriptionStatuses: - description: SubscriptionStatuses is an array of corresponding Subscription statuses. Matches the Spec.Steps array in the order. - type: array - items: - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Sequence - plural: sequences - singular: sequence - categories: - - all - - knative - - flows - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - duck.knative.dev/binding: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing - name: sinkbindings.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'SinkBinding describes a Binding that is also a Source. The `sink` (from the Source duck) is resolved to a URL and then projected into the `subject` by augmenting the runtime contract of the referenced containers to have a `K_SINK` environment variable holding the endpoint to which to send cloud events.' - type: object - properties: - spec: - type: object - properties: - ceOverrides: - description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. - type: object - properties: - extensions: - description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. - type: object - x-kubernetes-preserve-unknown-fields: true - sink: - description: Sink is a reference to an object that will resolve to a uri to use as the sink. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - subject: - description: Subject references the resource(s) whose "runtime contract" should be augmented by Binding implementations. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: Kind of the referent. - type: string - name: - description: Name of the referent. Mutually exclusive with Selector. - type: string - namespace: - description: Namespace of the referent. - type: string - selector: - description: Selector of the referents. Mutually exclusive with Name. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - type: object - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. - type: array - items: - type: object - properties: - source: - description: Source is the CloudEvents source attribute. - type: string - type: - description: Type refers to the CloudEvent type attribute. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - sinkUri: - description: SinkURI is the current active sink URI that has been configured for the Source. - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - categories: - - all - - knative - - sources - - bindings - kind: SinkBinding - plural: sinkbindings - singular: sinkbinding - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: subscriptions.messaging.knative.dev - labels: - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -spec: - group: messaging.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Subscription routes events received on a Channel to a DNS name and corresponds to the subscriptions.channels.knative.dev CRD.' - type: object - properties: - spec: - type: object - properties: - channel: - description: 'Reference to a channel that will be used to create the subscription. You can specify only the following fields of the KReference: kind, apiVersion and name. The resource pointed by this KReference must meet the contract to the ChannelableSpec duck type. If the resource does not meet this contract it will be reflected in the Subscription''s status. This field is immutable. We have no good answer on what happens to the events that are currently in the channel being consumed from and what the semantics there should be. For now, you can always delete the Subscription and recreate it to point to a different channel, giving the user more control over what semantics should be used (drain the channel first, possibly have events dropped, etc.)' - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - delivery: - description: Delivery configuration - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - reply: - description: Reply specifies (optionally) how to handle events returned from the Subscriber target. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - subscriber: - description: Subscriber is reference to (optional) function for processing events. Events from the Channel will be delivered here and replies are sent to a Destination as specified by the Reply. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - physicalSubscription: - description: PhysicalSubscription is the fully resolved values that this Subscription represents. - type: object - properties: - deadLetterSinkUri: - description: ReplyURI is the fully resolved URI for the spec.delivery.deadLetterSink. - type: string - replyUri: - description: ReplyURI is the fully resolved URI for the spec.reply. - type: string - subscriberUri: - description: SubscriberURI is the fully resolved URI for spec.subscriber. - type: string - additionalPrinterColumns: - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Subscription - plural: subscriptions - singular: subscription - categories: - - all - - knative - - messaging - shortNames: - - sub - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: triggers.eventing.knative.dev - labels: - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -spec: - group: eventing.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Broker - type: string - jsonPath: .spec.broker - - name: Subscriber_URI - type: string - jsonPath: .status.subscriberUri - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - schema: - openAPIV3Schema: - description: 'Trigger represents a request to have events delivered to a subscriber from a Broker''s event pool.' - type: object - properties: - spec: - description: Spec defines the desired state of the Trigger. - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - broker: - description: Broker is the broker that this trigger receives events from. - type: string - delivery: - description: Delivery contains the delivery spec for this specific trigger. - type: object - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - filter: - description: 'Filter is the filter to apply against all events from the Broker. Only events that pass this filter will be sent to the Subscriber. If not specified, will default to allowing all events. ' - type: object - properties: - attributes: - description: 'Attributes filters events by exact match on event context attributes. Each key in the map is compared with the equivalent key in the event context. An event passes the filter if all values are equal to the specified values. Nested context attributes are not supported as keys. Only string values are supported. ' - type: object - x-kubernetes-preserve-unknown-fields: true - subscriber: - description: Subscriber is the addressable that receives events from the Broker that pass the Filter. It is required. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - status: - description: Status represents the current state of the Trigger. This data may be out of date. - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter sink for this Trigger, in case there is none this will fallback to it's Broker status DeadLetterSinkURI. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscriberUri: - description: SubscriberURI is the resolved URI of the receiver for this Trigger. - type: string - names: - kind: Trigger - plural: triggers - singular: trigger - categories: - - all - - knative - - eventing - scope: Namespaced - ---- diff --git a/cmd/operator/kodata/knative-eventing/1.10.3/2-eventing-core.yaml b/cmd/operator/kodata/knative-eventing/1.10.3/2-eventing-core.yaml deleted file mode 100644 index 9732ceb4ee..0000000000 --- a/cmd/operator/kodata/knative-eventing/1.10.3/2-eventing-core.yaml +++ /dev/null @@ -1,4606 +0,0 @@ -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: Namespace -metadata: - name: knative-eventing - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: eventing-controller - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-controller - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-controller - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-controller-resolver - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: addressable-resolver - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-controller-source-observer - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: source-observer - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-controller-sources-controller - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-sources-controller - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-controller-manipulator - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: channelable-manipulator - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: pingsource-mt-adapter - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-eventing-pingsource-mt-adapter - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: pingsource-mt-adapter - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-pingsource-mt-adapter - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: eventing-webhook - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-webhook - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-webhook - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-webhook - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - namespace: knative-eventing - name: eventing-webhook - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-webhook - namespace: knative-eventing -roleRef: - kind: Role - name: knative-eventing-webhook - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-webhook-resolver - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-webhook - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: addressable-resolver - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-webhook-podspecable-binding - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-webhook - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: podspecable-binding - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-br-default-channel - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -data: - channel-template-spec: | - apiVersion: messaging.knative.dev/v1 - kind: InMemoryChannel - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-br-defaults - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -data: - # Configures the default for any Broker that does not specify a spec.config or Broker class. - default-br-config: | - clusterDefault: - brokerClass: MTChannelBasedBroker - apiVersion: v1 - kind: ConfigMap - name: config-br-default-channel - namespace: knative-eventing - delivery: - retry: 10 - backoffPolicy: exponential - backoffDelay: PT0.2S - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: default-ch-webhook - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -data: - # Configuration for defaulting channels that do not specify CRD implementations. - default-ch-config: | - clusterDefault: - apiVersion: messaging.knative.dev/v1 - kind: InMemoryChannel - namespaceDefaults: - some-namespace: - apiVersion: messaging.knative.dev/v1 - kind: InMemoryChannel - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-ping-defaults - namespace: knative-eventing - labels: - annotations: - knative.dev/example-checksum: "9185c153" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # Max number of bytes allowed to be sent for message excluding any - # base64 decoding. Default is no limit set for data - data-max-size: -1 - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-features - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -data: - # ALPHA feature: The kreference-group allows you to use the Group field in KReferences. - # For more details: https://github.com/knative/eventing/issues/5086 - kreference-group: "disabled" - # ALPHA feature: The delivery-retryafter allows you to use the RetryAfter field in DeliverySpec. - # For more details: https://github.com/knative/eventing/issues/5811 - delivery-retryafter: "disabled" - # BETA feature: The delivery-timeout allows you to use the Timeout field in DeliverySpec. - # For more details: https://github.com/knative/eventing/issues/5148 - delivery-timeout: "enabled" - # ALPHA feature: The kreference-mapping allows you to map kreference onto templated URI - # For more details: https://github.com/knative/eventing/issues/5593 - kreference-mapping: "disabled" - # ALPHA feature: The new-trigger-filters flag allows you to use the new `filters` field - # in Trigger objects with its rich filtering capabilities. - # For more details: https://github.com/knative/eventing/issues/5204 - new-trigger-filters: "disabled" - # ALPHA feature: The transport-encryption flag allows you to encrypt events in transit using the transport layer security (TLS) protocol. - # For more details: https://github.com/knative/eventing/issues/5957 - transport-encryption: "disabled" - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-kreference-mapping - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - annotations: - knative.dev/example-checksum: "7375dbe1" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - - # this is an example of mapping from pod to addressable-pod service - # the data key must be of the form "kind.version.group" - # the data value must be a valid URL. Valid template data are: - # - Name: reference name - # - Namespace: reference namespace - # - SystemNamespace: knative namespace - # - UID: reference UID - # - # Pod.v1: https://addressable-pod.{{ .SystemNamespace }}.svc.cluster.local/{{ .Name }} - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-leader-election - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing - annotations: - knative.dev/example-checksum: "f7948630" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # lease-duration is how long non-leaders will wait to try to acquire the - # lock; 15 seconds is the value used by core kubernetes controllers. - lease-duration: "15s" - - # renew-deadline is how long a leader will try to renew the lease before - # giving up; 10 seconds is the value used by core kubernetes controllers. - renew-deadline: "10s" - - # retry-period is how long the leader election client waits between tries of - # actions; 2 seconds is the value used by core kubernetes controllers. - retry-period: "2s" - - # buckets is the number of buckets used to partition key space of each - # Reconciler. If this number is M and the replica number of the controller - # is N, the N replicas will compete for the M buckets. The owner of a - # bucket will take care of the reconciling for the keys partitioned into - # that bucket. - buckets: "1" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-logging - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -data: - # Common configuration for all Knative codebase - zap-logger-config: | - { - "level": "info", - "development": false, - "outputPaths": ["stdout"], - "errorOutputPaths": ["stderr"], - "encoding": "json", - "encoderConfig": { - "timeKey": "ts", - "levelKey": "level", - "nameKey": "logger", - "callerKey": "caller", - "messageKey": "msg", - "stacktraceKey": "stacktrace", - "lineEnding": "", - "levelEncoder": "", - "timeEncoder": "iso8601", - "durationEncoder": "", - "callerEncoder": "" - } - } - # Log level overrides - # For all components changes are be picked up immediately. - loglevel.controller: "info" - loglevel.webhook: "info" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-observability - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing - annotations: - knative.dev/example-checksum: "f46cf09d" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # metrics.backend-destination field specifies the system metrics destination. - # It supports either prometheus (the default) or stackdriver. - # Note: Using stackdriver will incur additional charges - metrics.backend-destination: prometheus - - # metrics.request-metrics-backend-destination specifies the request metrics - # destination. If non-empty, it enables queue proxy to send request metrics. - # Currently supported values: prometheus, stackdriver. - metrics.request-metrics-backend-destination: prometheus - - # metrics.stackdriver-project-id field specifies the stackdriver project ID. This - # field is optional. When running on GCE, application default credentials will be - # used if this field is not provided. - metrics.stackdriver-project-id: "" - - # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to - # Stackdriver using "global" resource type and custom metric type if the - # metrics are not supported by "knative_broker", "knative_trigger", and "knative_source" resource types. - # Setting this flag to "true" could cause extra Stackdriver charge. - # If metrics.backend-destination is not Stackdriver, this is ignored. - metrics.allow-stackdriver-custom-metrics: "false" - - # profiling.enable indicates whether it is allowed to retrieve runtime profiling data from - # the pods via an HTTP server in the format expected by the pprof visualization tool. When - # enabled, the Knative Eventing pods expose the profiling data on an alternate HTTP port 8008. - # The HTTP context root for profiling is then /debug/pprof/. - profiling.enable: "false" - - # sink-event-error-reporting.enable whether the adapter reports a kube event to the CRD indicating - # a failure to send a cloud event to the sink. - sink-event-error-reporting.enable: "false" - ---- -# Copyright 2022 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-sugar - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing - annotations: - knative.dev/example-checksum: "62dfac6f" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # namespace-selector specifies a LabelSelector which - # determines which namespaces the Sugar Controller should operate upon - # Use an empty value to disable the feature (this is the default): - namespace-selector: "" - - # Use an empty object as a string to enable for all namespaces - namespace-selector: "{}" - - # trigger-selector specifies a LabelSelector which - # determines which triggers the Sugar Controller should operate upon - # Use an empty value to disable the feature (this is the default): - trigger-selector: "" - - # Use an empty object as string to enable for all triggers - trigger-selector: "{}" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-tracing - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing - annotations: - knative.dev/example-checksum: "0492ceb0" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - # - # This may be "zipkin" or "none". the default is "none" - backend: "none" - - # URL to zipkin collector where traces are sent. - # This must be specified when backend is "zipkin" - zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans" - - # Enable zipkin debug mode. This allows all spans to be sent to the server - # bypassing sampling. - debug: "false" - - # Percentage (0-1) of requests to trace - sample-rate: "0.1" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: eventing-controller - namespace: knative-eventing - labels: - knative.dev/high-availability: "true" - app.kubernetes.io/component: eventing-controller - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: - app: eventing-controller - template: - metadata: - labels: - app: eventing-controller - app.kubernetes.io/component: eventing-controller - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: eventing-controller - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: eventing-controller - enableServiceLinks: false - containers: - - name: eventing-controller - terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing/cmd/controller@sha256:39d03de620c3cfbde3bd1027f752f681ce8cdba234e1c60f2e8a5c8b5ef16d0c - resources: - requests: - cpu: 100m - memory: 100Mi - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/eventing - # APIServerSource - - name: APISERVER_RA_IMAGE - value: gcr.io/knative-releases/knative.dev/eventing/cmd/apiserver_receive_adapter@sha256:9f04ca2f8079c5e8870d86ff8858e81327a0dbf307a253e4df13f5f9e9b90bec - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - ## Adapter settings - # - name: K_LOGGING_CONFIG - # value: '' - # - name: K_LEADER_ELECTION_CONFIG - # value: '' - # - name: K_NO_SHUTDOWN_AFTER - # value: '' - ## Time in seconds the adapter will wait for the sink to respond. Default is no timeout - # - name: K_SINK_TIMEOUT - # value: '' - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - livenessProbe: - httpGet: - path: /health - port: probes - scheme: HTTP - initialDelaySeconds: 20 - periodSeconds: 10 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /readiness - port: probes - scheme: HTTP - initialDelaySeconds: 20 - periodSeconds: 10 - timeoutSeconds: 5 - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: probes - containerPort: 8080 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: pingsource-mt-adapter - namespace: knative-eventing - labels: - app.kubernetes.io/component: pingsource-mt-adapter - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -spec: - # when set to 0 (and only 0) will be set to 1 when the first PingSource is created. - replicas: 0 - selector: - matchLabels: &labels - eventing.knative.dev/source: ping-source-controller - sources.knative.dev/role: adapter - template: - metadata: - labels: - !!merge <<: *labels - app.kubernetes.io/component: pingsource-mt-adapter - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: *labels - topologyKey: kubernetes.io/hostname - weight: 100 - enableServiceLinks: false - containers: - - name: dispatcher - image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtping@sha256:8758aafc6664df2918fae6ff0a70ffd497e15425f75452a3ccaa3686b865520e - env: - - name: SYSTEM_NAMESPACE - value: '' - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: NAMESPACE - value: '' - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - # DO NOT MODIFY: The values below are being filled by the ping source controller - # See 500-controller.yaml - - name: K_METRICS_CONFIG - value: '' - - name: K_LOGGING_CONFIG - value: '' - - name: K_LEADER_ELECTION_CONFIG - value: '' - - name: K_NO_SHUTDOWN_AFTER - value: '' - - name: K_SINK_TIMEOUT - value: '-1' - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - ports: - - containerPort: 9090 - name: metrics - protocol: TCP - resources: - requests: - cpu: 125m - memory: 64Mi - limits: - cpu: 1000m - memory: 2048Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - serviceAccountName: pingsource-mt-adapter - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: eventing-webhook - namespace: knative-eventing - labels: - app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: eventing-webhook - minReplicas: 1 - maxReplicas: 5 - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 100 ---- -# Webhook PDB. -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: eventing-webhook - namespace: knative-eventing - labels: - app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -spec: - minAvailable: 80% - selector: - matchLabels: - app: eventing-webhook - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: eventing-webhook - namespace: knative-eventing - labels: - app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: &labels - app: eventing-webhook - role: eventing-webhook - template: - metadata: - labels: - !!merge <<: *labels - app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: eventing-webhook - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: eventing-webhook - enableServiceLinks: false - containers: - - name: eventing-webhook - terminationMessagePolicy: FallbackToLogsOnError - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/eventing/cmd/webhook@sha256:231e189ef52d9db74eea4f4bb54c60d01593958418141549f3d954b96193ae92 - resources: - requests: - # taken from serving. - cpu: 100m - memory: 50Mi - limits: - # taken from serving. - cpu: 200m - memory: 200Mi - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: METRICS_DOMAIN - value: knative.dev/eventing - - name: WEBHOOK_NAME - value: eventing-webhook - - name: WEBHOOK_PORT - value: "8443" - # SINK_BINDING_SELECTION_MODE specifies the NamespaceSelector and ObjectSelector - # for the sinkbinding webhook. - # If `inclusion` is selected, namespaces/objects labelled as `bindings.knative.dev/include:true` - # will be considered by the sinkbinding webhook; - # If `exclusion` is selected, namespaces/objects labelled as `bindings.knative.dev/exclude:true` - # will NOT be considered by the sinkbinding webhook. - # The default is `exclusion`. - - name: SINK_BINDING_SELECTION_MODE - value: "exclusion" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: https-webhook - containerPort: 8443 - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - readinessProbe: &probe - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - livenessProbe: - !!merge <<: *probe - initialDelaySeconds: 120 - # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently - # high value that we respect whatever value it has configured for the lame duck grace period. - terminationGracePeriodSeconds: 300 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - role: eventing-webhook - app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing - name: eventing-webhook - namespace: knative-eventing -spec: - ports: - - name: https-webhook - port: 443 - targetPort: 8443 - selector: - role: eventing-webhook - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing - annotations: - # TODO add schemas and descriptions - registry.knative.dev/eventTypes: | - [ - { "type": "dev.knative.apiserver.resource.add" }, - { "type": "dev.knative.apiserver.resource.delete" }, - { "type": "dev.knative.apiserver.resource.update" }, - { "type": "dev.knative.apiserver.ref.add" }, - { "type": "dev.knative.apiserver.ref.delete" }, - { "type": "dev.knative.apiserver.ref.update" } - ] - name: apiserversources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'ApiServerSource is an event source that brings Kubernetes API server events into Knative.' - type: object - properties: - spec: - type: object - required: - - resources - properties: - ceOverrides: - description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. - type: object - properties: - extensions: - description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. - type: object - x-kubernetes-preserve-unknown-fields: true - mode: - description: EventMode controls the format of the event. `Reference` sends a dataref event type for the resource under watch. `Resource` send the full resource lifecycle event. Defaults to `Reference` - type: string - owner: - description: ResourceOwner is an additional filter to only track resources that are owned by a specific resource type. If ResourceOwner matches Resources[n] then Resources[n] is allowed to pass the ResourceOwner filter. - type: object - properties: - apiVersion: - description: APIVersion - the API version of the resource to watch. - type: string - kind: - description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - resources: - description: Resource are the resources this source will track and send related lifecycle events from the Kubernetes ApiServer, with an optional label selector to help filter. - type: array - items: - type: object - properties: - apiVersion: - description: APIVersion - the API version of the resource to watch. - type: string - kind: - description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - selector: - description: 'LabelSelector filters this source to objects to those resources pass the label selector. More info: http://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - type: object - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount to use to run this source. Defaults to default if not set. - type: string - sink: - description: Sink is a reference to an object that will resolve to a uri to use as the sink. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - namespaceSelector: - description: NamespaceSelector is a label selector to capture the namespaces that should be watched by the source. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - type: object - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. - type: array - items: - type: object - properties: - source: - description: Source is the CloudEvents source attribute. - type: string - type: - description: Type refers to the CloudEvent type attribute. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - sinkUri: - description: SinkURI is the current active sink URI that has been configured for the Source. - type: string - namespaces: - description: Namespaces show the namespaces currently watched by the ApiServerSource - type: array - items: - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - categories: - - all - - knative - - sources - kind: ApiServerSource - plural: apiserversources - singular: apiserversource - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: brokers.eventing.knative.dev - labels: - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -spec: - group: eventing.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Broker collects a pool of events that are consumable using Triggers. Brokers provide a well-known endpoint for event delivery that senders can use with minimal knowledge of the event routing strategy. Subscribers use Triggers to request delivery of events from a Broker''s pool to a specific URL or Addressable endpoint.' - type: object - properties: - spec: - description: Spec defines the desired state of the Broker. - type: object - properties: - config: - description: Config is a KReference to the configuration that specifies configuration options for this Broker. For example, this could be a pointer to a ConfigMap. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - delivery: - description: Delivery contains the delivery spec for each trigger to this Broker. Each trigger delivery spec, if any, overrides this global delivery spec. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - status: - description: Status represents the current state of the Broker. This data may be out of date. - type: object - properties: - address: - description: Broker is Addressable. It exposes the endpoint as an URI to get events delivered into the Broker mesh. - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - - name: Class - type: string - priority: 1 - jsonPath: '.metadata.annotations.eventing\.knative\.dev/broker\.class' - names: - kind: Broker - plural: brokers - singular: broker - categories: - - all - - knative - - eventing - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: channels.messaging.knative.dev - labels: - knative.dev/crd-install: "true" - messaging.knative.dev/subscribable: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -spec: - group: messaging.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - schema: - openAPIV3Schema: - description: 'Channel represents a generic Channel. It is normally used when we want a Channel, but do not need a specific Channel implementation.' - type: object - properties: - spec: - description: Spec defines the desired state of the Channel. - type: object - properties: - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use to create the CRD Channel backing this Channel. This is immutable after creation. Normally this is set by the Channel defaulter, not directly by the user. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - delivery: - description: DeliverySpec contains the default delivery spec for each subscription to this Channelable. Each subscription delivery spec, if any, overrides this global delivery spec. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - subscribers: - description: This is the list of subscriptions for this subscribable. - type: array - items: - type: object - properties: - delivery: - description: DeliverySpec contains options controlling the event delivery - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - generation: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - replyUri: - description: ReplyURI is the endpoint for the reply - type: string - subscriberUri: - description: SubscriberURI is the endpoint for the subscriber - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - status: - description: Status represents the current state of the Channel. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - channel: - description: Channel is an KReference to the Channel CRD backing this Channel. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - deadLetterChannel: - description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscribers: - description: This is the list of subscription's statuses for this channel. - type: array - items: - type: object - properties: - message: - description: A human readable message indicating details of Ready status. - type: string - observedGeneration: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - ready: - description: Status of the subscriber. - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - names: - kind: Channel - plural: channels - singular: channel - categories: - - all - - knative - - messaging - - channel - shortNames: - - ch - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing - name: containersources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'ContainerSource is an event source that starts a container image which generates events under certain situations and sends messages to a sink URI' - type: object - properties: - spec: - type: object - properties: - ceOverrides: - description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. - type: object - properties: - extensions: - description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. - type: object - x-kubernetes-preserve-unknown-fields: true - sink: - description: Sink is a reference to an object that will resolve to a uri to use as the sink. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - # WARNING: the schema tool can not parse PodTemplateSpec, stub here and redirect to Deployment documentation. - template: - type: object - x-kubernetes-preserve-unknown-fields: true - description: 'A template in the shape of `Deployment.spec.template` to be used for this ContainerSource. More info: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/' - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. - type: array - items: - type: object - properties: - source: - description: Source is the CloudEvents source attribute. - type: string - type: - description: Type refers to the CloudEvent type attribute. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - sinkUri: - description: SinkURI is the current active sink URI that has been configured for the Source. - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - categories: - - all - - knative - - sources - kind: ContainerSource - plural: containersources - singular: containersource - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: eventtypes.eventing.knative.dev - labels: - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -spec: - group: eventing.knative.dev - versions: - - name: v1beta1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - description: 'EventType represents a type of event that can be consumed from a Broker.' - properties: - spec: - description: 'Spec defines the desired state of the EventType.' - type: object - properties: - broker: - type: string - description: - description: 'Description is an optional field used to describe the EventType, in any meaningful way.' - type: string - schema: - description: 'Schema is a URI, it represents the CloudEvents schemaurl extension attribute. It may be a JSON schema, a protobuf schema, etc. It is optional.' - type: string - schemaData: - description: 'SchemaData allows the CloudEvents schema to be stored directly in the EventType. Content is dependent on the encoding. Optional attribute. The contents are not validated or manipulated by the system.' - type: string - source: - description: 'Source is a URI, it represents the CloudEvents source.' - type: string - type: - description: 'Type represents the CloudEvents type. It is authoritative.' - type: string - status: - description: 'Status represents the current state of the EventType. This data may be out of date.' - type: object - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - observedGeneration: - description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' - type: integer - format: int64 - additionalPrinterColumns: - - name: Type - type: string - jsonPath: ".spec.type" - - name: Source - type: string - jsonPath: ".spec.source" - - name: Schema - type: string - jsonPath: ".spec.schema" - - name: Broker - type: string - jsonPath: ".spec.broker" - - name: Description - type: string - jsonPath: ".spec.description" - # TODO remove Status https://github.com/knative/eventing/issues/2750 - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: EventType - plural: eventtypes - singular: eventtype - categories: - - all - - knative - - eventing - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: parallels.flows.knative.dev - labels: - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -spec: - group: flows.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Parallel defines conditional branches that will be wired in series through Channels and Subscriptions.' - type: object - properties: - spec: - description: Spec defines the desired state of the Parallel. - type: object - properties: - branches: - description: Branches is the list of Filter/Subscribers pairs. - type: array - items: - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - delivery: - description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: &addressableProperties - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - filter: - description: Filter is the expression guarding the branch - type: object - properties: - !!merge <<: *addressableProperties - reply: - description: Reply is a Reference to where the result of Subscriber of this case gets sent to. If not specified, sent the result to the Parallel Reply - type: object - properties: - !!merge <<: *addressableProperties - subscriber: - description: Subscriber receiving the event when the filter passes - type: object - properties: - !!merge <<: *addressableProperties - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - reply: - description: Reply is a Reference to where the result of a case Subscriber gets sent to when the case does not have a Reply - type: object - properties: - !!merge <<: *addressableProperties - status: - description: Status represents the current state of the Parallel. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - branchStatuses: - description: BranchStatuses is an array of corresponding to branch statuses. Matches the Spec.Branches array in the order. - type: array - items: - type: object - properties: - filterChannelStatus: - description: FilterChannelStatus corresponds to the filter channel status. - type: object - properties: &channelProperties - channel: - description: Channel is the reference to the underlying channel. - type: object - properties: &referentProperties - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - ready: - description: ReadyCondition indicates whether the Channel is ready or not. - type: object - x-kubernetes-preserve-unknown-fields: true - properties: &readyConditionProperties - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - filterSubscriptionStatus: - description: FilterSubscriptionStatus corresponds to the filter subscription status. - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - properties: - !!merge <<: *readyConditionProperties - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - !!merge <<: *referentProperties - subscriberSubscriptionStatus: - description: SubscriptionStatus corresponds to the subscriber subscription status. - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - properties: - !!merge <<: *readyConditionProperties - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - !!merge <<: *referentProperties - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - properties: - !!merge <<: *readyConditionProperties - ingressChannelStatus: - description: IngressChannelStatus corresponds to the ingress channel status. - type: object - properties: - !!merge <<: *channelProperties - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Parallel - plural: parallels - singular: parallel - categories: - - all - - knative - - flows - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing - annotations: - # TODO add schemas and descriptions - registry.knative.dev/eventTypes: | - [ - { "type": "dev.knative.sources.ping" } - ] - name: pingsources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - &version - name: v1beta2 - served: true - storage: false - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - description: 'PingSource describes an event source with a fixed payload produced on a specified cron schedule.' - properties: - spec: - type: object - description: 'PingSourceSpec defines the desired state of the PingSource (from the client).' - properties: - ceOverrides: - description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' - type: object - properties: - extensions: - description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' - type: object - additionalProperties: - type: string - x-kubernetes-preserve-unknown-fields: true - contentType: - description: 'ContentType is the media type of `data` or `dataBase64`. Default is empty.' - type: string - data: - description: 'Data is data used as the body of the event posted to the sink. Default is empty. Mutually exclusive with `dataBase64`.' - type: string - dataBase64: - description: "DataBase64 is the base64-encoded string of the actual event's body posted to the sink. Default is empty. Mutually exclusive with `data`." - type: string - schedule: - description: 'Schedule is the cron schedule. Defaults to `* * * * *`.' - type: string - sink: - description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' - type: object - properties: - ref: - description: 'Ref points to an Addressable.' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' - type: string - timezone: - description: 'Timezone modifies the actual time relative to the specified timezone. Defaults to the system time zone. More general information about time zones: https://www.iana.org/time-zones List of valid timezone values: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones' - type: string - status: - type: object - description: 'PingSourceStatus defines the observed state of PingSource (from the controller).' - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' - type: array - items: - type: object - properties: - source: - description: 'Source is the CloudEvents source attribute.' - type: string - type: - description: 'Type refers to the CloudEvent type attribute.' - type: string - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - observedGeneration: - description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' - type: integer - format: int64 - sinkUri: - description: 'SinkURI is the current active sink URI that has been configured for the Source.' - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: .status.sinkUri - - name: Schedule - type: string - jsonPath: .spec.schedule - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - !!merge <<: *version - name: v1 - served: true - storage: true - # v1 schema is identical to the v1beta2 schema - names: - categories: - - all - - knative - - sources - kind: PingSource - plural: pingsources - singular: pingsource - scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: sequences.flows.knative.dev - labels: - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -spec: - group: flows.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Sequence defines a sequence of Subscribers that will be wired in series through Channels and Subscriptions.' - type: object - properties: - spec: - description: Spec defines the desired state of the Sequence. - type: object - properties: - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - reply: - description: Reply is a Reference to where the result of the last Subscriber gets sent to. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - steps: - description: Steps is the list of Destinations (processors / functions) that will be called in the order provided. Each step has its own delivery options - type: array - items: - type: object - properties: - delivery: - description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - status: - description: Status represents the current state of the Sequence. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - channelStatuses: - description: ChannelStatuses is an array of corresponding Channel statuses. Matches the Spec.Steps array in the order. - type: array - items: - type: object - properties: - channel: - description: Channel is the reference to the underlying channel. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - ready: - description: ReadyCondition indicates whether the Channel is ready or not. - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscriptionStatuses: - description: SubscriptionStatuses is an array of corresponding Subscription statuses. Matches the Spec.Steps array in the order. - type: array - items: - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Sequence - plural: sequences - singular: sequence - categories: - - all - - knative - - flows - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - duck.knative.dev/binding: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing - name: sinkbindings.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'SinkBinding describes a Binding that is also a Source. The `sink` (from the Source duck) is resolved to a URL and then projected into the `subject` by augmenting the runtime contract of the referenced containers to have a `K_SINK` environment variable holding the endpoint to which to send cloud events.' - type: object - properties: - spec: - type: object - properties: - ceOverrides: - description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. - type: object - properties: - extensions: - description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. - type: object - x-kubernetes-preserve-unknown-fields: true - sink: - description: Sink is a reference to an object that will resolve to a uri to use as the sink. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - subject: - description: Subject references the resource(s) whose "runtime contract" should be augmented by Binding implementations. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: Kind of the referent. - type: string - name: - description: Name of the referent. Mutually exclusive with Selector. - type: string - namespace: - description: Namespace of the referent. - type: string - selector: - description: Selector of the referents. Mutually exclusive with Name. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - type: object - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. - type: array - items: - type: object - properties: - source: - description: Source is the CloudEvents source attribute. - type: string - type: - description: Type refers to the CloudEvent type attribute. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - sinkUri: - description: SinkURI is the current active sink URI that has been configured for the Source. - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - categories: - - all - - knative - - sources - - bindings - kind: SinkBinding - plural: sinkbindings - singular: sinkbinding - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: subscriptions.messaging.knative.dev - labels: - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -spec: - group: messaging.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Subscription routes events received on a Channel to a DNS name and corresponds to the subscriptions.channels.knative.dev CRD.' - type: object - properties: - spec: - type: object - properties: - channel: - description: 'Reference to a channel that will be used to create the subscription. You can specify only the following fields of the KReference: kind, apiVersion and name. The resource pointed by this KReference must meet the contract to the ChannelableSpec duck type. If the resource does not meet this contract it will be reflected in the Subscription''s status. This field is immutable. We have no good answer on what happens to the events that are currently in the channel being consumed from and what the semantics there should be. For now, you can always delete the Subscription and recreate it to point to a different channel, giving the user more control over what semantics should be used (drain the channel first, possibly have events dropped, etc.)' - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - delivery: - description: Delivery configuration - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - reply: - description: Reply specifies (optionally) how to handle events returned from the Subscriber target. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - subscriber: - description: Subscriber is reference to (optional) function for processing events. Events from the Channel will be delivered here and replies are sent to a Destination as specified by the Reply. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - physicalSubscription: - description: PhysicalSubscription is the fully resolved values that this Subscription represents. - type: object - properties: - deadLetterSinkUri: - description: ReplyURI is the fully resolved URI for the spec.delivery.deadLetterSink. - type: string - replyUri: - description: ReplyURI is the fully resolved URI for the spec.reply. - type: string - subscriberUri: - description: SubscriberURI is the fully resolved URI for spec.subscriber. - type: string - additionalPrinterColumns: - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Subscription - plural: subscriptions - singular: subscription - categories: - - all - - knative - - messaging - shortNames: - - sub - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: triggers.eventing.knative.dev - labels: - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -spec: - group: eventing.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Broker - type: string - jsonPath: .spec.broker - - name: Subscriber_URI - type: string - jsonPath: .status.subscriberUri - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - schema: - openAPIV3Schema: - description: 'Trigger represents a request to have events delivered to a subscriber from a Broker''s event pool.' - type: object - properties: - spec: - description: Spec defines the desired state of the Trigger. - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - broker: - description: Broker is the broker that this trigger receives events from. - type: string - delivery: - description: Delivery contains the delivery spec for this specific trigger. - type: object - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - filter: - description: 'Filter is the filter to apply against all events from the Broker. Only events that pass this filter will be sent to the Subscriber. If not specified, will default to allowing all events. ' - type: object - properties: - attributes: - description: 'Attributes filters events by exact match on event context attributes. Each key in the map is compared with the equivalent key in the event context. An event passes the filter if all values are equal to the specified values. Nested context attributes are not supported as keys. Only string values are supported. ' - type: object - x-kubernetes-preserve-unknown-fields: true - subscriber: - description: Subscriber is the addressable that receives events from the Broker that pass the Filter. It is required. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - status: - description: Status represents the current state of the Trigger. This data may be out of date. - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter sink for this Trigger, in case there is none this will fallback to it's Broker status DeadLetterSinkURI. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscriberUri: - description: SubscriberURI is the resolved URI of the receiver for this Trigger. - type: string - names: - kind: Trigger - plural: triggers - singular: trigger - categories: - - all - - knative - - eventing - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Use this aggregated ClusterRole when you need readonly access to "Addressables" -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: addressable-resolver - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -aggregationRule: - clusterRoleSelectors: - - matchLabels: - duck.knative.dev/addressable: "true" -rules: [] # Rules are automatically filled in by the controller manager. ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: service-addressable-resolver - labels: - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: serving-addressable-resolver - labels: - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - serving.knative.dev - resources: - - routes - - routes/status - - services - - services/status - verbs: - - get - - list - - watch ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: channel-addressable-resolver - labels: - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - messaging.knative.dev - resources: - - channels - - channels/status - verbs: - - get - - list - - watch - - apiGroups: - - messaging.knative.dev - resources: - - channels/finalizers - verbs: - - update ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: broker-addressable-resolver - labels: - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - eventing.knative.dev - resources: - - brokers - - brokers/status - verbs: - - get - - list - - watch ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: flows-addressable-resolver - labels: - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - flows.knative.dev - resources: - - sequences - - sequences/status - - parallels - - parallels/status - verbs: - - get - - list - - watch - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: eventing-broker-filter - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - "get" - - "list" - - "watch" - - apiGroups: - - "eventing.knative.dev" - resources: - - "triggers" - - "triggers/status" - verbs: - - "get" - - "list" - - "watch" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: eventing-broker-ingress - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - "get" - - "list" - - "watch" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: eventing-config-reader - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - "get" - - "list" - - "watch" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Use this aggregated ClusterRole when you need read and update permissions on "Channelables". -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: channelable-manipulator - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -aggregationRule: - clusterRoleSelectors: - - matchLabels: - duck.knative.dev/channelable: "true" -rules: [] # Rules are automatically filled in by the controller manager. ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: meta-channelable-manipulator - labels: - duck.knative.dev/channelable: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "channelable-manipulator" role. -rules: - - apiGroups: - - messaging.knative.dev - resources: - - channels - - channels/status - verbs: - - create - - get - - list - - watch - - update - - patch - - delete - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-eventing-namespaced-admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["eventing.knative.dev"] - resources: ["*"] - verbs: ["*"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-messaging-namespaced-admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["messaging.knative.dev"] - resources: ["*"] - verbs: ["*"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-flows-namespaced-admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["flows.knative.dev"] - resources: ["*"] - verbs: ["*"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-sources-namespaced-admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["sources.knative.dev"] - resources: ["*"] - verbs: ["*"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-bindings-namespaced-admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["bindings.knative.dev"] - resources: ["*"] - verbs: ["*"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-eventing-namespaced-edit - labels: - rbac.authorization.k8s.io/aggregate-to-edit: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev"] - resources: ["*"] - verbs: ["create", "update", "patch", "delete"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-eventing-namespaced-view - labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev"] - resources: ["*"] - verbs: ["get", "list", "watch"] - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-controller - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - "" - resources: - - "namespaces" - - "secrets" - - "configmaps" - - "services" - - "endpoints" - - "events" - - "serviceaccounts" - - "pods" - verbs: &everything - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" - # Brokers and the namespace annotation controllers manipulate Deployments. - - apiGroups: - - "apps" - resources: - - "deployments" - verbs: *everything - # PingSource controller manipulates Deployment owner reference - - apiGroups: - - "apps" - resources: - - "deployments/finalizers" - verbs: - - "update" - # The namespace annotation controller needs to manipulate RoleBindings. - - apiGroups: - - "rbac.authorization.k8s.io" - resources: - - "rolebindings" - verbs: *everything - # Our own resources and statuses we care about. - - apiGroups: - - "eventing.knative.dev" - resources: - - "brokers" - - "brokers/status" - - "triggers" - - "triggers/status" - - "eventtypes" - - "eventtypes/status" - verbs: *everything - # Eventing resources and finalizers we care about. - - apiGroups: - - "eventing.knative.dev" - resources: - - "brokers/finalizers" - - "triggers/finalizers" - verbs: - - "update" - # Our own resources and statuses we care about. - - apiGroups: - - "messaging.knative.dev" - resources: - - "sequences" - - "sequences/status" - - "channels" - - "channels/status" - - "parallels" - - "parallels/status" - - "subscriptions" - - "subscriptions/status" - verbs: *everything - # Flow resources and statuses we care about. - - apiGroups: - - "flows.knative.dev" - resources: - - "sequences" - - "sequences/status" - - "parallels" - - "parallels/status" - verbs: *everything - # Messaging resources and finalizers we care about. - - apiGroups: - - "messaging.knative.dev" - resources: - - "sequences/finalizers" - - "parallels/finalizers" - - "channels/finalizers" - verbs: - - "update" - # Flows resources and finalizers we care about. - - apiGroups: - - "flows.knative.dev" - resources: - - "sequences/finalizers" - - "parallels/finalizers" - verbs: - - "update" - # The subscription controller needs to retrieve and watch CustomResourceDefinitions. - - apiGroups: - - "apiextensions.k8s.io" - resources: - - "customresourcedefinitions" - verbs: - - "get" - - "list" - - "watch" - # For leader election - - apiGroups: - - "coordination.k8s.io" - resources: - - "leases" - verbs: *everything - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-pingsource-mt-adapter - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - "get" - - "list" - - "watch" - - apiGroups: - - sources.knative.dev - resources: - - pingsources - - pingsources/status - verbs: - - get - - list - - watch - - patch - - apiGroups: - - sources.knative.dev - resources: - - pingsources/finalizers - verbs: - - "patch" - - apiGroups: - - "" - resources: - - events - verbs: - - "create" - - "patch" - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Use this aggregated ClusterRole when you need readonly access to "PodSpecables" -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: podspecable-binding - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -aggregationRule: - clusterRoleSelectors: - - matchLabels: - duck.knative.dev/podspecable: "true" -rules: [] # Rules are automatically filled in by the controller manager. ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: builtin-podspecable-binding - labels: - duck.knative.dev/podspecable: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "podspecable-binding role. -rules: - # To patch the subjects of our bindings - - apiGroups: - - "apps" - resources: - - "deployments" - - "daemonsets" - - "statefulsets" - - "replicasets" - verbs: - - "list" - - "watch" - - "patch" - - apiGroups: - - "batch" - resources: - - "jobs" - verbs: - - "list" - - "watch" - - "patch" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Use this aggregated ClusterRole when you need to read "Sources". -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: source-observer - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -aggregationRule: - clusterRoleSelectors: - - matchLabels: - duck.knative.dev/source: "true" -rules: [] # Rules are automatically filled in by the controller manager. ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: eventing-sources-source-observer - labels: - duck.knative.dev/source: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "source-observer" role. -rules: - - apiGroups: - - sources.knative.dev - resources: - - apiserversources - - pingsources - - sinkbindings - - containersources - verbs: - - get - - list - - watch - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-sources-controller - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - "" - resources: - - "secrets" - - "configmaps" - - "services" - verbs: &everything - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" - # Deployments admin - - apiGroups: - - "apps" - resources: - - "deployments" - verbs: *everything - # Source resources and statuses we care about. - - apiGroups: - - "sources.knative.dev" - resources: - - "sinkbindings" - - "sinkbindings/status" - - "sinkbindings/finalizers" - - "apiserversources" - - "apiserversources/status" - - "apiserversources/finalizers" - - "pingsources" - - "pingsources/status" - - "pingsources/finalizers" - - "containersources" - - "containersources/status" - - "containersources/finalizers" - verbs: *everything - # Knative Services admin - - apiGroups: - - serving.knative.dev - resources: - - services - verbs: *everything - # EventTypes admin - - apiGroups: - - eventing.knative.dev - resources: - - eventtypes - verbs: *everything - # Events admin - - apiGroups: - - "" - resources: - - events - verbs: *everything - # Authorization checker - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-webhook - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -rules: - # For watching logging configuration and getting certs. - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - "get" - - "list" - - "watch" - # For manipulating certs into secrets. - - apiGroups: - - "" - resources: - - "namespaces" - verbs: - - "get" - - "create" - - "update" - - "list" - - "watch" - - "patch" - # finalizers are needed for the owner reference of the webhook - - apiGroups: - - "" - resources: - - "namespaces/finalizers" - verbs: - - "update" - # For getting our Deployment so we can decorate with ownerref. - - apiGroups: - - "apps" - resources: - - "deployments" - verbs: - - "get" - - apiGroups: - - "apps" - resources: - - "deployments/finalizers" - verbs: - - update - # For actually registering our webhook. - - apiGroups: - - "admissionregistration.k8s.io" - resources: - - "mutatingwebhookconfigurations" - - "validatingwebhookconfigurations" - verbs: &everything - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" - # For running the SinkBinding reconciler. - - apiGroups: - - "sources.knative.dev" - resources: - - "sinkbindings" - - "sinkbindings/status" - - "sinkbindings/finalizers" - verbs: *everything - # For leader election - - apiGroups: - - "coordination.k8s.io" - resources: - - "leases" - verbs: *everything - # For creating events - - apiGroups: - - "" - - "events.k8s.io" - resources: - - "events" - verbs: - - "get" - - "list" - - "create" - - "patch" - # Necessary for conversion webhook. These are copied from the serving - # TODO: Do we really need all these permissions? - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: knative-eventing - name: knative-eventing-webhook - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -rules: - # For manipulating certs into secrets. - - apiGroups: - - "" - resources: - - "secrets" - verbs: - - "get" - - "create" - - "update" - - "list" - - "watch" - - "patch" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: config.webhook.eventing.knative.dev - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing - sideEffects: None - failurePolicy: Ignore - name: config.webhook.eventing.knative.dev - namespaceSelector: - matchExpressions: - timeoutSeconds: 10 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: webhook.eventing.knative.dev - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing - sideEffects: None - failurePolicy: Fail - name: webhook.eventing.knative.dev - timeoutSeconds: 10 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validation.webhook.eventing.knative.dev - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing - sideEffects: None - failurePolicy: Fail - name: validation.webhook.eventing.knative.dev - timeoutSeconds: 10 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: eventing-webhook-certs - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -# The data is populated at install time. - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: sinkbindings.webhook.sources.knative.dev - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing - failurePolicy: Fail - sideEffects: None - name: sinkbindings.webhook.sources.knative.dev - timeoutSeconds: 10 - ---- diff --git a/cmd/operator/kodata/knative-eventing/1.10.3/3-eventing-tls-networking.yaml b/cmd/operator/kodata/knative-eventing/1.10.3/3-eventing-tls-networking.yaml deleted file mode 100644 index f6dfe17d57..0000000000 --- a/cmd/operator/kodata/knative-eventing/1.10.3/3-eventing-tls-networking.yaml +++ /dev/null @@ -1,99 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: selfsigned-issuer - namespace: knative-eventing -spec: - selfSigned: {} - ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: imc-dispatcher-server-tls - namespace: knative-eventing -spec: - # Secret names are always required. - secretName: imc-dispatcher-server-tls - secretTemplate: - labels: - app.kubernetes.io/component: imc-dispatcher - app.kubernetes.io/name: knative-eventing - duration: 2160h # 90d - renewBefore: 360h # 15d - subject: - organizations: - - local - isCA: false - privateKey: - algorithm: RSA - encoding: PKCS1 - size: 2048 - dnsNames: - - imc-dispatcher.knative-eventing.svc.cluster.local - issuerRef: - name: selfsigned-issuer - kind: Issuer - group: cert-manager.io - ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: mt-broker-filter-server-tls - namespace: knative-eventing -spec: - # Secret names are always required. - secretName: mt-broker-filter-server-tls - secretTemplate: - labels: - app.kubernetes.io/component: broker-filter - app.kubernetes.io/name: knative-eventing - duration: 2160h # 90d - renewBefore: 360h # 15d - subject: - organizations: - - local - isCA: false - privateKey: - algorithm: RSA - encoding: PKCS1 - size: 2048 - dnsNames: - - broker-filter.knative-eventing.svc.cluster.local - issuerRef: - name: selfsigned-issuer - kind: Issuer - group: cert-manager.io - ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: mt-broker-ingress-server-tls - namespace: knative-eventing -spec: - # Secret names are always required. - secretName: mt-broker-ingress-server-tls - secretTemplate: - labels: - app.kubernetes.io/component: broker-ingress - app.kubernetes.io/name: knative-eventing - duration: 2160h # 90d - renewBefore: 360h # 15d - subject: - organizations: - - local - isCA: false - privateKey: - algorithm: RSA - encoding: PKCS1 - size: 2048 - dnsNames: - - broker-ingress.knative-eventing.svc.cluster.local - issuerRef: - name: selfsigned-issuer - kind: Issuer - group: cert-manager.io - ---- diff --git a/cmd/operator/kodata/knative-eventing/1.10.3/5-mt-channel-broker.yaml b/cmd/operator/kodata/knative-eventing/1.10.3/5-mt-channel-broker.yaml deleted file mode 100644 index 550ac20632..0000000000 --- a/cmd/operator/kodata/knative-eventing/1.10.3/5-mt-channel-broker.yaml +++ /dev/null @@ -1,657 +0,0 @@ -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-mt-channel-broker-controller - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -rules: - # Configs resources and status we care about. - - apiGroups: - - "" - resources: - - "namespaces/finalizers" - verbs: - - "update" - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-mt-broker-filter - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - eventing.knative.dev - resources: - - triggers - - triggers/status - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - get - - list - - watch - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: ServiceAccount -metadata: - name: mt-broker-filter - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-mt-broker-ingress - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - eventing.knative.dev - resources: - - brokers - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - get - - list - - watch - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: ServiceAccount -metadata: - name: mt-broker-ingress - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-mt-channel-broker-controller - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-mt-channel-broker-controller - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-eventing-mt-broker-filter - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: mt-broker-filter - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-mt-broker-filter - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-eventing-mt-broker-ingress - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: mt-broker-ingress - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-mt-broker-ingress - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mt-broker-filter - namespace: knative-eventing - labels: - app.kubernetes.io/component: broker-filter - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: - eventing.knative.dev/brokerRole: filter - template: - metadata: - labels: - eventing.knative.dev/brokerRole: filter - app.kubernetes.io/component: broker-filter - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing - spec: - serviceAccountName: mt-broker-filter - enableServiceLinks: false - containers: - - name: filter - terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing/cmd/broker/filter@sha256:b960819c0acb60cf9ce7ad8f3e82f57dc0c75d9e9f2826610bdc71bed053f0ea - readinessProbe: &probe - failureThreshold: 3 - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 - livenessProbe: - !!merge <<: *probe - initialDelaySeconds: 5 - resources: - requests: - cpu: 100m - memory: 100Mi - ports: - - containerPort: 8080 - name: http - protocol: TCP - - containerPort: 9092 - name: metrics - protocol: TCP - terminationMessagePath: /dev/termination-log - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: CONTAINER_NAME - value: filter - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/internal/eventing - - name: FILTER_PORT - value: "8080" - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault ---- -apiVersion: v1 -kind: Service -metadata: - labels: - eventing.knative.dev/brokerRole: filter - app.kubernetes.io/component: broker-filter - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing - name: broker-filter - namespace: knative-eventing -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 8080 - - name: http-metrics - port: 9092 - protocol: TCP - targetPort: 9092 - selector: - eventing.knative.dev/brokerRole: filter - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mt-broker-ingress - namespace: knative-eventing - labels: - app.kubernetes.io/component: broker-ingress - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: - eventing.knative.dev/brokerRole: ingress - template: - metadata: - labels: - eventing.knative.dev/brokerRole: ingress - app.kubernetes.io/component: broker-ingress - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing - spec: - serviceAccountName: mt-broker-ingress - enableServiceLinks: false - containers: - - name: ingress - terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing/cmd/broker/ingress@sha256:a73b76d658df0f917ff88778f3b406f62d758aa5807827926b156e5d499b493b - readinessProbe: &probe - failureThreshold: 3 - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 - livenessProbe: - !!merge <<: *probe - initialDelaySeconds: 5 - resources: - requests: - cpu: 100m - memory: 100Mi - ports: - - containerPort: 8080 - name: http - protocol: TCP - - containerPort: 9092 - name: metrics - protocol: TCP - terminationMessagePath: /dev/termination-log - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: CONTAINER_NAME - value: ingress - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/internal/eventing - - name: INGRESS_PORT - value: "8080" - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault ---- -apiVersion: v1 -kind: Service -metadata: - labels: - eventing.knative.dev/brokerRole: ingress - app.kubernetes.io/component: broker-ingress - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing - name: broker-ingress - namespace: knative-eventing -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 8080 - - name: http-metrics - port: 9092 - protocol: TCP - targetPort: 9092 - selector: - eventing.knative.dev/brokerRole: ingress - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mt-broker-controller - namespace: knative-eventing - labels: - app.kubernetes.io/component: mt-broker-controller - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: - app: mt-broker-controller - template: - metadata: - labels: - app: mt-broker-controller - app.kubernetes.io/component: broker-controller - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: mt-broker-controller - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: eventing-controller - enableServiceLinks: false - containers: - - name: mt-broker-controller - terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtchannel_broker@sha256:3daf10a862ae2fdff699c01c5bbfc34a35a0726d8e1f77a12f0b649750b6bbe0 - resources: - requests: - cpu: 100m - memory: 100Mi - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/eventing - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: broker-ingress-hpa - namespace: knative-eventing - labels: - app.kubernetes.io/component: broker-ingress - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: mt-broker-ingress - minReplicas: 1 - maxReplicas: 10 - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 70 ---- -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: broker-filter-hpa - namespace: knative-eventing - labels: - app.kubernetes.io/component: broker-filter - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: mt-broker-filter - minReplicas: 1 - maxReplicas: 10 - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 70 - ---- diff --git a/cmd/operator/kodata/knative-eventing/1.10.3/6-eventing-post-install.yaml b/cmd/operator/kodata/knative-eventing/1.10.3/6-eventing-post-install.yaml deleted file mode 100644 index bfa440f4d3..0000000000 --- a/cmd/operator/kodata/knative-eventing/1.10.3/6-eventing-post-install.yaml +++ /dev/null @@ -1,226 +0,0 @@ -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-post-install-job-role - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -rules: - # Storage version upgrader needs to be able to patch CRDs. - - apiGroups: - - "apiextensions.k8s.io" - resources: - - "customresourcedefinitions" - - "customresourcedefinitions/status" - verbs: - - "get" - - "list" - - "update" - - "patch" - - "watch" - # Our own resources we care about. - - apiGroups: - - "sources.knative.dev" - resources: - - "apiserversources" - - "apiserversources/finalizers" - - "apiserversources/status" - - "containersources" - - "containersources/finalizers" - - "containersources/status" - - "pingsources" - - "pingsources/finalizers" - - "pingsources/status" - - "sinkbindings" - - "sinkbindings/finalizers" - - "sinkbindings/status" - verbs: - - "get" - - "list" - - "create" - - "update" - - "patch" - - "watch" - - apiGroups: - - "eventing.knative.dev" - resources: - - "brokers" - - "brokers/finalizers" - - "brokers/status" - - "eventtypes" - - "eventtypes/finalizers" - - "eventtypes/status" - - "triggers" - - "triggers/finalizers" - - "triggers/status" - verbs: - - "get" - - "list" - - "create" - - "update" - - "patch" - - "watch" - - apiGroups: - - "messaging.knative.dev" - resources: - - "channels" - - "channels/finalizers" - - "channels/status" - - "inmemorychannels" - - "inmemorychannels/finalizers" - - "inmemorychannels/status" - - "subscriptions" - - "subscriptions/finalizers" - - "subscriptions/status" - verbs: - - "get" - - "list" - - "create" - - "update" - - "patch" - - "watch" - - apiGroups: - - "flows.knative.dev" - resources: - - "parallels" - - "parallels/finalizers" - - "parallels/status" - - "sequences" - - "sequences/finalizers" - - "sequences/status" - verbs: - - "get" - - "list" - - "create" - - "update" - - "patch" - - "watch" - - apiGroups: - - "" - resources: - - "namespaces" - verbs: - - "get" - - "list" - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: knative-eventing-post-install-job - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-eventing-post-install-job-role-binding - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: knative-eventing-post-install-job - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-post-install-job-role - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: batch/v1 -kind: Job -metadata: - generateName: storage-version-migration-eventing- - namespace: knative-eventing - labels: - app: "storage-version-migration-eventing" - app.kubernetes.io/name: knative-eventing - app.kubernetes.io/component: storage-version-migration-job - app.kubernetes.io/version: "1.10.3" -spec: - ttlSecondsAfterFinished: 600 - backoffLimit: 10 - template: - metadata: - labels: - app: "storage-version-migration-eventing" - app.kubernetes.io/name: knative-eventing - app.kubernetes.io/component: storage-version-migration-job - app.kubernetes.io/version: "1.10.3" - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: knative-eventing-post-install-job - restartPolicy: OnFailure - containers: - - name: migrate - image: gcr.io/knative-releases/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:3f19c740efc2f2bc3175e57e8d6adab350a37df90bffb39d2aa5a33790cf033d - args: - - "apiserversources.sources.knative.dev" - - "brokers.eventing.knative.dev" - - "channels.messaging.knative.dev" - - "containersources.sources.knative.dev" - - "eventtypes.eventing.knative.dev" - - "inmemorychannels.messaging.knative.dev" - - "parallels.flows.knative.dev" - - "pingsources.sources.knative.dev" - - "sequences.flows.knative.dev" - - "sinkbindings.sources.knative.dev" - - "subscriptions.messaging.knative.dev" - - "triggers.eventing.knative.dev" - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ---- diff --git a/cmd/operator/kodata/knative-eventing/1.10.4/1-eventing-crds.yaml b/cmd/operator/kodata/knative-eventing/1.10.4/1-eventing-crds.yaml deleted file mode 100644 index cd41adf2f2..0000000000 --- a/cmd/operator/kodata/knative-eventing/1.10.4/1-eventing-crds.yaml +++ /dev/null @@ -1,2319 +0,0 @@ -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing - annotations: - # TODO add schemas and descriptions - registry.knative.dev/eventTypes: | - [ - { "type": "dev.knative.apiserver.resource.add" }, - { "type": "dev.knative.apiserver.resource.delete" }, - { "type": "dev.knative.apiserver.resource.update" }, - { "type": "dev.knative.apiserver.ref.add" }, - { "type": "dev.knative.apiserver.ref.delete" }, - { "type": "dev.knative.apiserver.ref.update" } - ] - name: apiserversources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'ApiServerSource is an event source that brings Kubernetes API server events into Knative.' - type: object - properties: - spec: - type: object - required: - - resources - properties: - ceOverrides: - description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. - type: object - properties: - extensions: - description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. - type: object - x-kubernetes-preserve-unknown-fields: true - mode: - description: EventMode controls the format of the event. `Reference` sends a dataref event type for the resource under watch. `Resource` send the full resource lifecycle event. Defaults to `Reference` - type: string - owner: - description: ResourceOwner is an additional filter to only track resources that are owned by a specific resource type. If ResourceOwner matches Resources[n] then Resources[n] is allowed to pass the ResourceOwner filter. - type: object - properties: - apiVersion: - description: APIVersion - the API version of the resource to watch. - type: string - kind: - description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - resources: - description: Resource are the resources this source will track and send related lifecycle events from the Kubernetes ApiServer, with an optional label selector to help filter. - type: array - items: - type: object - properties: - apiVersion: - description: APIVersion - the API version of the resource to watch. - type: string - kind: - description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - selector: - description: 'LabelSelector filters this source to objects to those resources pass the label selector. More info: http://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - type: object - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount to use to run this source. Defaults to default if not set. - type: string - sink: - description: Sink is a reference to an object that will resolve to a uri to use as the sink. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - namespaceSelector: - description: NamespaceSelector is a label selector to capture the namespaces that should be watched by the source. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - type: object - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. - type: array - items: - type: object - properties: - source: - description: Source is the CloudEvents source attribute. - type: string - type: - description: Type refers to the CloudEvent type attribute. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - sinkUri: - description: SinkURI is the current active sink URI that has been configured for the Source. - type: string - namespaces: - description: Namespaces show the namespaces currently watched by the ApiServerSource - type: array - items: - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - categories: - - all - - knative - - sources - kind: ApiServerSource - plural: apiserversources - singular: apiserversource - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: brokers.eventing.knative.dev - labels: - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -spec: - group: eventing.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Broker collects a pool of events that are consumable using Triggers. Brokers provide a well-known endpoint for event delivery that senders can use with minimal knowledge of the event routing strategy. Subscribers use Triggers to request delivery of events from a Broker''s pool to a specific URL or Addressable endpoint.' - type: object - properties: - spec: - description: Spec defines the desired state of the Broker. - type: object - properties: - config: - description: Config is a KReference to the configuration that specifies configuration options for this Broker. For example, this could be a pointer to a ConfigMap. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - delivery: - description: Delivery contains the delivery spec for each trigger to this Broker. Each trigger delivery spec, if any, overrides this global delivery spec. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - status: - description: Status represents the current state of the Broker. This data may be out of date. - type: object - properties: - address: - description: Broker is Addressable. It exposes the endpoint as an URI to get events delivered into the Broker mesh. - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - - name: Class - type: string - priority: 1 - jsonPath: '.metadata.annotations.eventing\.knative\.dev/broker\.class' - names: - kind: Broker - plural: brokers - singular: broker - categories: - - all - - knative - - eventing - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: channels.messaging.knative.dev - labels: - knative.dev/crd-install: "true" - messaging.knative.dev/subscribable: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -spec: - group: messaging.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - schema: - openAPIV3Schema: - description: 'Channel represents a generic Channel. It is normally used when we want a Channel, but do not need a specific Channel implementation.' - type: object - properties: - spec: - description: Spec defines the desired state of the Channel. - type: object - properties: - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use to create the CRD Channel backing this Channel. This is immutable after creation. Normally this is set by the Channel defaulter, not directly by the user. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - delivery: - description: DeliverySpec contains the default delivery spec for each subscription to this Channelable. Each subscription delivery spec, if any, overrides this global delivery spec. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - subscribers: - description: This is the list of subscriptions for this subscribable. - type: array - items: - type: object - properties: - delivery: - description: DeliverySpec contains options controlling the event delivery - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - generation: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - replyUri: - description: ReplyURI is the endpoint for the reply - type: string - subscriberUri: - description: SubscriberURI is the endpoint for the subscriber - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - status: - description: Status represents the current state of the Channel. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - channel: - description: Channel is an KReference to the Channel CRD backing this Channel. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - deadLetterChannel: - description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscribers: - description: This is the list of subscription's statuses for this channel. - type: array - items: - type: object - properties: - message: - description: A human readable message indicating details of Ready status. - type: string - observedGeneration: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - ready: - description: Status of the subscriber. - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - names: - kind: Channel - plural: channels - singular: channel - categories: - - all - - knative - - messaging - - channel - shortNames: - - ch - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing - name: containersources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'ContainerSource is an event source that starts a container image which generates events under certain situations and sends messages to a sink URI' - type: object - properties: - spec: - type: object - properties: - ceOverrides: - description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. - type: object - properties: - extensions: - description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. - type: object - x-kubernetes-preserve-unknown-fields: true - sink: - description: Sink is a reference to an object that will resolve to a uri to use as the sink. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - # WARNING: the schema tool can not parse PodTemplateSpec, stub here and redirect to Deployment documentation. - template: - type: object - x-kubernetes-preserve-unknown-fields: true - description: 'A template in the shape of `Deployment.spec.template` to be used for this ContainerSource. More info: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/' - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. - type: array - items: - type: object - properties: - source: - description: Source is the CloudEvents source attribute. - type: string - type: - description: Type refers to the CloudEvent type attribute. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - sinkUri: - description: SinkURI is the current active sink URI that has been configured for the Source. - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - categories: - - all - - knative - - sources - kind: ContainerSource - plural: containersources - singular: containersource - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: eventtypes.eventing.knative.dev - labels: - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -spec: - group: eventing.knative.dev - versions: - - name: v1beta1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - description: 'EventType represents a type of event that can be consumed from a Broker.' - properties: - spec: - description: 'Spec defines the desired state of the EventType.' - type: object - properties: - broker: - type: string - description: - description: 'Description is an optional field used to describe the EventType, in any meaningful way.' - type: string - schema: - description: 'Schema is a URI, it represents the CloudEvents schemaurl extension attribute. It may be a JSON schema, a protobuf schema, etc. It is optional.' - type: string - schemaData: - description: 'SchemaData allows the CloudEvents schema to be stored directly in the EventType. Content is dependent on the encoding. Optional attribute. The contents are not validated or manipulated by the system.' - type: string - source: - description: 'Source is a URI, it represents the CloudEvents source.' - type: string - type: - description: 'Type represents the CloudEvents type. It is authoritative.' - type: string - status: - description: 'Status represents the current state of the EventType. This data may be out of date.' - type: object - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - observedGeneration: - description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' - type: integer - format: int64 - additionalPrinterColumns: - - name: Type - type: string - jsonPath: ".spec.type" - - name: Source - type: string - jsonPath: ".spec.source" - - name: Schema - type: string - jsonPath: ".spec.schema" - - name: Broker - type: string - jsonPath: ".spec.broker" - - name: Description - type: string - jsonPath: ".spec.description" - # TODO remove Status https://github.com/knative/eventing/issues/2750 - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: EventType - plural: eventtypes - singular: eventtype - categories: - - all - - knative - - eventing - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: parallels.flows.knative.dev - labels: - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -spec: - group: flows.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Parallel defines conditional branches that will be wired in series through Channels and Subscriptions.' - type: object - properties: - spec: - description: Spec defines the desired state of the Parallel. - type: object - properties: - branches: - description: Branches is the list of Filter/Subscribers pairs. - type: array - items: - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - delivery: - description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: &addressableProperties - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - filter: - description: Filter is the expression guarding the branch - type: object - properties: - !!merge <<: *addressableProperties - reply: - description: Reply is a Reference to where the result of Subscriber of this case gets sent to. If not specified, sent the result to the Parallel Reply - type: object - properties: - !!merge <<: *addressableProperties - subscriber: - description: Subscriber receiving the event when the filter passes - type: object - properties: - !!merge <<: *addressableProperties - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - reply: - description: Reply is a Reference to where the result of a case Subscriber gets sent to when the case does not have a Reply - type: object - properties: - !!merge <<: *addressableProperties - status: - description: Status represents the current state of the Parallel. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - branchStatuses: - description: BranchStatuses is an array of corresponding to branch statuses. Matches the Spec.Branches array in the order. - type: array - items: - type: object - properties: - filterChannelStatus: - description: FilterChannelStatus corresponds to the filter channel status. - type: object - properties: &channelProperties - channel: - description: Channel is the reference to the underlying channel. - type: object - properties: &referentProperties - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - ready: - description: ReadyCondition indicates whether the Channel is ready or not. - type: object - x-kubernetes-preserve-unknown-fields: true - properties: &readyConditionProperties - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - filterSubscriptionStatus: - description: FilterSubscriptionStatus corresponds to the filter subscription status. - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - properties: - !!merge <<: *readyConditionProperties - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - !!merge <<: *referentProperties - subscriberSubscriptionStatus: - description: SubscriptionStatus corresponds to the subscriber subscription status. - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - properties: - !!merge <<: *readyConditionProperties - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - !!merge <<: *referentProperties - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - properties: - !!merge <<: *readyConditionProperties - ingressChannelStatus: - description: IngressChannelStatus corresponds to the ingress channel status. - type: object - properties: - !!merge <<: *channelProperties - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Parallel - plural: parallels - singular: parallel - categories: - - all - - knative - - flows - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing - annotations: - # TODO add schemas and descriptions - registry.knative.dev/eventTypes: | - [ - { "type": "dev.knative.sources.ping" } - ] - name: pingsources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - &version - name: v1beta2 - served: true - storage: false - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - description: 'PingSource describes an event source with a fixed payload produced on a specified cron schedule.' - properties: - spec: - type: object - description: 'PingSourceSpec defines the desired state of the PingSource (from the client).' - properties: - ceOverrides: - description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' - type: object - properties: - extensions: - description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' - type: object - additionalProperties: - type: string - x-kubernetes-preserve-unknown-fields: true - contentType: - description: 'ContentType is the media type of `data` or `dataBase64`. Default is empty.' - type: string - data: - description: 'Data is data used as the body of the event posted to the sink. Default is empty. Mutually exclusive with `dataBase64`.' - type: string - dataBase64: - description: "DataBase64 is the base64-encoded string of the actual event's body posted to the sink. Default is empty. Mutually exclusive with `data`." - type: string - schedule: - description: 'Schedule is the cron schedule. Defaults to `* * * * *`.' - type: string - sink: - description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' - type: object - properties: - ref: - description: 'Ref points to an Addressable.' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' - type: string - timezone: - description: 'Timezone modifies the actual time relative to the specified timezone. Defaults to the system time zone. More general information about time zones: https://www.iana.org/time-zones List of valid timezone values: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones' - type: string - status: - type: object - description: 'PingSourceStatus defines the observed state of PingSource (from the controller).' - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' - type: array - items: - type: object - properties: - source: - description: 'Source is the CloudEvents source attribute.' - type: string - type: - description: 'Type refers to the CloudEvent type attribute.' - type: string - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - observedGeneration: - description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' - type: integer - format: int64 - sinkUri: - description: 'SinkURI is the current active sink URI that has been configured for the Source.' - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: .status.sinkUri - - name: Schedule - type: string - jsonPath: .spec.schedule - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - !!merge <<: *version - name: v1 - served: true - storage: true - # v1 schema is identical to the v1beta2 schema - names: - categories: - - all - - knative - - sources - kind: PingSource - plural: pingsources - singular: pingsource - scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: sequences.flows.knative.dev - labels: - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -spec: - group: flows.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Sequence defines a sequence of Subscribers that will be wired in series through Channels and Subscriptions.' - type: object - properties: - spec: - description: Spec defines the desired state of the Sequence. - type: object - properties: - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - reply: - description: Reply is a Reference to where the result of the last Subscriber gets sent to. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - steps: - description: Steps is the list of Destinations (processors / functions) that will be called in the order provided. Each step has its own delivery options - type: array - items: - type: object - properties: - delivery: - description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - status: - description: Status represents the current state of the Sequence. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - channelStatuses: - description: ChannelStatuses is an array of corresponding Channel statuses. Matches the Spec.Steps array in the order. - type: array - items: - type: object - properties: - channel: - description: Channel is the reference to the underlying channel. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - ready: - description: ReadyCondition indicates whether the Channel is ready or not. - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscriptionStatuses: - description: SubscriptionStatuses is an array of corresponding Subscription statuses. Matches the Spec.Steps array in the order. - type: array - items: - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Sequence - plural: sequences - singular: sequence - categories: - - all - - knative - - flows - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - duck.knative.dev/binding: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing - name: sinkbindings.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'SinkBinding describes a Binding that is also a Source. The `sink` (from the Source duck) is resolved to a URL and then projected into the `subject` by augmenting the runtime contract of the referenced containers to have a `K_SINK` environment variable holding the endpoint to which to send cloud events.' - type: object - properties: - spec: - type: object - properties: - ceOverrides: - description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. - type: object - properties: - extensions: - description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. - type: object - x-kubernetes-preserve-unknown-fields: true - sink: - description: Sink is a reference to an object that will resolve to a uri to use as the sink. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - subject: - description: Subject references the resource(s) whose "runtime contract" should be augmented by Binding implementations. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: Kind of the referent. - type: string - name: - description: Name of the referent. Mutually exclusive with Selector. - type: string - namespace: - description: Namespace of the referent. - type: string - selector: - description: Selector of the referents. Mutually exclusive with Name. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - type: object - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. - type: array - items: - type: object - properties: - source: - description: Source is the CloudEvents source attribute. - type: string - type: - description: Type refers to the CloudEvent type attribute. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - sinkUri: - description: SinkURI is the current active sink URI that has been configured for the Source. - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - categories: - - all - - knative - - sources - - bindings - kind: SinkBinding - plural: sinkbindings - singular: sinkbinding - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: subscriptions.messaging.knative.dev - labels: - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -spec: - group: messaging.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Subscription routes events received on a Channel to a DNS name and corresponds to the subscriptions.channels.knative.dev CRD.' - type: object - properties: - spec: - type: object - properties: - channel: - description: 'Reference to a channel that will be used to create the subscription. You can specify only the following fields of the KReference: kind, apiVersion and name. The resource pointed by this KReference must meet the contract to the ChannelableSpec duck type. If the resource does not meet this contract it will be reflected in the Subscription''s status. This field is immutable. We have no good answer on what happens to the events that are currently in the channel being consumed from and what the semantics there should be. For now, you can always delete the Subscription and recreate it to point to a different channel, giving the user more control over what semantics should be used (drain the channel first, possibly have events dropped, etc.)' - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - delivery: - description: Delivery configuration - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - reply: - description: Reply specifies (optionally) how to handle events returned from the Subscriber target. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - subscriber: - description: Subscriber is reference to (optional) function for processing events. Events from the Channel will be delivered here and replies are sent to a Destination as specified by the Reply. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - physicalSubscription: - description: PhysicalSubscription is the fully resolved values that this Subscription represents. - type: object - properties: - deadLetterSinkUri: - description: ReplyURI is the fully resolved URI for the spec.delivery.deadLetterSink. - type: string - replyUri: - description: ReplyURI is the fully resolved URI for the spec.reply. - type: string - subscriberUri: - description: SubscriberURI is the fully resolved URI for spec.subscriber. - type: string - additionalPrinterColumns: - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Subscription - plural: subscriptions - singular: subscription - categories: - - all - - knative - - messaging - shortNames: - - sub - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: triggers.eventing.knative.dev - labels: - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -spec: - group: eventing.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Broker - type: string - jsonPath: .spec.broker - - name: Subscriber_URI - type: string - jsonPath: .status.subscriberUri - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - schema: - openAPIV3Schema: - description: 'Trigger represents a request to have events delivered to a subscriber from a Broker''s event pool.' - type: object - properties: - spec: - description: Spec defines the desired state of the Trigger. - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - broker: - description: Broker is the broker that this trigger receives events from. - type: string - delivery: - description: Delivery contains the delivery spec for this specific trigger. - type: object - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - filter: - description: 'Filter is the filter to apply against all events from the Broker. Only events that pass this filter will be sent to the Subscriber. If not specified, will default to allowing all events. ' - type: object - properties: - attributes: - description: 'Attributes filters events by exact match on event context attributes. Each key in the map is compared with the equivalent key in the event context. An event passes the filter if all values are equal to the specified values. Nested context attributes are not supported as keys. Only string values are supported. ' - type: object - x-kubernetes-preserve-unknown-fields: true - subscriber: - description: Subscriber is the addressable that receives events from the Broker that pass the Filter. It is required. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - status: - description: Status represents the current state of the Trigger. This data may be out of date. - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter sink for this Trigger, in case there is none this will fallback to it's Broker status DeadLetterSinkURI. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscriberUri: - description: SubscriberURI is the resolved URI of the receiver for this Trigger. - type: string - names: - kind: Trigger - plural: triggers - singular: trigger - categories: - - all - - knative - - eventing - scope: Namespaced - ---- diff --git a/cmd/operator/kodata/knative-eventing/1.10.4/3-eventing-tls-networking.yaml b/cmd/operator/kodata/knative-eventing/1.10.4/3-eventing-tls-networking.yaml deleted file mode 100644 index f6dfe17d57..0000000000 --- a/cmd/operator/kodata/knative-eventing/1.10.4/3-eventing-tls-networking.yaml +++ /dev/null @@ -1,99 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: selfsigned-issuer - namespace: knative-eventing -spec: - selfSigned: {} - ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: imc-dispatcher-server-tls - namespace: knative-eventing -spec: - # Secret names are always required. - secretName: imc-dispatcher-server-tls - secretTemplate: - labels: - app.kubernetes.io/component: imc-dispatcher - app.kubernetes.io/name: knative-eventing - duration: 2160h # 90d - renewBefore: 360h # 15d - subject: - organizations: - - local - isCA: false - privateKey: - algorithm: RSA - encoding: PKCS1 - size: 2048 - dnsNames: - - imc-dispatcher.knative-eventing.svc.cluster.local - issuerRef: - name: selfsigned-issuer - kind: Issuer - group: cert-manager.io - ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: mt-broker-filter-server-tls - namespace: knative-eventing -spec: - # Secret names are always required. - secretName: mt-broker-filter-server-tls - secretTemplate: - labels: - app.kubernetes.io/component: broker-filter - app.kubernetes.io/name: knative-eventing - duration: 2160h # 90d - renewBefore: 360h # 15d - subject: - organizations: - - local - isCA: false - privateKey: - algorithm: RSA - encoding: PKCS1 - size: 2048 - dnsNames: - - broker-filter.knative-eventing.svc.cluster.local - issuerRef: - name: selfsigned-issuer - kind: Issuer - group: cert-manager.io - ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: mt-broker-ingress-server-tls - namespace: knative-eventing -spec: - # Secret names are always required. - secretName: mt-broker-ingress-server-tls - secretTemplate: - labels: - app.kubernetes.io/component: broker-ingress - app.kubernetes.io/name: knative-eventing - duration: 2160h # 90d - renewBefore: 360h # 15d - subject: - organizations: - - local - isCA: false - privateKey: - algorithm: RSA - encoding: PKCS1 - size: 2048 - dnsNames: - - broker-ingress.knative-eventing.svc.cluster.local - issuerRef: - name: selfsigned-issuer - kind: Issuer - group: cert-manager.io - ---- diff --git a/cmd/operator/kodata/knative-eventing/1.10.4/4-in-memory-channel.yaml b/cmd/operator/kodata/knative-eventing/1.10.4/4-in-memory-channel.yaml deleted file mode 100644 index daf822400f..0000000000 --- a/cmd/operator/kodata/knative-eventing/1.10.4/4-in-memory-channel.yaml +++ /dev/null @@ -1,1193 +0,0 @@ -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: imc-controller - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: imc-controller - labels: - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: imc-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: imc-controller - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - namespace: knative-eventing - name: imc-controller - labels: - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: imc-controller - namespace: knative-eventing -roleRef: - kind: Role - name: knative-inmemorychannel-webhook - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: imc-controller-resolver - labels: - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: imc-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: addressable-resolver - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: imc-dispatcher - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: imc-dispatcher - labels: - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: imc-dispatcher - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: imc-dispatcher - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-imc-event-dispatcher - namespace: knative-eventing - labels: - app.kubernetes.io/component: imc-controller - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -data: - MaxIdleConnections: "1000" - MaxIdleConnectionsPerHost: "100" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-observability - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing - annotations: - knative.dev/example-checksum: "f46cf09d" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # metrics.backend-destination field specifies the system metrics destination. - # It supports either prometheus (the default) or stackdriver. - # Note: Using stackdriver will incur additional charges - metrics.backend-destination: prometheus - - # metrics.request-metrics-backend-destination specifies the request metrics - # destination. If non-empty, it enables queue proxy to send request metrics. - # Currently supported values: prometheus, stackdriver. - metrics.request-metrics-backend-destination: prometheus - - # metrics.stackdriver-project-id field specifies the stackdriver project ID. This - # field is optional. When running on GCE, application default credentials will be - # used if this field is not provided. - metrics.stackdriver-project-id: "" - - # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to - # Stackdriver using "global" resource type and custom metric type if the - # metrics are not supported by "knative_broker", "knative_trigger", and "knative_source" resource types. - # Setting this flag to "true" could cause extra Stackdriver charge. - # If metrics.backend-destination is not Stackdriver, this is ignored. - metrics.allow-stackdriver-custom-metrics: "false" - - # profiling.enable indicates whether it is allowed to retrieve runtime profiling data from - # the pods via an HTTP server in the format expected by the pprof visualization tool. When - # enabled, the Knative Eventing pods expose the profiling data on an alternate HTTP port 8008. - # The HTTP context root for profiling is then /debug/pprof/. - profiling.enable: "false" - - # sink-event-error-reporting.enable whether the adapter reports a kube event to the CRD indicating - # a failure to send a cloud event to the sink. - sink-event-error-reporting.enable: "false" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-tracing - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing - annotations: - knative.dev/example-checksum: "0492ceb0" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - # - # This may be "zipkin" or "none". the default is "none" - backend: "none" - - # URL to zipkin collector where traces are sent. - # This must be specified when backend is "zipkin" - zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans" - - # Enable zipkin debug mode. This allows all spans to be sent to the server - # bypassing sampling. - debug: "false" - - # Percentage (0-1) of requests to trace - sample-rate: "0.1" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: imc-controller - namespace: knative-eventing - labels: - knative.dev/high-availability: "true" - app.kubernetes.io/component: imc-controller - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: &labels - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: controller - template: - metadata: - labels: - !!merge <<: *labels - app.kubernetes.io/component: imc-controller - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: *labels - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: imc-controller - enableServiceLinks: false - containers: - - name: controller - image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_controller@sha256:58133e317457d735f138277f5c675976d6b2592258c6ee85ecf6745f41d1bf86 - env: - - name: WEBHOOK_NAME - value: inmemorychannel-webhook - - name: WEBHOOK_PORT - value: "8443" - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/inmemorychannel-controller - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: DISPATCHER_IMAGE - value: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:6dc29f3406ac54375f330dc43868f4c6545fe6c9b00a131b2066bdcfcb29cc41 - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: https-webhook - containerPort: 8443 - readinessProbe: &probe - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - livenessProbe: - !!merge <<: *probe - initialDelaySeconds: 120 - # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently - # high value that we respect whatever value it has configured for the lame duck grace period. - terminationGracePeriodSeconds: 300 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: imc-controller - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing - name: inmemorychannel-webhook - namespace: knative-eventing -spec: - ports: - - name: https-webhook - port: 443 - targetPort: 8443 - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - selector: - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: controller - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: imc-dispatcher - namespace: knative-eventing - labels: - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: dispatcher - app.kubernetes.io/component: imc-dispatcher - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -spec: - selector: - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: dispatcher - ports: - - name: http-dispatcher - port: 80 - protocol: TCP - targetPort: 8080 - - name: http-metrics - port: 9090 - targetPort: 9090 - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: imc-dispatcher - namespace: knative-eventing - labels: - knative.dev/high-availability: "true" - app.kubernetes.io/component: imc-dispatcher - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: &labels - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: dispatcher - template: - metadata: - labels: - !!merge <<: *labels - app.kubernetes.io/component: imc-dispatcher - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: *labels - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: imc-dispatcher - enableServiceLinks: false - containers: - - name: dispatcher - image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:6dc29f3406ac54375f330dc43868f4c6545fe6c9b00a131b2066bdcfcb29cc41 - readinessProbe: &probe - failureThreshold: 3 - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 - livenessProbe: - !!merge <<: *probe - initialDelaySeconds: 5 - env: - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/inmemorychannel-dispatcher - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: CONTAINER_NAME - value: dispatcher - - name: MAX_IDLE_CONNS - value: "1000" - - name: MAX_IDLE_CONNS_PER_HOST - value: "1000" - ports: - - containerPort: 8080 - name: http - protocol: TCP - - containerPort: 9090 - name: metrics - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: inmemorychannels.messaging.knative.dev - labels: - knative.dev/crd-install: "true" - messaging.knative.dev/subscribable: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -spec: - group: messaging.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'InMemoryChannel is a resource representing an in memory channel' - type: object - properties: - spec: - description: Spec defines the desired state of the Channel. - type: object - properties: - delivery: - description: DeliverySpec contains the default delivery spec for each subscription to this Channelable. Each subscription delivery spec, if any, overrides this global delivery spec. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - subscribers: - description: This is the list of subscriptions for this subscribable. - type: array - items: - type: object - properties: - delivery: - description: DeliverySpec contains options controlling the event delivery - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - generation: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - replyUri: - description: ReplyURI is the endpoint for the reply - type: string - subscriberUri: - description: SubscriberURI is the endpoint for the subscriber - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - status: - description: Status represents the current state of the Channel. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - deadLetterChannel: - description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter ref if one is specified in the Spec.Delivery. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscribers: - description: This is the list of subscription's statuses for this channel. - type: array - items: - type: object - properties: - message: - description: A human readable message indicating details of Ready status. - type: string - observedGeneration: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - ready: - description: Status of the subscriber. - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: InMemoryChannel - plural: inmemorychannels - singular: inmemorychannel - categories: - - all - - knative - - messaging - - channel - shortNames: - - imc - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: imc-addressable-resolver - labels: - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels - - inmemorychannels/status - verbs: - - get - - list - - watch - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: imc-channelable-manipulator - labels: - duck.knative.dev/channelable: "true" - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "channelable-manipulator" role. -rules: - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels - - inmemorychannels/status - verbs: - - create - - get - - list - - watch - - update - - patch - - delete - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: imc-controller - labels: - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels - - inmemorychannels/status - verbs: - - get - - list - - watch - - update - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels/finalizers - verbs: - - update - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels/finalizers - - inmemorychannels/status - - inmemorychannels - verbs: - - patch - - apiGroups: - - "" - resources: - - services - - serviceaccounts - verbs: &everything - - get - - list - - watch - - create - - update - - patch - - apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - "rbac.authorization.k8s.io" - resources: - - rolebindings - verbs: *everything - - apiGroups: - - apps - resources: - - deployments - verbs: *everything - - apiGroups: - - apps - resources: - - deployments/status - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: *everything - # For actually registering our webhook. - - apiGroups: - - "admissionregistration.k8s.io" - resources: - - "mutatingwebhookconfigurations" - - "validatingwebhookconfigurations" - verbs: &everything - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" - # For manipulating certs into secrets. - - apiGroups: - - "" - resources: - - "namespaces" - verbs: - - "get" - - "create" - - "update" - - "list" - - "watch" - - "patch" - # finalizers are needed for the owner reference of the webhook - - apiGroups: - - "" - resources: - - "namespaces/finalizers" - verbs: - - "update" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: imc-dispatcher - labels: - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels - - inmemorychannels/status - verbs: - - get - - list - - watch - - apiGroups: - - "" # Core API group. - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - # Updates the finalizer so we can remove our handlers when channel is deleted - # Patches the status.subscribers to reflect when the subscription dataplane has been - # configured. - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels/finalizers - - inmemorychannels/status - - inmemorychannels - verbs: - - patch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: knative-eventing - name: knative-inmemorychannel-webhook - labels: - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -rules: - # For manipulating certs into secrets. - - apiGroups: - - "" - resources: - - "secrets" - verbs: - - "get" - - "create" - - "update" - - "list" - - "watch" - - "patch" - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: inmemorychannel.eventing.knative.dev - labels: - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -webhooks: - - admissionReviewVersions: ["v1"] - clientConfig: - service: - name: inmemorychannel-webhook - namespace: knative-eventing - sideEffects: None - failurePolicy: Fail - name: inmemorychannel.eventing.knative.dev - timeoutSeconds: 10 - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validation.inmemorychannel.eventing.knative.dev - labels: - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -webhooks: - - admissionReviewVersions: ["v1"] - clientConfig: - service: - name: inmemorychannel-webhook - namespace: knative-eventing - sideEffects: None - failurePolicy: Fail - name: validation.inmemorychannel.eventing.knative.dev - timeoutSeconds: 10 - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: inmemorychannel-webhook-certs - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -# The data is populated at install time. - ---- diff --git a/cmd/operator/kodata/knative-eventing/1.10.4/5-mt-channel-broker.yaml b/cmd/operator/kodata/knative-eventing/1.10.4/5-mt-channel-broker.yaml deleted file mode 100644 index a77dbc1a63..0000000000 --- a/cmd/operator/kodata/knative-eventing/1.10.4/5-mt-channel-broker.yaml +++ /dev/null @@ -1,657 +0,0 @@ -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-mt-channel-broker-controller - labels: - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -rules: - # Configs resources and status we care about. - - apiGroups: - - "" - resources: - - "namespaces/finalizers" - verbs: - - "update" - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-mt-broker-filter - labels: - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - eventing.knative.dev - resources: - - triggers - - triggers/status - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - get - - list - - watch - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: ServiceAccount -metadata: - name: mt-broker-filter - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-mt-broker-ingress - labels: - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - eventing.knative.dev - resources: - - brokers - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - get - - list - - watch - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: ServiceAccount -metadata: - name: mt-broker-ingress - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-mt-channel-broker-controller - labels: - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-mt-channel-broker-controller - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-eventing-mt-broker-filter - labels: - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: mt-broker-filter - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-mt-broker-filter - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-eventing-mt-broker-ingress - labels: - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: mt-broker-ingress - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-mt-broker-ingress - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mt-broker-filter - namespace: knative-eventing - labels: - app.kubernetes.io/component: broker-filter - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: - eventing.knative.dev/brokerRole: filter - template: - metadata: - labels: - eventing.knative.dev/brokerRole: filter - app.kubernetes.io/component: broker-filter - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing - spec: - serviceAccountName: mt-broker-filter - enableServiceLinks: false - containers: - - name: filter - terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing/cmd/broker/filter@sha256:d4e64c56424576744d02adab9a89b07c2862b20ccbd122d73ddf276db8f276e6 - readinessProbe: &probe - failureThreshold: 3 - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 - livenessProbe: - !!merge <<: *probe - initialDelaySeconds: 5 - resources: - requests: - cpu: 100m - memory: 100Mi - ports: - - containerPort: 8080 - name: http - protocol: TCP - - containerPort: 9092 - name: metrics - protocol: TCP - terminationMessagePath: /dev/termination-log - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: CONTAINER_NAME - value: filter - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/internal/eventing - - name: FILTER_PORT - value: "8080" - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault ---- -apiVersion: v1 -kind: Service -metadata: - labels: - eventing.knative.dev/brokerRole: filter - app.kubernetes.io/component: broker-filter - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing - name: broker-filter - namespace: knative-eventing -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 8080 - - name: http-metrics - port: 9092 - protocol: TCP - targetPort: 9092 - selector: - eventing.knative.dev/brokerRole: filter - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mt-broker-ingress - namespace: knative-eventing - labels: - app.kubernetes.io/component: broker-ingress - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: - eventing.knative.dev/brokerRole: ingress - template: - metadata: - labels: - eventing.knative.dev/brokerRole: ingress - app.kubernetes.io/component: broker-ingress - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing - spec: - serviceAccountName: mt-broker-ingress - enableServiceLinks: false - containers: - - name: ingress - terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing/cmd/broker/ingress@sha256:4911bca1de154840a4b86d3f85aeed2c2f0a73bff693f020936b87ddfcf2a16e - readinessProbe: &probe - failureThreshold: 3 - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 - livenessProbe: - !!merge <<: *probe - initialDelaySeconds: 5 - resources: - requests: - cpu: 100m - memory: 100Mi - ports: - - containerPort: 8080 - name: http - protocol: TCP - - containerPort: 9092 - name: metrics - protocol: TCP - terminationMessagePath: /dev/termination-log - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: CONTAINER_NAME - value: ingress - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/internal/eventing - - name: INGRESS_PORT - value: "8080" - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault ---- -apiVersion: v1 -kind: Service -metadata: - labels: - eventing.knative.dev/brokerRole: ingress - app.kubernetes.io/component: broker-ingress - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing - name: broker-ingress - namespace: knative-eventing -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 8080 - - name: http-metrics - port: 9092 - protocol: TCP - targetPort: 9092 - selector: - eventing.knative.dev/brokerRole: ingress - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mt-broker-controller - namespace: knative-eventing - labels: - app.kubernetes.io/component: mt-broker-controller - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: - app: mt-broker-controller - template: - metadata: - labels: - app: mt-broker-controller - app.kubernetes.io/component: broker-controller - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: mt-broker-controller - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: eventing-controller - enableServiceLinks: false - containers: - - name: mt-broker-controller - terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtchannel_broker@sha256:427e778f175e9a65980333fc4649d20229a1397dec3fffcbdf5f5a60abd5e197 - resources: - requests: - cpu: 100m - memory: 100Mi - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/eventing - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: broker-ingress-hpa - namespace: knative-eventing - labels: - app.kubernetes.io/component: broker-ingress - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: mt-broker-ingress - minReplicas: 1 - maxReplicas: 10 - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 70 ---- -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: broker-filter-hpa - namespace: knative-eventing - labels: - app.kubernetes.io/component: broker-filter - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: mt-broker-filter - minReplicas: 1 - maxReplicas: 10 - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 70 - ---- diff --git a/cmd/operator/kodata/knative-eventing/1.10.4/6-eventing-post-install.yaml b/cmd/operator/kodata/knative-eventing/1.10.4/6-eventing-post-install.yaml deleted file mode 100644 index 6a7b3584a7..0000000000 --- a/cmd/operator/kodata/knative-eventing/1.10.4/6-eventing-post-install.yaml +++ /dev/null @@ -1,226 +0,0 @@ -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-post-install-job-role - labels: - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -rules: - # Storage version upgrader needs to be able to patch CRDs. - - apiGroups: - - "apiextensions.k8s.io" - resources: - - "customresourcedefinitions" - - "customresourcedefinitions/status" - verbs: - - "get" - - "list" - - "update" - - "patch" - - "watch" - # Our own resources we care about. - - apiGroups: - - "sources.knative.dev" - resources: - - "apiserversources" - - "apiserversources/finalizers" - - "apiserversources/status" - - "containersources" - - "containersources/finalizers" - - "containersources/status" - - "pingsources" - - "pingsources/finalizers" - - "pingsources/status" - - "sinkbindings" - - "sinkbindings/finalizers" - - "sinkbindings/status" - verbs: - - "get" - - "list" - - "create" - - "update" - - "patch" - - "watch" - - apiGroups: - - "eventing.knative.dev" - resources: - - "brokers" - - "brokers/finalizers" - - "brokers/status" - - "eventtypes" - - "eventtypes/finalizers" - - "eventtypes/status" - - "triggers" - - "triggers/finalizers" - - "triggers/status" - verbs: - - "get" - - "list" - - "create" - - "update" - - "patch" - - "watch" - - apiGroups: - - "messaging.knative.dev" - resources: - - "channels" - - "channels/finalizers" - - "channels/status" - - "inmemorychannels" - - "inmemorychannels/finalizers" - - "inmemorychannels/status" - - "subscriptions" - - "subscriptions/finalizers" - - "subscriptions/status" - verbs: - - "get" - - "list" - - "create" - - "update" - - "patch" - - "watch" - - apiGroups: - - "flows.knative.dev" - resources: - - "parallels" - - "parallels/finalizers" - - "parallels/status" - - "sequences" - - "sequences/finalizers" - - "sequences/status" - verbs: - - "get" - - "list" - - "create" - - "update" - - "patch" - - "watch" - - apiGroups: - - "" - resources: - - "namespaces" - verbs: - - "get" - - "list" - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: knative-eventing-post-install-job - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-eventing-post-install-job-role-binding - labels: - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: knative-eventing-post-install-job - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-post-install-job-role - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: batch/v1 -kind: Job -metadata: - generateName: storage-version-migration-eventing- - namespace: knative-eventing - labels: - app: "storage-version-migration-eventing" - app.kubernetes.io/name: knative-eventing - app.kubernetes.io/component: storage-version-migration-job - app.kubernetes.io/version: "1.10.4" -spec: - ttlSecondsAfterFinished: 600 - backoffLimit: 10 - template: - metadata: - labels: - app: "storage-version-migration-eventing" - app.kubernetes.io/name: knative-eventing - app.kubernetes.io/component: storage-version-migration-job - app.kubernetes.io/version: "1.10.4" - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: knative-eventing-post-install-job - restartPolicy: OnFailure - containers: - - name: migrate - image: gcr.io/knative-releases/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:f27a6bde59006614f0bea87d44abcccc89e37744d69181921c6c1a2eac8d0d7f - args: - - "apiserversources.sources.knative.dev" - - "brokers.eventing.knative.dev" - - "channels.messaging.knative.dev" - - "containersources.sources.knative.dev" - - "eventtypes.eventing.knative.dev" - - "inmemorychannels.messaging.knative.dev" - - "parallels.flows.knative.dev" - - "pingsources.sources.knative.dev" - - "sequences.flows.knative.dev" - - "sinkbindings.sources.knative.dev" - - "subscriptions.messaging.knative.dev" - - "triggers.eventing.knative.dev" - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ---- diff --git a/cmd/operator/kodata/knative-eventing/1.10.5/1-eventing-crds.yaml b/cmd/operator/kodata/knative-eventing/1.10.5/1-eventing-crds.yaml deleted file mode 100644 index 68d31a5469..0000000000 --- a/cmd/operator/kodata/knative-eventing/1.10.5/1-eventing-crds.yaml +++ /dev/null @@ -1,2319 +0,0 @@ -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing - annotations: - # TODO add schemas and descriptions - registry.knative.dev/eventTypes: | - [ - { "type": "dev.knative.apiserver.resource.add" }, - { "type": "dev.knative.apiserver.resource.delete" }, - { "type": "dev.knative.apiserver.resource.update" }, - { "type": "dev.knative.apiserver.ref.add" }, - { "type": "dev.knative.apiserver.ref.delete" }, - { "type": "dev.knative.apiserver.ref.update" } - ] - name: apiserversources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'ApiServerSource is an event source that brings Kubernetes API server events into Knative.' - type: object - properties: - spec: - type: object - required: - - resources - properties: - ceOverrides: - description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. - type: object - properties: - extensions: - description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. - type: object - x-kubernetes-preserve-unknown-fields: true - mode: - description: EventMode controls the format of the event. `Reference` sends a dataref event type for the resource under watch. `Resource` send the full resource lifecycle event. Defaults to `Reference` - type: string - owner: - description: ResourceOwner is an additional filter to only track resources that are owned by a specific resource type. If ResourceOwner matches Resources[n] then Resources[n] is allowed to pass the ResourceOwner filter. - type: object - properties: - apiVersion: - description: APIVersion - the API version of the resource to watch. - type: string - kind: - description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - resources: - description: Resource are the resources this source will track and send related lifecycle events from the Kubernetes ApiServer, with an optional label selector to help filter. - type: array - items: - type: object - properties: - apiVersion: - description: APIVersion - the API version of the resource to watch. - type: string - kind: - description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - selector: - description: 'LabelSelector filters this source to objects to those resources pass the label selector. More info: http://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - type: object - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount to use to run this source. Defaults to default if not set. - type: string - sink: - description: Sink is a reference to an object that will resolve to a uri to use as the sink. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - namespaceSelector: - description: NamespaceSelector is a label selector to capture the namespaces that should be watched by the source. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - type: object - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. - type: array - items: - type: object - properties: - source: - description: Source is the CloudEvents source attribute. - type: string - type: - description: Type refers to the CloudEvent type attribute. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - sinkUri: - description: SinkURI is the current active sink URI that has been configured for the Source. - type: string - namespaces: - description: Namespaces show the namespaces currently watched by the ApiServerSource - type: array - items: - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - categories: - - all - - knative - - sources - kind: ApiServerSource - plural: apiserversources - singular: apiserversource - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: brokers.eventing.knative.dev - labels: - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -spec: - group: eventing.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Broker collects a pool of events that are consumable using Triggers. Brokers provide a well-known endpoint for event delivery that senders can use with minimal knowledge of the event routing strategy. Subscribers use Triggers to request delivery of events from a Broker''s pool to a specific URL or Addressable endpoint.' - type: object - properties: - spec: - description: Spec defines the desired state of the Broker. - type: object - properties: - config: - description: Config is a KReference to the configuration that specifies configuration options for this Broker. For example, this could be a pointer to a ConfigMap. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - delivery: - description: Delivery contains the delivery spec for each trigger to this Broker. Each trigger delivery spec, if any, overrides this global delivery spec. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - status: - description: Status represents the current state of the Broker. This data may be out of date. - type: object - properties: - address: - description: Broker is Addressable. It exposes the endpoint as an URI to get events delivered into the Broker mesh. - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - - name: Class - type: string - priority: 1 - jsonPath: '.metadata.annotations.eventing\.knative\.dev/broker\.class' - names: - kind: Broker - plural: brokers - singular: broker - categories: - - all - - knative - - eventing - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: channels.messaging.knative.dev - labels: - knative.dev/crd-install: "true" - messaging.knative.dev/subscribable: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -spec: - group: messaging.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - schema: - openAPIV3Schema: - description: 'Channel represents a generic Channel. It is normally used when we want a Channel, but do not need a specific Channel implementation.' - type: object - properties: - spec: - description: Spec defines the desired state of the Channel. - type: object - properties: - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use to create the CRD Channel backing this Channel. This is immutable after creation. Normally this is set by the Channel defaulter, not directly by the user. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - delivery: - description: DeliverySpec contains the default delivery spec for each subscription to this Channelable. Each subscription delivery spec, if any, overrides this global delivery spec. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - subscribers: - description: This is the list of subscriptions for this subscribable. - type: array - items: - type: object - properties: - delivery: - description: DeliverySpec contains options controlling the event delivery - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - generation: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - replyUri: - description: ReplyURI is the endpoint for the reply - type: string - subscriberUri: - description: SubscriberURI is the endpoint for the subscriber - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - status: - description: Status represents the current state of the Channel. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - channel: - description: Channel is an KReference to the Channel CRD backing this Channel. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - deadLetterChannel: - description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscribers: - description: This is the list of subscription's statuses for this channel. - type: array - items: - type: object - properties: - message: - description: A human readable message indicating details of Ready status. - type: string - observedGeneration: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - ready: - description: Status of the subscriber. - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - names: - kind: Channel - plural: channels - singular: channel - categories: - - all - - knative - - messaging - - channel - shortNames: - - ch - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing - name: containersources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'ContainerSource is an event source that starts a container image which generates events under certain situations and sends messages to a sink URI' - type: object - properties: - spec: - type: object - properties: - ceOverrides: - description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. - type: object - properties: - extensions: - description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. - type: object - x-kubernetes-preserve-unknown-fields: true - sink: - description: Sink is a reference to an object that will resolve to a uri to use as the sink. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - # WARNING: the schema tool can not parse PodTemplateSpec, stub here and redirect to Deployment documentation. - template: - type: object - x-kubernetes-preserve-unknown-fields: true - description: 'A template in the shape of `Deployment.spec.template` to be used for this ContainerSource. More info: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/' - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. - type: array - items: - type: object - properties: - source: - description: Source is the CloudEvents source attribute. - type: string - type: - description: Type refers to the CloudEvent type attribute. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - sinkUri: - description: SinkURI is the current active sink URI that has been configured for the Source. - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - categories: - - all - - knative - - sources - kind: ContainerSource - plural: containersources - singular: containersource - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: eventtypes.eventing.knative.dev - labels: - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -spec: - group: eventing.knative.dev - versions: - - name: v1beta1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - description: 'EventType represents a type of event that can be consumed from a Broker.' - properties: - spec: - description: 'Spec defines the desired state of the EventType.' - type: object - properties: - broker: - type: string - description: - description: 'Description is an optional field used to describe the EventType, in any meaningful way.' - type: string - schema: - description: 'Schema is a URI, it represents the CloudEvents schemaurl extension attribute. It may be a JSON schema, a protobuf schema, etc. It is optional.' - type: string - schemaData: - description: 'SchemaData allows the CloudEvents schema to be stored directly in the EventType. Content is dependent on the encoding. Optional attribute. The contents are not validated or manipulated by the system.' - type: string - source: - description: 'Source is a URI, it represents the CloudEvents source.' - type: string - type: - description: 'Type represents the CloudEvents type. It is authoritative.' - type: string - status: - description: 'Status represents the current state of the EventType. This data may be out of date.' - type: object - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - observedGeneration: - description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' - type: integer - format: int64 - additionalPrinterColumns: - - name: Type - type: string - jsonPath: ".spec.type" - - name: Source - type: string - jsonPath: ".spec.source" - - name: Schema - type: string - jsonPath: ".spec.schema" - - name: Broker - type: string - jsonPath: ".spec.broker" - - name: Description - type: string - jsonPath: ".spec.description" - # TODO remove Status https://github.com/knative/eventing/issues/2750 - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: EventType - plural: eventtypes - singular: eventtype - categories: - - all - - knative - - eventing - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: parallels.flows.knative.dev - labels: - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -spec: - group: flows.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Parallel defines conditional branches that will be wired in series through Channels and Subscriptions.' - type: object - properties: - spec: - description: Spec defines the desired state of the Parallel. - type: object - properties: - branches: - description: Branches is the list of Filter/Subscribers pairs. - type: array - items: - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - delivery: - description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: &addressableProperties - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - filter: - description: Filter is the expression guarding the branch - type: object - properties: - !!merge <<: *addressableProperties - reply: - description: Reply is a Reference to where the result of Subscriber of this case gets sent to. If not specified, sent the result to the Parallel Reply - type: object - properties: - !!merge <<: *addressableProperties - subscriber: - description: Subscriber receiving the event when the filter passes - type: object - properties: - !!merge <<: *addressableProperties - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - reply: - description: Reply is a Reference to where the result of a case Subscriber gets sent to when the case does not have a Reply - type: object - properties: - !!merge <<: *addressableProperties - status: - description: Status represents the current state of the Parallel. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - branchStatuses: - description: BranchStatuses is an array of corresponding to branch statuses. Matches the Spec.Branches array in the order. - type: array - items: - type: object - properties: - filterChannelStatus: - description: FilterChannelStatus corresponds to the filter channel status. - type: object - properties: &channelProperties - channel: - description: Channel is the reference to the underlying channel. - type: object - properties: &referentProperties - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - ready: - description: ReadyCondition indicates whether the Channel is ready or not. - type: object - x-kubernetes-preserve-unknown-fields: true - properties: &readyConditionProperties - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - filterSubscriptionStatus: - description: FilterSubscriptionStatus corresponds to the filter subscription status. - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - properties: - !!merge <<: *readyConditionProperties - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - !!merge <<: *referentProperties - subscriberSubscriptionStatus: - description: SubscriptionStatus corresponds to the subscriber subscription status. - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - properties: - !!merge <<: *readyConditionProperties - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - !!merge <<: *referentProperties - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - properties: - !!merge <<: *readyConditionProperties - ingressChannelStatus: - description: IngressChannelStatus corresponds to the ingress channel status. - type: object - properties: - !!merge <<: *channelProperties - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Parallel - plural: parallels - singular: parallel - categories: - - all - - knative - - flows - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing - annotations: - # TODO add schemas and descriptions - registry.knative.dev/eventTypes: | - [ - { "type": "dev.knative.sources.ping" } - ] - name: pingsources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - &version - name: v1beta2 - served: true - storage: false - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - description: 'PingSource describes an event source with a fixed payload produced on a specified cron schedule.' - properties: - spec: - type: object - description: 'PingSourceSpec defines the desired state of the PingSource (from the client).' - properties: - ceOverrides: - description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' - type: object - properties: - extensions: - description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' - type: object - additionalProperties: - type: string - x-kubernetes-preserve-unknown-fields: true - contentType: - description: 'ContentType is the media type of `data` or `dataBase64`. Default is empty.' - type: string - data: - description: 'Data is data used as the body of the event posted to the sink. Default is empty. Mutually exclusive with `dataBase64`.' - type: string - dataBase64: - description: "DataBase64 is the base64-encoded string of the actual event's body posted to the sink. Default is empty. Mutually exclusive with `data`." - type: string - schedule: - description: 'Schedule is the cron schedule. Defaults to `* * * * *`.' - type: string - sink: - description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' - type: object - properties: - ref: - description: 'Ref points to an Addressable.' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' - type: string - timezone: - description: 'Timezone modifies the actual time relative to the specified timezone. Defaults to the system time zone. More general information about time zones: https://www.iana.org/time-zones List of valid timezone values: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones' - type: string - status: - type: object - description: 'PingSourceStatus defines the observed state of PingSource (from the controller).' - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' - type: array - items: - type: object - properties: - source: - description: 'Source is the CloudEvents source attribute.' - type: string - type: - description: 'Type refers to the CloudEvent type attribute.' - type: string - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - observedGeneration: - description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' - type: integer - format: int64 - sinkUri: - description: 'SinkURI is the current active sink URI that has been configured for the Source.' - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: .status.sinkUri - - name: Schedule - type: string - jsonPath: .spec.schedule - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - !!merge <<: *version - name: v1 - served: true - storage: true - # v1 schema is identical to the v1beta2 schema - names: - categories: - - all - - knative - - sources - kind: PingSource - plural: pingsources - singular: pingsource - scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: sequences.flows.knative.dev - labels: - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -spec: - group: flows.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Sequence defines a sequence of Subscribers that will be wired in series through Channels and Subscriptions.' - type: object - properties: - spec: - description: Spec defines the desired state of the Sequence. - type: object - properties: - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - reply: - description: Reply is a Reference to where the result of the last Subscriber gets sent to. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - steps: - description: Steps is the list of Destinations (processors / functions) that will be called in the order provided. Each step has its own delivery options - type: array - items: - type: object - properties: - delivery: - description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - status: - description: Status represents the current state of the Sequence. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - channelStatuses: - description: ChannelStatuses is an array of corresponding Channel statuses. Matches the Spec.Steps array in the order. - type: array - items: - type: object - properties: - channel: - description: Channel is the reference to the underlying channel. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - ready: - description: ReadyCondition indicates whether the Channel is ready or not. - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscriptionStatuses: - description: SubscriptionStatuses is an array of corresponding Subscription statuses. Matches the Spec.Steps array in the order. - type: array - items: - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Sequence - plural: sequences - singular: sequence - categories: - - all - - knative - - flows - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - duck.knative.dev/binding: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing - name: sinkbindings.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'SinkBinding describes a Binding that is also a Source. The `sink` (from the Source duck) is resolved to a URL and then projected into the `subject` by augmenting the runtime contract of the referenced containers to have a `K_SINK` environment variable holding the endpoint to which to send cloud events.' - type: object - properties: - spec: - type: object - properties: - ceOverrides: - description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. - type: object - properties: - extensions: - description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. - type: object - x-kubernetes-preserve-unknown-fields: true - sink: - description: Sink is a reference to an object that will resolve to a uri to use as the sink. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - subject: - description: Subject references the resource(s) whose "runtime contract" should be augmented by Binding implementations. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: Kind of the referent. - type: string - name: - description: Name of the referent. Mutually exclusive with Selector. - type: string - namespace: - description: Namespace of the referent. - type: string - selector: - description: Selector of the referents. Mutually exclusive with Name. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - type: object - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. - type: array - items: - type: object - properties: - source: - description: Source is the CloudEvents source attribute. - type: string - type: - description: Type refers to the CloudEvent type attribute. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - sinkUri: - description: SinkURI is the current active sink URI that has been configured for the Source. - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - categories: - - all - - knative - - sources - - bindings - kind: SinkBinding - plural: sinkbindings - singular: sinkbinding - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: subscriptions.messaging.knative.dev - labels: - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -spec: - group: messaging.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Subscription routes events received on a Channel to a DNS name and corresponds to the subscriptions.channels.knative.dev CRD.' - type: object - properties: - spec: - type: object - properties: - channel: - description: 'Reference to a channel that will be used to create the subscription. You can specify only the following fields of the KReference: kind, apiVersion and name. The resource pointed by this KReference must meet the contract to the ChannelableSpec duck type. If the resource does not meet this contract it will be reflected in the Subscription''s status. This field is immutable. We have no good answer on what happens to the events that are currently in the channel being consumed from and what the semantics there should be. For now, you can always delete the Subscription and recreate it to point to a different channel, giving the user more control over what semantics should be used (drain the channel first, possibly have events dropped, etc.)' - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - delivery: - description: Delivery configuration - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - reply: - description: Reply specifies (optionally) how to handle events returned from the Subscriber target. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - subscriber: - description: Subscriber is reference to (optional) function for processing events. Events from the Channel will be delivered here and replies are sent to a Destination as specified by the Reply. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - physicalSubscription: - description: PhysicalSubscription is the fully resolved values that this Subscription represents. - type: object - properties: - deadLetterSinkUri: - description: ReplyURI is the fully resolved URI for the spec.delivery.deadLetterSink. - type: string - replyUri: - description: ReplyURI is the fully resolved URI for the spec.reply. - type: string - subscriberUri: - description: SubscriberURI is the fully resolved URI for spec.subscriber. - type: string - additionalPrinterColumns: - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Subscription - plural: subscriptions - singular: subscription - categories: - - all - - knative - - messaging - shortNames: - - sub - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: triggers.eventing.knative.dev - labels: - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -spec: - group: eventing.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Broker - type: string - jsonPath: .spec.broker - - name: Subscriber_URI - type: string - jsonPath: .status.subscriberUri - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - schema: - openAPIV3Schema: - description: 'Trigger represents a request to have events delivered to a subscriber from a Broker''s event pool.' - type: object - properties: - spec: - description: Spec defines the desired state of the Trigger. - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - broker: - description: Broker is the broker that this trigger receives events from. - type: string - delivery: - description: Delivery contains the delivery spec for this specific trigger. - type: object - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - filter: - description: 'Filter is the filter to apply against all events from the Broker. Only events that pass this filter will be sent to the Subscriber. If not specified, will default to allowing all events. ' - type: object - properties: - attributes: - description: 'Attributes filters events by exact match on event context attributes. Each key in the map is compared with the equivalent key in the event context. An event passes the filter if all values are equal to the specified values. Nested context attributes are not supported as keys. Only string values are supported. ' - type: object - x-kubernetes-preserve-unknown-fields: true - subscriber: - description: Subscriber is the addressable that receives events from the Broker that pass the Filter. It is required. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - status: - description: Status represents the current state of the Trigger. This data may be out of date. - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter sink for this Trigger, in case there is none this will fallback to it's Broker status DeadLetterSinkURI. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscriberUri: - description: SubscriberURI is the resolved URI of the receiver for this Trigger. - type: string - names: - kind: Trigger - plural: triggers - singular: trigger - categories: - - all - - knative - - eventing - scope: Namespaced - ---- diff --git a/cmd/operator/kodata/knative-eventing/1.10.5/2-eventing-core.yaml b/cmd/operator/kodata/knative-eventing/1.10.5/2-eventing-core.yaml deleted file mode 100644 index 5ea18624d8..0000000000 --- a/cmd/operator/kodata/knative-eventing/1.10.5/2-eventing-core.yaml +++ /dev/null @@ -1,4606 +0,0 @@ -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: Namespace -metadata: - name: knative-eventing - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: eventing-controller - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-controller - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-controller - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-controller-resolver - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: addressable-resolver - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-controller-source-observer - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: source-observer - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-controller-sources-controller - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-sources-controller - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-controller-manipulator - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: channelable-manipulator - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: pingsource-mt-adapter - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-eventing-pingsource-mt-adapter - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: pingsource-mt-adapter - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-pingsource-mt-adapter - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: eventing-webhook - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-webhook - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-webhook - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-webhook - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - namespace: knative-eventing - name: eventing-webhook - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-webhook - namespace: knative-eventing -roleRef: - kind: Role - name: knative-eventing-webhook - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-webhook-resolver - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-webhook - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: addressable-resolver - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-webhook-podspecable-binding - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-webhook - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: podspecable-binding - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-br-default-channel - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -data: - channel-template-spec: | - apiVersion: messaging.knative.dev/v1 - kind: InMemoryChannel - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-br-defaults - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -data: - # Configures the default for any Broker that does not specify a spec.config or Broker class. - default-br-config: | - clusterDefault: - brokerClass: MTChannelBasedBroker - apiVersion: v1 - kind: ConfigMap - name: config-br-default-channel - namespace: knative-eventing - delivery: - retry: 10 - backoffPolicy: exponential - backoffDelay: PT0.2S - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: default-ch-webhook - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -data: - # Configuration for defaulting channels that do not specify CRD implementations. - default-ch-config: | - clusterDefault: - apiVersion: messaging.knative.dev/v1 - kind: InMemoryChannel - namespaceDefaults: - some-namespace: - apiVersion: messaging.knative.dev/v1 - kind: InMemoryChannel - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-ping-defaults - namespace: knative-eventing - labels: - annotations: - knative.dev/example-checksum: "9185c153" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # Max number of bytes allowed to be sent for message excluding any - # base64 decoding. Default is no limit set for data - data-max-size: -1 - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-features - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -data: - # ALPHA feature: The kreference-group allows you to use the Group field in KReferences. - # For more details: https://github.com/knative/eventing/issues/5086 - kreference-group: "disabled" - # ALPHA feature: The delivery-retryafter allows you to use the RetryAfter field in DeliverySpec. - # For more details: https://github.com/knative/eventing/issues/5811 - delivery-retryafter: "disabled" - # BETA feature: The delivery-timeout allows you to use the Timeout field in DeliverySpec. - # For more details: https://github.com/knative/eventing/issues/5148 - delivery-timeout: "enabled" - # ALPHA feature: The kreference-mapping allows you to map kreference onto templated URI - # For more details: https://github.com/knative/eventing/issues/5593 - kreference-mapping: "disabled" - # ALPHA feature: The new-trigger-filters flag allows you to use the new `filters` field - # in Trigger objects with its rich filtering capabilities. - # For more details: https://github.com/knative/eventing/issues/5204 - new-trigger-filters: "disabled" - # ALPHA feature: The transport-encryption flag allows you to encrypt events in transit using the transport layer security (TLS) protocol. - # For more details: https://github.com/knative/eventing/issues/5957 - transport-encryption: "disabled" - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-kreference-mapping - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - annotations: - knative.dev/example-checksum: "7375dbe1" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - - # this is an example of mapping from pod to addressable-pod service - # the data key must be of the form "kind.version.group" - # the data value must be a valid URL. Valid template data are: - # - Name: reference name - # - Namespace: reference namespace - # - SystemNamespace: knative namespace - # - UID: reference UID - # - # Pod.v1: https://addressable-pod.{{ .SystemNamespace }}.svc.cluster.local/{{ .Name }} - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-leader-election - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing - annotations: - knative.dev/example-checksum: "f7948630" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # lease-duration is how long non-leaders will wait to try to acquire the - # lock; 15 seconds is the value used by core kubernetes controllers. - lease-duration: "15s" - - # renew-deadline is how long a leader will try to renew the lease before - # giving up; 10 seconds is the value used by core kubernetes controllers. - renew-deadline: "10s" - - # retry-period is how long the leader election client waits between tries of - # actions; 2 seconds is the value used by core kubernetes controllers. - retry-period: "2s" - - # buckets is the number of buckets used to partition key space of each - # Reconciler. If this number is M and the replica number of the controller - # is N, the N replicas will compete for the M buckets. The owner of a - # bucket will take care of the reconciling for the keys partitioned into - # that bucket. - buckets: "1" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-logging - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -data: - # Common configuration for all Knative codebase - zap-logger-config: | - { - "level": "info", - "development": false, - "outputPaths": ["stdout"], - "errorOutputPaths": ["stderr"], - "encoding": "json", - "encoderConfig": { - "timeKey": "ts", - "levelKey": "level", - "nameKey": "logger", - "callerKey": "caller", - "messageKey": "msg", - "stacktraceKey": "stacktrace", - "lineEnding": "", - "levelEncoder": "", - "timeEncoder": "iso8601", - "durationEncoder": "", - "callerEncoder": "" - } - } - # Log level overrides - # For all components changes are be picked up immediately. - loglevel.controller: "info" - loglevel.webhook: "info" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-observability - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing - annotations: - knative.dev/example-checksum: "f46cf09d" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # metrics.backend-destination field specifies the system metrics destination. - # It supports either prometheus (the default) or stackdriver. - # Note: Using stackdriver will incur additional charges - metrics.backend-destination: prometheus - - # metrics.request-metrics-backend-destination specifies the request metrics - # destination. If non-empty, it enables queue proxy to send request metrics. - # Currently supported values: prometheus, stackdriver. - metrics.request-metrics-backend-destination: prometheus - - # metrics.stackdriver-project-id field specifies the stackdriver project ID. This - # field is optional. When running on GCE, application default credentials will be - # used if this field is not provided. - metrics.stackdriver-project-id: "" - - # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to - # Stackdriver using "global" resource type and custom metric type if the - # metrics are not supported by "knative_broker", "knative_trigger", and "knative_source" resource types. - # Setting this flag to "true" could cause extra Stackdriver charge. - # If metrics.backend-destination is not Stackdriver, this is ignored. - metrics.allow-stackdriver-custom-metrics: "false" - - # profiling.enable indicates whether it is allowed to retrieve runtime profiling data from - # the pods via an HTTP server in the format expected by the pprof visualization tool. When - # enabled, the Knative Eventing pods expose the profiling data on an alternate HTTP port 8008. - # The HTTP context root for profiling is then /debug/pprof/. - profiling.enable: "false" - - # sink-event-error-reporting.enable whether the adapter reports a kube event to the CRD indicating - # a failure to send a cloud event to the sink. - sink-event-error-reporting.enable: "false" - ---- -# Copyright 2022 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-sugar - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing - annotations: - knative.dev/example-checksum: "62dfac6f" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # namespace-selector specifies a LabelSelector which - # determines which namespaces the Sugar Controller should operate upon - # Use an empty value to disable the feature (this is the default): - namespace-selector: "" - - # Use an empty object as a string to enable for all namespaces - namespace-selector: "{}" - - # trigger-selector specifies a LabelSelector which - # determines which triggers the Sugar Controller should operate upon - # Use an empty value to disable the feature (this is the default): - trigger-selector: "" - - # Use an empty object as string to enable for all triggers - trigger-selector: "{}" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-tracing - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing - annotations: - knative.dev/example-checksum: "0492ceb0" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - # - # This may be "zipkin" or "none". the default is "none" - backend: "none" - - # URL to zipkin collector where traces are sent. - # This must be specified when backend is "zipkin" - zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans" - - # Enable zipkin debug mode. This allows all spans to be sent to the server - # bypassing sampling. - debug: "false" - - # Percentage (0-1) of requests to trace - sample-rate: "0.1" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: eventing-controller - namespace: knative-eventing - labels: - knative.dev/high-availability: "true" - app.kubernetes.io/component: eventing-controller - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: - app: eventing-controller - template: - metadata: - labels: - app: eventing-controller - app.kubernetes.io/component: eventing-controller - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: eventing-controller - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: eventing-controller - enableServiceLinks: false - containers: - - name: eventing-controller - terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing/cmd/controller@sha256:dabca614cd4e1246b6a7b2f2acff5388ebd840cd1a3c3a8c85b5627875e9b9fc - resources: - requests: - cpu: 100m - memory: 100Mi - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/eventing - # APIServerSource - - name: APISERVER_RA_IMAGE - value: gcr.io/knative-releases/knative.dev/eventing/cmd/apiserver_receive_adapter@sha256:e15615b4f633a65dd24cf2d113734da28f831c39d71fc017134196e70024feae - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - ## Adapter settings - # - name: K_LOGGING_CONFIG - # value: '' - # - name: K_LEADER_ELECTION_CONFIG - # value: '' - # - name: K_NO_SHUTDOWN_AFTER - # value: '' - ## Time in seconds the adapter will wait for the sink to respond. Default is no timeout - # - name: K_SINK_TIMEOUT - # value: '' - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - livenessProbe: - httpGet: - path: /health - port: probes - scheme: HTTP - initialDelaySeconds: 20 - periodSeconds: 10 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /readiness - port: probes - scheme: HTTP - initialDelaySeconds: 20 - periodSeconds: 10 - timeoutSeconds: 5 - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: probes - containerPort: 8080 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: pingsource-mt-adapter - namespace: knative-eventing - labels: - app.kubernetes.io/component: pingsource-mt-adapter - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -spec: - # when set to 0 (and only 0) will be set to 1 when the first PingSource is created. - replicas: 0 - selector: - matchLabels: &labels - eventing.knative.dev/source: ping-source-controller - sources.knative.dev/role: adapter - template: - metadata: - labels: - !!merge <<: *labels - app.kubernetes.io/component: pingsource-mt-adapter - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: *labels - topologyKey: kubernetes.io/hostname - weight: 100 - enableServiceLinks: false - containers: - - name: dispatcher - image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtping@sha256:494f5471088e90fc88d87e7ec50bcc64988e853d66410aff62c76050bebec737 - env: - - name: SYSTEM_NAMESPACE - value: '' - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: NAMESPACE - value: '' - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - # DO NOT MODIFY: The values below are being filled by the ping source controller - # See 500-controller.yaml - - name: K_METRICS_CONFIG - value: '' - - name: K_LOGGING_CONFIG - value: '' - - name: K_LEADER_ELECTION_CONFIG - value: '' - - name: K_NO_SHUTDOWN_AFTER - value: '' - - name: K_SINK_TIMEOUT - value: '-1' - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - ports: - - containerPort: 9090 - name: metrics - protocol: TCP - resources: - requests: - cpu: 125m - memory: 64Mi - limits: - cpu: 1000m - memory: 2048Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - serviceAccountName: pingsource-mt-adapter - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: eventing-webhook - namespace: knative-eventing - labels: - app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: eventing-webhook - minReplicas: 1 - maxReplicas: 5 - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 100 ---- -# Webhook PDB. -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: eventing-webhook - namespace: knative-eventing - labels: - app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -spec: - minAvailable: 80% - selector: - matchLabels: - app: eventing-webhook - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: eventing-webhook - namespace: knative-eventing - labels: - app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: &labels - app: eventing-webhook - role: eventing-webhook - template: - metadata: - labels: - !!merge <<: *labels - app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: eventing-webhook - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: eventing-webhook - enableServiceLinks: false - containers: - - name: eventing-webhook - terminationMessagePolicy: FallbackToLogsOnError - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/eventing/cmd/webhook@sha256:ac3774f620e33ee2fcda84142b915385fdd435b1c2e6af0bd1949574f208ec11 - resources: - requests: - # taken from serving. - cpu: 100m - memory: 50Mi - limits: - # taken from serving. - cpu: 200m - memory: 200Mi - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: METRICS_DOMAIN - value: knative.dev/eventing - - name: WEBHOOK_NAME - value: eventing-webhook - - name: WEBHOOK_PORT - value: "8443" - # SINK_BINDING_SELECTION_MODE specifies the NamespaceSelector and ObjectSelector - # for the sinkbinding webhook. - # If `inclusion` is selected, namespaces/objects labelled as `bindings.knative.dev/include:true` - # will be considered by the sinkbinding webhook; - # If `exclusion` is selected, namespaces/objects labelled as `bindings.knative.dev/exclude:true` - # will NOT be considered by the sinkbinding webhook. - # The default is `exclusion`. - - name: SINK_BINDING_SELECTION_MODE - value: "exclusion" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: https-webhook - containerPort: 8443 - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - readinessProbe: &probe - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - livenessProbe: - !!merge <<: *probe - initialDelaySeconds: 120 - # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently - # high value that we respect whatever value it has configured for the lame duck grace period. - terminationGracePeriodSeconds: 300 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - role: eventing-webhook - app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing - name: eventing-webhook - namespace: knative-eventing -spec: - ports: - - name: https-webhook - port: 443 - targetPort: 8443 - selector: - role: eventing-webhook - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing - annotations: - # TODO add schemas and descriptions - registry.knative.dev/eventTypes: | - [ - { "type": "dev.knative.apiserver.resource.add" }, - { "type": "dev.knative.apiserver.resource.delete" }, - { "type": "dev.knative.apiserver.resource.update" }, - { "type": "dev.knative.apiserver.ref.add" }, - { "type": "dev.knative.apiserver.ref.delete" }, - { "type": "dev.knative.apiserver.ref.update" } - ] - name: apiserversources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'ApiServerSource is an event source that brings Kubernetes API server events into Knative.' - type: object - properties: - spec: - type: object - required: - - resources - properties: - ceOverrides: - description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. - type: object - properties: - extensions: - description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. - type: object - x-kubernetes-preserve-unknown-fields: true - mode: - description: EventMode controls the format of the event. `Reference` sends a dataref event type for the resource under watch. `Resource` send the full resource lifecycle event. Defaults to `Reference` - type: string - owner: - description: ResourceOwner is an additional filter to only track resources that are owned by a specific resource type. If ResourceOwner matches Resources[n] then Resources[n] is allowed to pass the ResourceOwner filter. - type: object - properties: - apiVersion: - description: APIVersion - the API version of the resource to watch. - type: string - kind: - description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - resources: - description: Resource are the resources this source will track and send related lifecycle events from the Kubernetes ApiServer, with an optional label selector to help filter. - type: array - items: - type: object - properties: - apiVersion: - description: APIVersion - the API version of the resource to watch. - type: string - kind: - description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - selector: - description: 'LabelSelector filters this source to objects to those resources pass the label selector. More info: http://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - type: object - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount to use to run this source. Defaults to default if not set. - type: string - sink: - description: Sink is a reference to an object that will resolve to a uri to use as the sink. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - namespaceSelector: - description: NamespaceSelector is a label selector to capture the namespaces that should be watched by the source. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - type: object - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. - type: array - items: - type: object - properties: - source: - description: Source is the CloudEvents source attribute. - type: string - type: - description: Type refers to the CloudEvent type attribute. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - sinkUri: - description: SinkURI is the current active sink URI that has been configured for the Source. - type: string - namespaces: - description: Namespaces show the namespaces currently watched by the ApiServerSource - type: array - items: - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - categories: - - all - - knative - - sources - kind: ApiServerSource - plural: apiserversources - singular: apiserversource - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: brokers.eventing.knative.dev - labels: - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -spec: - group: eventing.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Broker collects a pool of events that are consumable using Triggers. Brokers provide a well-known endpoint for event delivery that senders can use with minimal knowledge of the event routing strategy. Subscribers use Triggers to request delivery of events from a Broker''s pool to a specific URL or Addressable endpoint.' - type: object - properties: - spec: - description: Spec defines the desired state of the Broker. - type: object - properties: - config: - description: Config is a KReference to the configuration that specifies configuration options for this Broker. For example, this could be a pointer to a ConfigMap. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - delivery: - description: Delivery contains the delivery spec for each trigger to this Broker. Each trigger delivery spec, if any, overrides this global delivery spec. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - status: - description: Status represents the current state of the Broker. This data may be out of date. - type: object - properties: - address: - description: Broker is Addressable. It exposes the endpoint as an URI to get events delivered into the Broker mesh. - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - - name: Class - type: string - priority: 1 - jsonPath: '.metadata.annotations.eventing\.knative\.dev/broker\.class' - names: - kind: Broker - plural: brokers - singular: broker - categories: - - all - - knative - - eventing - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: channels.messaging.knative.dev - labels: - knative.dev/crd-install: "true" - messaging.knative.dev/subscribable: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -spec: - group: messaging.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - schema: - openAPIV3Schema: - description: 'Channel represents a generic Channel. It is normally used when we want a Channel, but do not need a specific Channel implementation.' - type: object - properties: - spec: - description: Spec defines the desired state of the Channel. - type: object - properties: - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use to create the CRD Channel backing this Channel. This is immutable after creation. Normally this is set by the Channel defaulter, not directly by the user. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - delivery: - description: DeliverySpec contains the default delivery spec for each subscription to this Channelable. Each subscription delivery spec, if any, overrides this global delivery spec. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - subscribers: - description: This is the list of subscriptions for this subscribable. - type: array - items: - type: object - properties: - delivery: - description: DeliverySpec contains options controlling the event delivery - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - generation: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - replyUri: - description: ReplyURI is the endpoint for the reply - type: string - subscriberUri: - description: SubscriberURI is the endpoint for the subscriber - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - status: - description: Status represents the current state of the Channel. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - channel: - description: Channel is an KReference to the Channel CRD backing this Channel. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - deadLetterChannel: - description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscribers: - description: This is the list of subscription's statuses for this channel. - type: array - items: - type: object - properties: - message: - description: A human readable message indicating details of Ready status. - type: string - observedGeneration: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - ready: - description: Status of the subscriber. - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - names: - kind: Channel - plural: channels - singular: channel - categories: - - all - - knative - - messaging - - channel - shortNames: - - ch - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing - name: containersources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'ContainerSource is an event source that starts a container image which generates events under certain situations and sends messages to a sink URI' - type: object - properties: - spec: - type: object - properties: - ceOverrides: - description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. - type: object - properties: - extensions: - description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. - type: object - x-kubernetes-preserve-unknown-fields: true - sink: - description: Sink is a reference to an object that will resolve to a uri to use as the sink. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - # WARNING: the schema tool can not parse PodTemplateSpec, stub here and redirect to Deployment documentation. - template: - type: object - x-kubernetes-preserve-unknown-fields: true - description: 'A template in the shape of `Deployment.spec.template` to be used for this ContainerSource. More info: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/' - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. - type: array - items: - type: object - properties: - source: - description: Source is the CloudEvents source attribute. - type: string - type: - description: Type refers to the CloudEvent type attribute. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - sinkUri: - description: SinkURI is the current active sink URI that has been configured for the Source. - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - categories: - - all - - knative - - sources - kind: ContainerSource - plural: containersources - singular: containersource - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: eventtypes.eventing.knative.dev - labels: - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -spec: - group: eventing.knative.dev - versions: - - name: v1beta1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - description: 'EventType represents a type of event that can be consumed from a Broker.' - properties: - spec: - description: 'Spec defines the desired state of the EventType.' - type: object - properties: - broker: - type: string - description: - description: 'Description is an optional field used to describe the EventType, in any meaningful way.' - type: string - schema: - description: 'Schema is a URI, it represents the CloudEvents schemaurl extension attribute. It may be a JSON schema, a protobuf schema, etc. It is optional.' - type: string - schemaData: - description: 'SchemaData allows the CloudEvents schema to be stored directly in the EventType. Content is dependent on the encoding. Optional attribute. The contents are not validated or manipulated by the system.' - type: string - source: - description: 'Source is a URI, it represents the CloudEvents source.' - type: string - type: - description: 'Type represents the CloudEvents type. It is authoritative.' - type: string - status: - description: 'Status represents the current state of the EventType. This data may be out of date.' - type: object - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - observedGeneration: - description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' - type: integer - format: int64 - additionalPrinterColumns: - - name: Type - type: string - jsonPath: ".spec.type" - - name: Source - type: string - jsonPath: ".spec.source" - - name: Schema - type: string - jsonPath: ".spec.schema" - - name: Broker - type: string - jsonPath: ".spec.broker" - - name: Description - type: string - jsonPath: ".spec.description" - # TODO remove Status https://github.com/knative/eventing/issues/2750 - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: EventType - plural: eventtypes - singular: eventtype - categories: - - all - - knative - - eventing - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: parallels.flows.knative.dev - labels: - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -spec: - group: flows.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Parallel defines conditional branches that will be wired in series through Channels and Subscriptions.' - type: object - properties: - spec: - description: Spec defines the desired state of the Parallel. - type: object - properties: - branches: - description: Branches is the list of Filter/Subscribers pairs. - type: array - items: - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - delivery: - description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: &addressableProperties - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - filter: - description: Filter is the expression guarding the branch - type: object - properties: - !!merge <<: *addressableProperties - reply: - description: Reply is a Reference to where the result of Subscriber of this case gets sent to. If not specified, sent the result to the Parallel Reply - type: object - properties: - !!merge <<: *addressableProperties - subscriber: - description: Subscriber receiving the event when the filter passes - type: object - properties: - !!merge <<: *addressableProperties - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - reply: - description: Reply is a Reference to where the result of a case Subscriber gets sent to when the case does not have a Reply - type: object - properties: - !!merge <<: *addressableProperties - status: - description: Status represents the current state of the Parallel. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - branchStatuses: - description: BranchStatuses is an array of corresponding to branch statuses. Matches the Spec.Branches array in the order. - type: array - items: - type: object - properties: - filterChannelStatus: - description: FilterChannelStatus corresponds to the filter channel status. - type: object - properties: &channelProperties - channel: - description: Channel is the reference to the underlying channel. - type: object - properties: &referentProperties - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - ready: - description: ReadyCondition indicates whether the Channel is ready or not. - type: object - x-kubernetes-preserve-unknown-fields: true - properties: &readyConditionProperties - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - filterSubscriptionStatus: - description: FilterSubscriptionStatus corresponds to the filter subscription status. - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - properties: - !!merge <<: *readyConditionProperties - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - !!merge <<: *referentProperties - subscriberSubscriptionStatus: - description: SubscriptionStatus corresponds to the subscriber subscription status. - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - properties: - !!merge <<: *readyConditionProperties - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - !!merge <<: *referentProperties - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - properties: - !!merge <<: *readyConditionProperties - ingressChannelStatus: - description: IngressChannelStatus corresponds to the ingress channel status. - type: object - properties: - !!merge <<: *channelProperties - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Parallel - plural: parallels - singular: parallel - categories: - - all - - knative - - flows - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing - annotations: - # TODO add schemas and descriptions - registry.knative.dev/eventTypes: | - [ - { "type": "dev.knative.sources.ping" } - ] - name: pingsources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - &version - name: v1beta2 - served: true - storage: false - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - description: 'PingSource describes an event source with a fixed payload produced on a specified cron schedule.' - properties: - spec: - type: object - description: 'PingSourceSpec defines the desired state of the PingSource (from the client).' - properties: - ceOverrides: - description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' - type: object - properties: - extensions: - description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' - type: object - additionalProperties: - type: string - x-kubernetes-preserve-unknown-fields: true - contentType: - description: 'ContentType is the media type of `data` or `dataBase64`. Default is empty.' - type: string - data: - description: 'Data is data used as the body of the event posted to the sink. Default is empty. Mutually exclusive with `dataBase64`.' - type: string - dataBase64: - description: "DataBase64 is the base64-encoded string of the actual event's body posted to the sink. Default is empty. Mutually exclusive with `data`." - type: string - schedule: - description: 'Schedule is the cron schedule. Defaults to `* * * * *`.' - type: string - sink: - description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' - type: object - properties: - ref: - description: 'Ref points to an Addressable.' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' - type: string - timezone: - description: 'Timezone modifies the actual time relative to the specified timezone. Defaults to the system time zone. More general information about time zones: https://www.iana.org/time-zones List of valid timezone values: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones' - type: string - status: - type: object - description: 'PingSourceStatus defines the observed state of PingSource (from the controller).' - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' - type: array - items: - type: object - properties: - source: - description: 'Source is the CloudEvents source attribute.' - type: string - type: - description: 'Type refers to the CloudEvent type attribute.' - type: string - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - observedGeneration: - description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' - type: integer - format: int64 - sinkUri: - description: 'SinkURI is the current active sink URI that has been configured for the Source.' - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: .status.sinkUri - - name: Schedule - type: string - jsonPath: .spec.schedule - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - !!merge <<: *version - name: v1 - served: true - storage: true - # v1 schema is identical to the v1beta2 schema - names: - categories: - - all - - knative - - sources - kind: PingSource - plural: pingsources - singular: pingsource - scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: sequences.flows.knative.dev - labels: - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -spec: - group: flows.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Sequence defines a sequence of Subscribers that will be wired in series through Channels and Subscriptions.' - type: object - properties: - spec: - description: Spec defines the desired state of the Sequence. - type: object - properties: - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - reply: - description: Reply is a Reference to where the result of the last Subscriber gets sent to. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - steps: - description: Steps is the list of Destinations (processors / functions) that will be called in the order provided. Each step has its own delivery options - type: array - items: - type: object - properties: - delivery: - description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - status: - description: Status represents the current state of the Sequence. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - channelStatuses: - description: ChannelStatuses is an array of corresponding Channel statuses. Matches the Spec.Steps array in the order. - type: array - items: - type: object - properties: - channel: - description: Channel is the reference to the underlying channel. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - ready: - description: ReadyCondition indicates whether the Channel is ready or not. - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscriptionStatuses: - description: SubscriptionStatuses is an array of corresponding Subscription statuses. Matches the Spec.Steps array in the order. - type: array - items: - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Sequence - plural: sequences - singular: sequence - categories: - - all - - knative - - flows - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - duck.knative.dev/binding: "true" - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing - name: sinkbindings.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'SinkBinding describes a Binding that is also a Source. The `sink` (from the Source duck) is resolved to a URL and then projected into the `subject` by augmenting the runtime contract of the referenced containers to have a `K_SINK` environment variable holding the endpoint to which to send cloud events.' - type: object - properties: - spec: - type: object - properties: - ceOverrides: - description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. - type: object - properties: - extensions: - description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. - type: object - x-kubernetes-preserve-unknown-fields: true - sink: - description: Sink is a reference to an object that will resolve to a uri to use as the sink. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - subject: - description: Subject references the resource(s) whose "runtime contract" should be augmented by Binding implementations. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: Kind of the referent. - type: string - name: - description: Name of the referent. Mutually exclusive with Selector. - type: string - namespace: - description: Namespace of the referent. - type: string - selector: - description: Selector of the referents. Mutually exclusive with Name. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - type: object - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. - type: array - items: - type: object - properties: - source: - description: Source is the CloudEvents source attribute. - type: string - type: - description: Type refers to the CloudEvent type attribute. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - sinkUri: - description: SinkURI is the current active sink URI that has been configured for the Source. - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - categories: - - all - - knative - - sources - - bindings - kind: SinkBinding - plural: sinkbindings - singular: sinkbinding - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: subscriptions.messaging.knative.dev - labels: - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -spec: - group: messaging.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'Subscription routes events received on a Channel to a DNS name and corresponds to the subscriptions.channels.knative.dev CRD.' - type: object - properties: - spec: - type: object - properties: - channel: - description: 'Reference to a channel that will be used to create the subscription. You can specify only the following fields of the KReference: kind, apiVersion and name. The resource pointed by this KReference must meet the contract to the ChannelableSpec duck type. If the resource does not meet this contract it will be reflected in the Subscription''s status. This field is immutable. We have no good answer on what happens to the events that are currently in the channel being consumed from and what the semantics there should be. For now, you can always delete the Subscription and recreate it to point to a different channel, giving the user more control over what semantics should be used (drain the channel first, possibly have events dropped, etc.)' - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - delivery: - description: Delivery configuration - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - reply: - description: Reply specifies (optionally) how to handle events returned from the Subscriber target. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - subscriber: - description: Subscriber is reference to (optional) function for processing events. Events from the Channel will be delivered here and replies are sent to a Destination as specified by the Reply. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - status: - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - physicalSubscription: - description: PhysicalSubscription is the fully resolved values that this Subscription represents. - type: object - properties: - deadLetterSinkUri: - description: ReplyURI is the fully resolved URI for the spec.delivery.deadLetterSink. - type: string - replyUri: - description: ReplyURI is the fully resolved URI for the spec.reply. - type: string - subscriberUri: - description: SubscriberURI is the fully resolved URI for spec.subscriber. - type: string - additionalPrinterColumns: - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Subscription - plural: subscriptions - singular: subscription - categories: - - all - - knative - - messaging - shortNames: - - sub - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: triggers.eventing.knative.dev - labels: - knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -spec: - group: eventing.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Broker - type: string - jsonPath: .spec.broker - - name: Subscriber_URI - type: string - jsonPath: .status.subscriberUri - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - schema: - openAPIV3Schema: - description: 'Trigger represents a request to have events delivered to a subscriber from a Broker''s event pool.' - type: object - properties: - spec: - description: Spec defines the desired state of the Trigger. - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - broker: - description: Broker is the broker that this trigger receives events from. - type: string - delivery: - description: Delivery contains the delivery spec for this specific trigger. - type: object - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - filter: - description: 'Filter is the filter to apply against all events from the Broker. Only events that pass this filter will be sent to the Subscriber. If not specified, will default to allowing all events. ' - type: object - properties: - attributes: - description: 'Attributes filters events by exact match on event context attributes. Each key in the map is compared with the equivalent key in the event context. An event passes the filter if all values are equal to the specified values. Nested context attributes are not supported as keys. Only string values are supported. ' - type: object - x-kubernetes-preserve-unknown-fields: true - subscriber: - description: Subscriber is the addressable that receives events from the Broker that pass the Filter. It is required. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - status: - description: Status represents the current state of the Trigger. This data may be out of date. - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter sink for this Trigger, in case there is none this will fallback to it's Broker status DeadLetterSinkURI. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscriberUri: - description: SubscriberURI is the resolved URI of the receiver for this Trigger. - type: string - names: - kind: Trigger - plural: triggers - singular: trigger - categories: - - all - - knative - - eventing - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Use this aggregated ClusterRole when you need readonly access to "Addressables" -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: addressable-resolver - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -aggregationRule: - clusterRoleSelectors: - - matchLabels: - duck.knative.dev/addressable: "true" -rules: [] # Rules are automatically filled in by the controller manager. ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: service-addressable-resolver - labels: - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: serving-addressable-resolver - labels: - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - serving.knative.dev - resources: - - routes - - routes/status - - services - - services/status - verbs: - - get - - list - - watch ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: channel-addressable-resolver - labels: - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - messaging.knative.dev - resources: - - channels - - channels/status - verbs: - - get - - list - - watch - - apiGroups: - - messaging.knative.dev - resources: - - channels/finalizers - verbs: - - update ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: broker-addressable-resolver - labels: - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - eventing.knative.dev - resources: - - brokers - - brokers/status - verbs: - - get - - list - - watch ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: flows-addressable-resolver - labels: - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - flows.knative.dev - resources: - - sequences - - sequences/status - - parallels - - parallels/status - verbs: - - get - - list - - watch - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: eventing-broker-filter - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - "get" - - "list" - - "watch" - - apiGroups: - - "eventing.knative.dev" - resources: - - "triggers" - - "triggers/status" - verbs: - - "get" - - "list" - - "watch" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: eventing-broker-ingress - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - "get" - - "list" - - "watch" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: eventing-config-reader - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - "get" - - "list" - - "watch" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Use this aggregated ClusterRole when you need read and update permissions on "Channelables". -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: channelable-manipulator - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -aggregationRule: - clusterRoleSelectors: - - matchLabels: - duck.knative.dev/channelable: "true" -rules: [] # Rules are automatically filled in by the controller manager. ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: meta-channelable-manipulator - labels: - duck.knative.dev/channelable: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "channelable-manipulator" role. -rules: - - apiGroups: - - messaging.knative.dev - resources: - - channels - - channels/status - verbs: - - create - - get - - list - - watch - - update - - patch - - delete - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-eventing-namespaced-admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["eventing.knative.dev"] - resources: ["*"] - verbs: ["*"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-messaging-namespaced-admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["messaging.knative.dev"] - resources: ["*"] - verbs: ["*"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-flows-namespaced-admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["flows.knative.dev"] - resources: ["*"] - verbs: ["*"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-sources-namespaced-admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["sources.knative.dev"] - resources: ["*"] - verbs: ["*"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-bindings-namespaced-admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["bindings.knative.dev"] - resources: ["*"] - verbs: ["*"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-eventing-namespaced-edit - labels: - rbac.authorization.k8s.io/aggregate-to-edit: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev"] - resources: ["*"] - verbs: ["create", "update", "patch", "delete"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-eventing-namespaced-view - labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev"] - resources: ["*"] - verbs: ["get", "list", "watch"] - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-controller - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - "" - resources: - - "namespaces" - - "secrets" - - "configmaps" - - "services" - - "endpoints" - - "events" - - "serviceaccounts" - - "pods" - verbs: &everything - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" - # Brokers and the namespace annotation controllers manipulate Deployments. - - apiGroups: - - "apps" - resources: - - "deployments" - verbs: *everything - # PingSource controller manipulates Deployment owner reference - - apiGroups: - - "apps" - resources: - - "deployments/finalizers" - verbs: - - "update" - # The namespace annotation controller needs to manipulate RoleBindings. - - apiGroups: - - "rbac.authorization.k8s.io" - resources: - - "rolebindings" - verbs: *everything - # Our own resources and statuses we care about. - - apiGroups: - - "eventing.knative.dev" - resources: - - "brokers" - - "brokers/status" - - "triggers" - - "triggers/status" - - "eventtypes" - - "eventtypes/status" - verbs: *everything - # Eventing resources and finalizers we care about. - - apiGroups: - - "eventing.knative.dev" - resources: - - "brokers/finalizers" - - "triggers/finalizers" - verbs: - - "update" - # Our own resources and statuses we care about. - - apiGroups: - - "messaging.knative.dev" - resources: - - "sequences" - - "sequences/status" - - "channels" - - "channels/status" - - "parallels" - - "parallels/status" - - "subscriptions" - - "subscriptions/status" - verbs: *everything - # Flow resources and statuses we care about. - - apiGroups: - - "flows.knative.dev" - resources: - - "sequences" - - "sequences/status" - - "parallels" - - "parallels/status" - verbs: *everything - # Messaging resources and finalizers we care about. - - apiGroups: - - "messaging.knative.dev" - resources: - - "sequences/finalizers" - - "parallels/finalizers" - - "channels/finalizers" - verbs: - - "update" - # Flows resources and finalizers we care about. - - apiGroups: - - "flows.knative.dev" - resources: - - "sequences/finalizers" - - "parallels/finalizers" - verbs: - - "update" - # The subscription controller needs to retrieve and watch CustomResourceDefinitions. - - apiGroups: - - "apiextensions.k8s.io" - resources: - - "customresourcedefinitions" - verbs: - - "get" - - "list" - - "watch" - # For leader election - - apiGroups: - - "coordination.k8s.io" - resources: - - "leases" - verbs: *everything - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-pingsource-mt-adapter - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - "get" - - "list" - - "watch" - - apiGroups: - - sources.knative.dev - resources: - - pingsources - - pingsources/status - verbs: - - get - - list - - watch - - patch - - apiGroups: - - sources.knative.dev - resources: - - pingsources/finalizers - verbs: - - "patch" - - apiGroups: - - "" - resources: - - events - verbs: - - "create" - - "patch" - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Use this aggregated ClusterRole when you need readonly access to "PodSpecables" -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: podspecable-binding - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -aggregationRule: - clusterRoleSelectors: - - matchLabels: - duck.knative.dev/podspecable: "true" -rules: [] # Rules are automatically filled in by the controller manager. ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: builtin-podspecable-binding - labels: - duck.knative.dev/podspecable: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "podspecable-binding role. -rules: - # To patch the subjects of our bindings - - apiGroups: - - "apps" - resources: - - "deployments" - - "daemonsets" - - "statefulsets" - - "replicasets" - verbs: - - "list" - - "watch" - - "patch" - - apiGroups: - - "batch" - resources: - - "jobs" - verbs: - - "list" - - "watch" - - "patch" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Use this aggregated ClusterRole when you need to read "Sources". -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: source-observer - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -aggregationRule: - clusterRoleSelectors: - - matchLabels: - duck.knative.dev/source: "true" -rules: [] # Rules are automatically filled in by the controller manager. ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: eventing-sources-source-observer - labels: - duck.knative.dev/source: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "source-observer" role. -rules: - - apiGroups: - - sources.knative.dev - resources: - - apiserversources - - pingsources - - sinkbindings - - containersources - verbs: - - get - - list - - watch - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-sources-controller - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - "" - resources: - - "secrets" - - "configmaps" - - "services" - verbs: &everything - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" - # Deployments admin - - apiGroups: - - "apps" - resources: - - "deployments" - verbs: *everything - # Source resources and statuses we care about. - - apiGroups: - - "sources.knative.dev" - resources: - - "sinkbindings" - - "sinkbindings/status" - - "sinkbindings/finalizers" - - "apiserversources" - - "apiserversources/status" - - "apiserversources/finalizers" - - "pingsources" - - "pingsources/status" - - "pingsources/finalizers" - - "containersources" - - "containersources/status" - - "containersources/finalizers" - verbs: *everything - # Knative Services admin - - apiGroups: - - serving.knative.dev - resources: - - services - verbs: *everything - # EventTypes admin - - apiGroups: - - eventing.knative.dev - resources: - - eventtypes - verbs: *everything - # Events admin - - apiGroups: - - "" - resources: - - events - verbs: *everything - # Authorization checker - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-webhook - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -rules: - # For watching logging configuration and getting certs. - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - "get" - - "list" - - "watch" - # For manipulating certs into secrets. - - apiGroups: - - "" - resources: - - "namespaces" - verbs: - - "get" - - "create" - - "update" - - "list" - - "watch" - - "patch" - # finalizers are needed for the owner reference of the webhook - - apiGroups: - - "" - resources: - - "namespaces/finalizers" - verbs: - - "update" - # For getting our Deployment so we can decorate with ownerref. - - apiGroups: - - "apps" - resources: - - "deployments" - verbs: - - "get" - - apiGroups: - - "apps" - resources: - - "deployments/finalizers" - verbs: - - update - # For actually registering our webhook. - - apiGroups: - - "admissionregistration.k8s.io" - resources: - - "mutatingwebhookconfigurations" - - "validatingwebhookconfigurations" - verbs: &everything - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" - # For running the SinkBinding reconciler. - - apiGroups: - - "sources.knative.dev" - resources: - - "sinkbindings" - - "sinkbindings/status" - - "sinkbindings/finalizers" - verbs: *everything - # For leader election - - apiGroups: - - "coordination.k8s.io" - resources: - - "leases" - verbs: *everything - # For creating events - - apiGroups: - - "" - - "events.k8s.io" - resources: - - "events" - verbs: - - "get" - - "list" - - "create" - - "patch" - # Necessary for conversion webhook. These are copied from the serving - # TODO: Do we really need all these permissions? - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: knative-eventing - name: knative-eventing-webhook - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -rules: - # For manipulating certs into secrets. - - apiGroups: - - "" - resources: - - "secrets" - verbs: - - "get" - - "create" - - "update" - - "list" - - "watch" - - "patch" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: config.webhook.eventing.knative.dev - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing - sideEffects: None - failurePolicy: Ignore - name: config.webhook.eventing.knative.dev - namespaceSelector: - matchExpressions: - timeoutSeconds: 10 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: webhook.eventing.knative.dev - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing - sideEffects: None - failurePolicy: Fail - name: webhook.eventing.knative.dev - timeoutSeconds: 10 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validation.webhook.eventing.knative.dev - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing - sideEffects: None - failurePolicy: Fail - name: validation.webhook.eventing.knative.dev - timeoutSeconds: 10 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: eventing-webhook-certs - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -# The data is populated at install time. - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: sinkbindings.webhook.sources.knative.dev - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing - failurePolicy: Fail - sideEffects: None - name: sinkbindings.webhook.sources.knative.dev - timeoutSeconds: 10 - ---- diff --git a/cmd/operator/kodata/knative-eventing/1.10.5/3-eventing-tls-networking.yaml b/cmd/operator/kodata/knative-eventing/1.10.5/3-eventing-tls-networking.yaml deleted file mode 100644 index f6dfe17d57..0000000000 --- a/cmd/operator/kodata/knative-eventing/1.10.5/3-eventing-tls-networking.yaml +++ /dev/null @@ -1,99 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: selfsigned-issuer - namespace: knative-eventing -spec: - selfSigned: {} - ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: imc-dispatcher-server-tls - namespace: knative-eventing -spec: - # Secret names are always required. - secretName: imc-dispatcher-server-tls - secretTemplate: - labels: - app.kubernetes.io/component: imc-dispatcher - app.kubernetes.io/name: knative-eventing - duration: 2160h # 90d - renewBefore: 360h # 15d - subject: - organizations: - - local - isCA: false - privateKey: - algorithm: RSA - encoding: PKCS1 - size: 2048 - dnsNames: - - imc-dispatcher.knative-eventing.svc.cluster.local - issuerRef: - name: selfsigned-issuer - kind: Issuer - group: cert-manager.io - ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: mt-broker-filter-server-tls - namespace: knative-eventing -spec: - # Secret names are always required. - secretName: mt-broker-filter-server-tls - secretTemplate: - labels: - app.kubernetes.io/component: broker-filter - app.kubernetes.io/name: knative-eventing - duration: 2160h # 90d - renewBefore: 360h # 15d - subject: - organizations: - - local - isCA: false - privateKey: - algorithm: RSA - encoding: PKCS1 - size: 2048 - dnsNames: - - broker-filter.knative-eventing.svc.cluster.local - issuerRef: - name: selfsigned-issuer - kind: Issuer - group: cert-manager.io - ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: mt-broker-ingress-server-tls - namespace: knative-eventing -spec: - # Secret names are always required. - secretName: mt-broker-ingress-server-tls - secretTemplate: - labels: - app.kubernetes.io/component: broker-ingress - app.kubernetes.io/name: knative-eventing - duration: 2160h # 90d - renewBefore: 360h # 15d - subject: - organizations: - - local - isCA: false - privateKey: - algorithm: RSA - encoding: PKCS1 - size: 2048 - dnsNames: - - broker-ingress.knative-eventing.svc.cluster.local - issuerRef: - name: selfsigned-issuer - kind: Issuer - group: cert-manager.io - ---- diff --git a/cmd/operator/kodata/knative-eventing/1.10.5/4-in-memory-channel.yaml b/cmd/operator/kodata/knative-eventing/1.10.5/4-in-memory-channel.yaml deleted file mode 100644 index f50d185123..0000000000 --- a/cmd/operator/kodata/knative-eventing/1.10.5/4-in-memory-channel.yaml +++ /dev/null @@ -1,1193 +0,0 @@ -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: imc-controller - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: imc-controller - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: imc-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: imc-controller - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - namespace: knative-eventing - name: imc-controller - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: imc-controller - namespace: knative-eventing -roleRef: - kind: Role - name: knative-inmemorychannel-webhook - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: imc-controller-resolver - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: imc-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: addressable-resolver - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: imc-dispatcher - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: imc-dispatcher - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: imc-dispatcher - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: imc-dispatcher - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-imc-event-dispatcher - namespace: knative-eventing - labels: - app.kubernetes.io/component: imc-controller - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -data: - MaxIdleConnections: "1000" - MaxIdleConnectionsPerHost: "100" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-observability - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing - annotations: - knative.dev/example-checksum: "f46cf09d" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # metrics.backend-destination field specifies the system metrics destination. - # It supports either prometheus (the default) or stackdriver. - # Note: Using stackdriver will incur additional charges - metrics.backend-destination: prometheus - - # metrics.request-metrics-backend-destination specifies the request metrics - # destination. If non-empty, it enables queue proxy to send request metrics. - # Currently supported values: prometheus, stackdriver. - metrics.request-metrics-backend-destination: prometheus - - # metrics.stackdriver-project-id field specifies the stackdriver project ID. This - # field is optional. When running on GCE, application default credentials will be - # used if this field is not provided. - metrics.stackdriver-project-id: "" - - # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to - # Stackdriver using "global" resource type and custom metric type if the - # metrics are not supported by "knative_broker", "knative_trigger", and "knative_source" resource types. - # Setting this flag to "true" could cause extra Stackdriver charge. - # If metrics.backend-destination is not Stackdriver, this is ignored. - metrics.allow-stackdriver-custom-metrics: "false" - - # profiling.enable indicates whether it is allowed to retrieve runtime profiling data from - # the pods via an HTTP server in the format expected by the pprof visualization tool. When - # enabled, the Knative Eventing pods expose the profiling data on an alternate HTTP port 8008. - # The HTTP context root for profiling is then /debug/pprof/. - profiling.enable: "false" - - # sink-event-error-reporting.enable whether the adapter reports a kube event to the CRD indicating - # a failure to send a cloud event to the sink. - sink-event-error-reporting.enable: "false" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-tracing - namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing - annotations: - knative.dev/example-checksum: "0492ceb0" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - # - # This may be "zipkin" or "none". the default is "none" - backend: "none" - - # URL to zipkin collector where traces are sent. - # This must be specified when backend is "zipkin" - zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans" - - # Enable zipkin debug mode. This allows all spans to be sent to the server - # bypassing sampling. - debug: "false" - - # Percentage (0-1) of requests to trace - sample-rate: "0.1" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: imc-controller - namespace: knative-eventing - labels: - knative.dev/high-availability: "true" - app.kubernetes.io/component: imc-controller - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: &labels - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: controller - template: - metadata: - labels: - !!merge <<: *labels - app.kubernetes.io/component: imc-controller - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: *labels - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: imc-controller - enableServiceLinks: false - containers: - - name: controller - image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_controller@sha256:dea8b7d0a49e3726c8ed972d19991e4cae59383b28ef4d1007ff8cb32c30b6fe - env: - - name: WEBHOOK_NAME - value: inmemorychannel-webhook - - name: WEBHOOK_PORT - value: "8443" - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/inmemorychannel-controller - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: DISPATCHER_IMAGE - value: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:ec9a2229fabba6f8cdcf99fc768b17dbb44cd65f0efb45e18cf460dd4a5aa2aa - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: https-webhook - containerPort: 8443 - readinessProbe: &probe - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - livenessProbe: - !!merge <<: *probe - initialDelaySeconds: 120 - # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently - # high value that we respect whatever value it has configured for the lame duck grace period. - terminationGracePeriodSeconds: 300 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: imc-controller - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing - name: inmemorychannel-webhook - namespace: knative-eventing -spec: - ports: - - name: https-webhook - port: 443 - targetPort: 8443 - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - selector: - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: controller - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: imc-dispatcher - namespace: knative-eventing - labels: - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: dispatcher - app.kubernetes.io/component: imc-dispatcher - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -spec: - selector: - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: dispatcher - ports: - - name: http-dispatcher - port: 80 - protocol: TCP - targetPort: 8080 - - name: http-metrics - port: 9090 - targetPort: 9090 - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: imc-dispatcher - namespace: knative-eventing - labels: - knative.dev/high-availability: "true" - app.kubernetes.io/component: imc-dispatcher - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: &labels - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: dispatcher - template: - metadata: - labels: - !!merge <<: *labels - app.kubernetes.io/component: imc-dispatcher - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: *labels - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: imc-dispatcher - enableServiceLinks: false - containers: - - name: dispatcher - image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:ec9a2229fabba6f8cdcf99fc768b17dbb44cd65f0efb45e18cf460dd4a5aa2aa - readinessProbe: &probe - failureThreshold: 3 - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 - livenessProbe: - !!merge <<: *probe - initialDelaySeconds: 5 - env: - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/inmemorychannel-dispatcher - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: CONTAINER_NAME - value: dispatcher - - name: MAX_IDLE_CONNS - value: "1000" - - name: MAX_IDLE_CONNS_PER_HOST - value: "1000" - ports: - - containerPort: 8080 - name: http - protocol: TCP - - containerPort: 9090 - name: metrics - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: inmemorychannels.messaging.knative.dev - labels: - knative.dev/crd-install: "true" - messaging.knative.dev/subscribable: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -spec: - group: messaging.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'InMemoryChannel is a resource representing an in memory channel' - type: object - properties: - spec: - description: Spec defines the desired state of the Channel. - type: object - properties: - delivery: - description: DeliverySpec contains the default delivery spec for each subscription to this Channelable. Each subscription delivery spec, if any, overrides this global delivery spec. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout - subscribers: - description: This is the list of subscriptions for this subscribable. - type: array - items: - type: object - properties: - delivery: - description: DeliverySpec contains options controlling the event delivery - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature - generation: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - replyUri: - description: ReplyURI is the endpoint for the reply - type: string - subscriberUri: - description: SubscriberURI is the endpoint for the subscriber - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - status: - description: Status represents the current state of the Channel. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - deadLetterChannel: - description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - deadLetterSinkUri: - description: DeadLetterSinkURI is the resolved URI of the dead letter ref if one is specified in the Spec.Delivery. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscribers: - description: This is the list of subscription's statuses for this channel. - type: array - items: - type: object - properties: - message: - description: A human readable message indicating details of Ready status. - type: string - observedGeneration: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - ready: - description: Status of the subscriber. - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: InMemoryChannel - plural: inmemorychannels - singular: inmemorychannel - categories: - - all - - knative - - messaging - - channel - shortNames: - - imc - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: imc-addressable-resolver - labels: - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels - - inmemorychannels/status - verbs: - - get - - list - - watch - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: imc-channelable-manipulator - labels: - duck.knative.dev/channelable: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "channelable-manipulator" role. -rules: - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels - - inmemorychannels/status - verbs: - - create - - get - - list - - watch - - update - - patch - - delete - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: imc-controller - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels - - inmemorychannels/status - verbs: - - get - - list - - watch - - update - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels/finalizers - verbs: - - update - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels/finalizers - - inmemorychannels/status - - inmemorychannels - verbs: - - patch - - apiGroups: - - "" - resources: - - services - - serviceaccounts - verbs: &everything - - get - - list - - watch - - create - - update - - patch - - apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - "rbac.authorization.k8s.io" - resources: - - rolebindings - verbs: *everything - - apiGroups: - - apps - resources: - - deployments - verbs: *everything - - apiGroups: - - apps - resources: - - deployments/status - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: *everything - # For actually registering our webhook. - - apiGroups: - - "admissionregistration.k8s.io" - resources: - - "mutatingwebhookconfigurations" - - "validatingwebhookconfigurations" - verbs: &everything - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" - # For manipulating certs into secrets. - - apiGroups: - - "" - resources: - - "namespaces" - verbs: - - "get" - - "create" - - "update" - - "list" - - "watch" - - "patch" - # finalizers are needed for the owner reference of the webhook - - apiGroups: - - "" - resources: - - "namespaces/finalizers" - verbs: - - "update" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: imc-dispatcher - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels - - inmemorychannels/status - verbs: - - get - - list - - watch - - apiGroups: - - "" # Core API group. - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - # Updates the finalizer so we can remove our handlers when channel is deleted - # Patches the status.subscribers to reflect when the subscription dataplane has been - # configured. - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels/finalizers - - inmemorychannels/status - - inmemorychannels - verbs: - - patch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: knative-eventing - name: knative-inmemorychannel-webhook - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -rules: - # For manipulating certs into secrets. - - apiGroups: - - "" - resources: - - "secrets" - verbs: - - "get" - - "create" - - "update" - - "list" - - "watch" - - "patch" - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: inmemorychannel.eventing.knative.dev - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -webhooks: - - admissionReviewVersions: ["v1"] - clientConfig: - service: - name: inmemorychannel-webhook - namespace: knative-eventing - sideEffects: None - failurePolicy: Fail - name: inmemorychannel.eventing.knative.dev - timeoutSeconds: 10 - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validation.inmemorychannel.eventing.knative.dev - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -webhooks: - - admissionReviewVersions: ["v1"] - clientConfig: - service: - name: inmemorychannel-webhook - namespace: knative-eventing - sideEffects: None - failurePolicy: Fail - name: validation.inmemorychannel.eventing.knative.dev - timeoutSeconds: 10 - ---- -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: inmemorychannel-webhook-certs - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -# The data is populated at install time. - ---- diff --git a/cmd/operator/kodata/knative-eventing/1.10.5/5-mt-channel-broker.yaml b/cmd/operator/kodata/knative-eventing/1.10.5/5-mt-channel-broker.yaml deleted file mode 100644 index 2f6d116f1d..0000000000 --- a/cmd/operator/kodata/knative-eventing/1.10.5/5-mt-channel-broker.yaml +++ /dev/null @@ -1,657 +0,0 @@ -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-mt-channel-broker-controller - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -rules: - # Configs resources and status we care about. - - apiGroups: - - "" - resources: - - "namespaces/finalizers" - verbs: - - "update" - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-mt-broker-filter - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - eventing.knative.dev - resources: - - triggers - - triggers/status - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - get - - list - - watch - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: ServiceAccount -metadata: - name: mt-broker-filter - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-mt-broker-ingress - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -rules: - - apiGroups: - - eventing.knative.dev - resources: - - brokers - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - "configmaps" - verbs: - - get - - list - - watch - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: ServiceAccount -metadata: - name: mt-broker-ingress - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: eventing-mt-channel-broker-controller - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: eventing-controller - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-mt-channel-broker-controller - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-eventing-mt-broker-filter - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: mt-broker-filter - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-mt-broker-filter - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-eventing-mt-broker-ingress - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: mt-broker-ingress - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-mt-broker-ingress - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mt-broker-filter - namespace: knative-eventing - labels: - app.kubernetes.io/component: broker-filter - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: - eventing.knative.dev/brokerRole: filter - template: - metadata: - labels: - eventing.knative.dev/brokerRole: filter - app.kubernetes.io/component: broker-filter - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing - spec: - serviceAccountName: mt-broker-filter - enableServiceLinks: false - containers: - - name: filter - terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing/cmd/broker/filter@sha256:882dfb9035b03665d92c259848a276ebd12a31a640b50e0fab5bb0a5056db22c - readinessProbe: &probe - failureThreshold: 3 - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 - livenessProbe: - !!merge <<: *probe - initialDelaySeconds: 5 - resources: - requests: - cpu: 100m - memory: 100Mi - ports: - - containerPort: 8080 - name: http - protocol: TCP - - containerPort: 9092 - name: metrics - protocol: TCP - terminationMessagePath: /dev/termination-log - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: CONTAINER_NAME - value: filter - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/internal/eventing - - name: FILTER_PORT - value: "8080" - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault ---- -apiVersion: v1 -kind: Service -metadata: - labels: - eventing.knative.dev/brokerRole: filter - app.kubernetes.io/component: broker-filter - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing - name: broker-filter - namespace: knative-eventing -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 8080 - - name: http-metrics - port: 9092 - protocol: TCP - targetPort: 9092 - selector: - eventing.knative.dev/brokerRole: filter - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mt-broker-ingress - namespace: knative-eventing - labels: - app.kubernetes.io/component: broker-ingress - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: - eventing.knative.dev/brokerRole: ingress - template: - metadata: - labels: - eventing.knative.dev/brokerRole: ingress - app.kubernetes.io/component: broker-ingress - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing - spec: - serviceAccountName: mt-broker-ingress - enableServiceLinks: false - containers: - - name: ingress - terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing/cmd/broker/ingress@sha256:0a3373093d134ac62d0db95bc0b5da35174d179a85e6f49e51d0eff18ba64a5b - readinessProbe: &probe - failureThreshold: 3 - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 - livenessProbe: - !!merge <<: *probe - initialDelaySeconds: 5 - resources: - requests: - cpu: 100m - memory: 100Mi - ports: - - containerPort: 8080 - name: http - protocol: TCP - - containerPort: 9092 - name: metrics - protocol: TCP - terminationMessagePath: /dev/termination-log - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: CONTAINER_NAME - value: ingress - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/internal/eventing - - name: INGRESS_PORT - value: "8080" - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault ---- -apiVersion: v1 -kind: Service -metadata: - labels: - eventing.knative.dev/brokerRole: ingress - app.kubernetes.io/component: broker-ingress - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing - name: broker-ingress - namespace: knative-eventing -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 8080 - - name: http-metrics - port: 9092 - protocol: TCP - targetPort: 9092 - selector: - eventing.knative.dev/brokerRole: ingress - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mt-broker-controller - namespace: knative-eventing - labels: - app.kubernetes.io/component: mt-broker-controller - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -spec: - selector: - matchLabels: - app: mt-broker-controller - template: - metadata: - labels: - app: mt-broker-controller - app.kubernetes.io/component: broker-controller - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: mt-broker-controller - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: eventing-controller - enableServiceLinks: false - containers: - - name: mt-broker-controller - terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtchannel_broker@sha256:22d2662661b6cef8052cec0c95ac43fa26fa84fa71cc184eda1bdd389353beb6 - resources: - requests: - cpu: 100m - memory: 100Mi - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/eventing - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: broker-ingress-hpa - namespace: knative-eventing - labels: - app.kubernetes.io/component: broker-ingress - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: mt-broker-ingress - minReplicas: 1 - maxReplicas: 10 - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 70 ---- -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: broker-filter-hpa - namespace: knative-eventing - labels: - app.kubernetes.io/component: broker-filter - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: mt-broker-filter - minReplicas: 1 - maxReplicas: 10 - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 70 - ---- diff --git a/cmd/operator/kodata/knative-eventing/1.10.5/6-eventing-post-install.yaml b/cmd/operator/kodata/knative-eventing/1.10.5/6-eventing-post-install.yaml deleted file mode 100644 index bedb633a05..0000000000 --- a/cmd/operator/kodata/knative-eventing/1.10.5/6-eventing-post-install.yaml +++ /dev/null @@ -1,226 +0,0 @@ -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-post-install-job-role - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -rules: - # Storage version upgrader needs to be able to patch CRDs. - - apiGroups: - - "apiextensions.k8s.io" - resources: - - "customresourcedefinitions" - - "customresourcedefinitions/status" - verbs: - - "get" - - "list" - - "update" - - "patch" - - "watch" - # Our own resources we care about. - - apiGroups: - - "sources.knative.dev" - resources: - - "apiserversources" - - "apiserversources/finalizers" - - "apiserversources/status" - - "containersources" - - "containersources/finalizers" - - "containersources/status" - - "pingsources" - - "pingsources/finalizers" - - "pingsources/status" - - "sinkbindings" - - "sinkbindings/finalizers" - - "sinkbindings/status" - verbs: - - "get" - - "list" - - "create" - - "update" - - "patch" - - "watch" - - apiGroups: - - "eventing.knative.dev" - resources: - - "brokers" - - "brokers/finalizers" - - "brokers/status" - - "eventtypes" - - "eventtypes/finalizers" - - "eventtypes/status" - - "triggers" - - "triggers/finalizers" - - "triggers/status" - verbs: - - "get" - - "list" - - "create" - - "update" - - "patch" - - "watch" - - apiGroups: - - "messaging.knative.dev" - resources: - - "channels" - - "channels/finalizers" - - "channels/status" - - "inmemorychannels" - - "inmemorychannels/finalizers" - - "inmemorychannels/status" - - "subscriptions" - - "subscriptions/finalizers" - - "subscriptions/status" - verbs: - - "get" - - "list" - - "create" - - "update" - - "patch" - - "watch" - - apiGroups: - - "flows.knative.dev" - resources: - - "parallels" - - "parallels/finalizers" - - "parallels/status" - - "sequences" - - "sequences/finalizers" - - "sequences/status" - verbs: - - "get" - - "list" - - "create" - - "update" - - "patch" - - "watch" - - apiGroups: - - "" - resources: - - "namespaces" - verbs: - - "get" - - "list" - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: knative-eventing-post-install-job - namespace: knative-eventing - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-eventing-post-install-job-role-binding - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-eventing -subjects: - - kind: ServiceAccount - name: knative-eventing-post-install-job - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-post-install-job-role - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: batch/v1 -kind: Job -metadata: - generateName: storage-version-migration-eventing- - namespace: knative-eventing - labels: - app: "storage-version-migration-eventing" - app.kubernetes.io/name: knative-eventing - app.kubernetes.io/component: storage-version-migration-job - app.kubernetes.io/version: "1.10.5" -spec: - ttlSecondsAfterFinished: 600 - backoffLimit: 10 - template: - metadata: - labels: - app: "storage-version-migration-eventing" - app.kubernetes.io/name: knative-eventing - app.kubernetes.io/component: storage-version-migration-job - app.kubernetes.io/version: "1.10.5" - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: knative-eventing-post-install-job - restartPolicy: OnFailure - containers: - - name: migrate - image: gcr.io/knative-releases/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:5de8f929e176b8f4e0b581183e40f1eb4023128476eb77603a759b82b7beb54d - args: - - "apiserversources.sources.knative.dev" - - "brokers.eventing.knative.dev" - - "channels.messaging.knative.dev" - - "containersources.sources.knative.dev" - - "eventtypes.eventing.knative.dev" - - "inmemorychannels.messaging.knative.dev" - - "parallels.flows.knative.dev" - - "pingsources.sources.knative.dev" - - "sequences.flows.knative.dev" - - "sinkbindings.sources.knative.dev" - - "subscriptions.messaging.knative.dev" - - "triggers.eventing.knative.dev" - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ---- diff --git a/cmd/operator/kodata/knative-eventing/1.10.2/1-eventing-crds.yaml b/cmd/operator/kodata/knative-eventing/1.14.0/1-eventing-crds.yaml similarity index 65% rename from cmd/operator/kodata/knative-eventing/1.10.2/1-eventing-crds.yaml rename to cmd/operator/kodata/knative-eventing/1.14.0/1-eventing-crds.yaml index 4d3602e6bd..daba666f12 100644 --- a/cmd/operator/kodata/knative-eventing/1.10.2/1-eventing-crds.yaml +++ b/cmd/operator/kodata/knative-eventing/1.14.0/1-eventing-crds.yaml @@ -20,18 +20,36 @@ metadata: eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.2" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing annotations: - # TODO add schemas and descriptions + # TODO add schemas registry.knative.dev/eventTypes: | [ - { "type": "dev.knative.apiserver.resource.add" }, - { "type": "dev.knative.apiserver.resource.delete" }, - { "type": "dev.knative.apiserver.resource.update" }, - { "type": "dev.knative.apiserver.ref.add" }, - { "type": "dev.knative.apiserver.ref.delete" }, - { "type": "dev.knative.apiserver.ref.update" } + { + "type": "dev.knative.apiserver.resource.add", + "description": "CloudEvent type used for add operations when in Resource mode" + }, + { + "type": "dev.knative.apiserver.resource.delete", + "description": "CloudEvent type used for delete operations when in Resource mode" + }, + { + "type": "dev.knative.apiserver.resource.update", + "description": "CloudEvent type used for update operations when in Resource mode" + }, + { + "type": "dev.knative.apiserver.ref.add", + "description": "CloudEvent type used for add operations when in Reference mode" + }, + { + "type": "dev.knative.apiserver.ref.delete", + "description": "CloudEvent type used for delete operations when in Reference mode" + }, + { + "type": "dev.knative.apiserver.ref.update", + "description": "CloudEvent type used for update operations when in Reference mode" + } ] name: apiserversources.sources.knative.dev spec: @@ -136,6 +154,12 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string namespaceSelector: description: NamespaceSelector is a label selector to capture the namespaces that should be watched by the source. type: object @@ -168,6 +192,13 @@ spec: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string ceAttributes: description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. type: array @@ -214,6 +245,12 @@ spec: sinkUri: description: SinkURI is the current active sink URI that has been configured for the Source. type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + sinkAudience: + description: Audience is the OIDC audience of the sink. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string namespaces: description: Namespaces show the namespaces currently watched by the ApiServerSource type: array @@ -264,7 +301,7 @@ metadata: labels: knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.2" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: group: eventing.knative.dev @@ -332,6 +369,12 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string retry: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer @@ -345,8 +388,28 @@ spec: description: Broker is Addressable. It exposes the endpoint as an URI to get events delivered into the Broker mesh. type: object properties: + name: + type: string url: type: string + CACerts: + type: string + audience: + type: string + addresses: + description: Broker is Addressable. It exposes the endpoints as URIs to get events delivered into the Broker mesh. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string annotations: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object @@ -381,6 +444,12 @@ spec: deadLetterSinkUri: description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. type: string + deadLetterSinkCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + deadLetterSinkAudience: + description: OIDC audience of the dead letter sink. + type: string observedGeneration: description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer @@ -435,7 +504,7 @@ metadata: knative.dev/crd-install: "true" messaging.knative.dev/subscribable: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.2" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: group: messaging.knative.dev @@ -514,6 +583,12 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string retry: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer @@ -567,24 +642,67 @@ spec: description: Generation of the origin of the subscriber with uid:UID. type: integer format: int64 + name: + description: The name of the subscription + type: string replyUri: description: ReplyURI is the endpoint for the reply type: string + replyCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + replyAudience: + description: ReplyAudience is the OIDC audience for the replyUri. + type: string subscriberUri: description: SubscriberURI is the endpoint for the subscriber type: string + subscriberCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + subscriberAudience: + description: SubscriberAudience is the OIDC audience for the subscriberUri. + type: string uid: description: UID is used to understand the origin of the subscriber. type: string + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string status: description: Status represents the current state of the Channel. This data may be out of date. type: object properties: address: + description: Channel is Addressable. It exposes the endpoint as an URI to get events delivered into the Channel mesh. type: object properties: + name: + type: string url: type: string + CACerts: + type: string + audience: + type: string + addresses: + description: Channel is Addressable. It exposes the endpoints as URIs to get events delivered into the Channel mesh. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string annotations: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object @@ -651,6 +769,12 @@ spec: deadLetterSinkUri: description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. type: string + deadLetterSinkCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + deadLetterSinkAudience: + description: OIDC audience of the dead letter sink. + type: string observedGeneration: description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer @@ -674,6 +798,13 @@ spec: uid: description: UID is used to understand the origin of the subscriber. type: string + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string names: kind: Channel plural: channels @@ -709,7 +840,7 @@ metadata: eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.2" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing name: containersources.sources.knative.dev spec: @@ -759,6 +890,12 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string # WARNING: the schema tool can not parse PodTemplateSpec, stub here and redirect to Deployment documentation. template: type: object @@ -771,6 +908,13 @@ spec: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string ceAttributes: description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. type: array @@ -817,6 +961,12 @@ spec: sinkUri: description: SinkURI is the current active sink URI that has been configured for the Source. type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + sinkAudience: + description: Audience is the OIDC audience of the sink. + type: string additionalPrinterColumns: - name: Sink type: string @@ -860,12 +1010,123 @@ metadata: name: eventtypes.eventing.knative.dev labels: knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.2" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: group: eventing.knative.dev versions: - - name: v1beta1 + - name: v1beta3 + served: false + storage: false + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + description: 'EventType represents a type of event that can be consumed from a resource.' + properties: + spec: + description: 'Spec defines the desired state of the EventType.' + type: object + properties: + reference: + description: Reference a resource. For example, Broker. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is an optional field, it gets defaulted to the object holding it if left out.' + type: string + description: + description: 'Description is an optional field used to describe the EventType, in any meaningful way.' + type: string + attributes: + description: "CloudEvent attribute and extension attributes." + type: array + items: + type: object + required: + - name + properties: + name: + type: string + description: "Name of the CloudEvent attribute." + required: + type: boolean + description: "Indicates whether the attribute is required." + value: + type: string + description: "Value of the attribute. May be a template string using curly brackets {} to represent variable sections of the string." + status: + description: 'Status represents the current state of the EventType. This data may be out of date.' + type: object + properties: + annotations: + description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + type: object + x-kubernetes-preserve-unknown-fields: true + conditions: + description: 'Conditions the latest available observations of a resource''s current state.' + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' + type: integer + format: int64 + additionalPrinterColumns: + - name: Type + type: string + jsonPath: ".spec.attributes[?(@.name='type')].value" + - name: Source + type: string + jsonPath: ".spec.attributes[?(@.name='source')].value" + - name: Reference Name + type: string + jsonPath: ".spec.reference.name" + - name: Reference Kind + type: string + jsonPath: ".spec.reference.kind" + - name: Description + type: string + jsonPath: ".spec.description" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + - name: v1beta2 served: true storage: true subresources: @@ -873,7 +1134,7 @@ spec: schema: openAPIV3Schema: type: object - description: 'EventType represents a type of event that can be consumed from a Broker.' + description: 'EventType represents a type of event that can be consumed from a resource.' properties: spec: description: 'Spec defines the desired state of the EventType.' @@ -881,6 +1142,22 @@ spec: properties: broker: type: string + reference: + description: Reference a resource. For example, Broker. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is an optional field, it gets defaulted to the object holding it if left out.' + type: string description: description: 'Description is an optional field used to describe the EventType, in any meaningful way.' type: string @@ -945,19 +1222,138 @@ spec: - name: Schema type: string jsonPath: ".spec.schema" - - name: Broker + - name: Reference Name + type: string + jsonPath: ".spec.reference.name" + - name: Reference Kind type: string - jsonPath: ".spec.broker" + jsonPath: ".spec.reference.kind" - name: Description type: string jsonPath: ".spec.description" - # TODO remove Status https://github.com/knative/eventing/issues/2750 - name: Ready type: string jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - name: Reason type: string jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + - name: v1beta1 + served: true + storage: false + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + description: 'EventType represents a type of event that can be consumed from a resource.' + properties: + spec: + description: 'Spec defines the desired state of the EventType.' + type: object + properties: + broker: + type: string + reference: + description: Reference a resource. For example, Broker. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is an optional field, it gets defaulted to the object holding it if left out.' + type: string + description: + description: 'Description is an optional field used to describe the EventType, in any meaningful way.' + type: string + schema: + description: 'Schema is a URI, it represents the CloudEvents schemaurl extension attribute. It may be a JSON schema, a protobuf schema, etc. It is optional.' + type: string + schemaData: + description: 'SchemaData allows the CloudEvents schema to be stored directly in the EventType. Content is dependent on the encoding. Optional attribute. The contents are not validated or manipulated by the system.' + type: string + source: + description: 'Source is a URI, it represents the CloudEvents source.' + type: string + type: + description: 'Type represents the CloudEvents type. It is authoritative.' + type: string + status: + description: 'Status represents the current state of the EventType. This data may be out of date.' + type: object + properties: + annotations: + description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + type: object + x-kubernetes-preserve-unknown-fields: true + conditions: + description: 'Conditions the latest available observations of a resource''s current state.' + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' + type: integer + format: int64 + additionalPrinterColumns: + - name: Type + type: string + jsonPath: ".spec.type" + - name: Source + type: string + jsonPath: ".spec.source" + - name: Schema + type: string + jsonPath: ".spec.schema" + - name: Reference Name + type: string + jsonPath: ".spec.reference.name" + - name: Reference Kind + type: string + jsonPath: ".spec.reference.kind" + - name: Description + type: string + jsonPath: ".spec.description" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + # This indicates the v1beta1 version of the custom resource is deprecated. + # API requests to this version receive a warning header in the server response. + deprecated: true + # This overrides the default warning returned to API clients making v1beta1 API requests. + deprecationWarning: "eventing.knative.dev/v1beta1 EventType is deprecated; see https://knative.dev/docs/eventing/event-registry/ for instructions to migrate to eventing.knative.dev/v1beta2 EventType" + # v1beta1 schema is identical to the v1beta2 schema names: kind: EventType plural: eventtypes @@ -967,6 +1363,14 @@ spec: - knative - eventing scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: eventing-webhook + namespace: knative-eventing --- # Copyright 2020 The Knative Authors @@ -989,7 +1393,7 @@ metadata: labels: knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.2" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: group: flows.knative.dev @@ -1028,7 +1432,7 @@ spec: deadLetterSink: description: DeadLetterSink is the sink receiving event that could not be sent to a destination. type: object - properties: &addressableProperties + properties: ref: description: Ref points to an Addressable. type: object @@ -1048,6 +1452,12 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string retry: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer @@ -1057,17 +1467,89 @@ spec: description: Filter is the expression guarding the branch type: object properties: - !!merge <<: *addressableProperties + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string reply: description: Reply is a Reference to where the result of Subscriber of this case gets sent to. If not specified, sent the result to the Parallel Reply type: object properties: - !!merge <<: *addressableProperties + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string subscriber: description: Subscriber receiving the event when the filter passes type: object properties: - !!merge <<: *addressableProperties + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string channelTemplate: description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). type: object @@ -1086,20 +1568,72 @@ spec: description: Reply is a Reference to where the result of a case Subscriber gets sent to when the case does not have a Reply type: object properties: - !!merge <<: *addressableProperties + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string status: description: Status represents the current state of the Parallel. This data may be out of date. type: object properties: address: + description: Parallel is Addressable. It exposes the endpoint as an URI to get events delivered into the Parallel. type: object properties: + name: + type: string url: type: string + CACerts: + type: string + audience: + type: string + addresses: + description: Parallel is Addressable. It exposes the endpoints as URIs to get events delivered into the Parallel. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string annotations: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string branchStatuses: description: BranchStatuses is an array of corresponding to branch statuses. Matches the Spec.Branches array in the order. type: array @@ -1109,11 +1643,11 @@ spec: filterChannelStatus: description: FilterChannelStatus corresponds to the filter channel status. type: object - properties: &channelProperties + properties: channel: description: Channel is the reference to the underlying channel. type: object - properties: &referentProperties + properties: apiVersion: description: API version of the referent. type: string @@ -1139,7 +1673,7 @@ spec: description: ReadyCondition indicates whether the Channel is ready or not. type: object x-kubernetes-preserve-unknown-fields: true - properties: &readyConditionProperties + properties: message: description: A human readable message indicating details about the transition. type: string @@ -1163,12 +1697,46 @@ spec: description: ReadyCondition indicates whether the Subscription is ready or not. type: object properties: - !!merge <<: *readyConditionProperties + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string subscription: description: Subscription is the reference to the underlying Subscription. type: object properties: - !!merge <<: *referentProperties + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string subscriberSubscriptionStatus: description: SubscriptionStatus corresponds to the subscriber subscription status. type: object @@ -1177,24 +1745,116 @@ spec: description: ReadyCondition indicates whether the Subscription is ready or not. type: object properties: - !!merge <<: *readyConditionProperties + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string subscription: description: Subscription is the reference to the underlying Subscription. type: object properties: - !!merge <<: *referentProperties + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string conditions: description: Conditions the latest available observations of a resource's current state. type: array items: type: object properties: - !!merge <<: *readyConditionProperties + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string ingressChannelStatus: description: IngressChannelStatus corresponds to the ingress channel status. type: object properties: - !!merge <<: *channelProperties + channel: + description: Channel is the reference to the underlying channel. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + ready: + description: ReadyCondition indicates whether the Channel is ready or not. + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string observedGeneration: description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer @@ -1244,22 +1904,24 @@ metadata: eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.2" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing annotations: - # TODO add schemas and descriptions + # TODO add schema registry.knative.dev/eventTypes: | [ - { "type": "dev.knative.sources.ping" } + { + "type": "dev.knative.sources.ping", + "description": "CloudEvent type for fixed payloads on a specified cron schedule" + } ] name: pingsources.sources.knative.dev spec: group: sources.knative.dev versions: - - &version - name: v1beta2 + - name: v1 served: true - storage: false + storage: true subresources: status: {} schema: @@ -1316,6 +1978,12 @@ spec: uri: description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string timezone: description: 'Timezone modifies the actual time relative to the specified timezone. Defaults to the system time zone. More general information about time zones: https://www.iana.org/time-zones List of valid timezone values: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones' type: string @@ -1327,6 +1995,13 @@ spec: description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' type: object x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string ceAttributes: description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' type: array @@ -1373,6 +2048,12 @@ spec: sinkUri: description: 'SinkURI is the current active sink URI that has been configured for the Source.' type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + sinkAudience: + description: sinkAudience is the OIDC audience of the sink. + type: string additionalPrinterColumns: - name: Sink type: string @@ -1389,10 +2070,162 @@ spec: - name: Reason type: string jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - !!merge <<: *version - name: v1 + - name: v1beta2 served: true - storage: true + storage: false + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + description: 'PingSource describes an event source with a fixed payload produced on a specified cron schedule.' + properties: + spec: + type: object + description: 'PingSourceSpec defines the desired state of the PingSource (from the client).' + properties: + ceOverrides: + description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' + type: object + properties: + extensions: + description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' + type: object + additionalProperties: + type: string + x-kubernetes-preserve-unknown-fields: true + contentType: + description: 'ContentType is the media type of `data` or `dataBase64`. Default is empty.' + type: string + data: + description: 'Data is data used as the body of the event posted to the sink. Default is empty. Mutually exclusive with `dataBase64`.' + type: string + dataBase64: + description: "DataBase64 is the base64-encoded string of the actual event's body posted to the sink. Default is empty. Mutually exclusive with `data`." + type: string + schedule: + description: 'Schedule is the cron schedule. Defaults to `* * * * *`.' + type: string + sink: + description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' + type: object + properties: + ref: + description: 'Ref points to an Addressable.' + type: object + properties: + apiVersion: + description: 'API version of the referent.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' + type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + timezone: + description: 'Timezone modifies the actual time relative to the specified timezone. Defaults to the system time zone. More general information about time zones: https://www.iana.org/time-zones List of valid timezone values: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones' + type: string + status: + type: object + description: 'PingSourceStatus defines the observed state of PingSource (from the controller).' + properties: + annotations: + description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + ceAttributes: + description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' + type: array + items: + type: object + properties: + source: + description: 'Source is the CloudEvents source attribute.' + type: string + type: + description: 'Type refers to the CloudEvent type attribute.' + type: string + conditions: + description: 'Conditions the latest available observations of a resource''s current state.' + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' + type: integer + format: int64 + sinkUri: + description: 'SinkURI is the current active sink URI that has been configured for the Source.' + type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + sinkAudience: + description: sinkAudience is the OIDC audience of the sink. + type: string + additionalPrinterColumns: + - name: Sink + type: string + jsonPath: .status.sinkUri + - name: Schedule + type: string + jsonPath: .spec.schedule + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + # This indicates the v1beta2 version of the custom resource is deprecated. + # API requests to this version receive a warning header in the server response. + deprecated: true + # This overrides the default warning returned to API clients making v1beta2 API requests. + deprecationWarning: "sources.knative.dev/v1beta2 PingSource is deprecated; see https://knative.dev/docs/eventing/sources/ping-source/ for instructions to migrate to sources.knative.dev/v1 PingSource" # v1 schema is identical to the v1beta2 schema names: categories: @@ -1433,7 +2266,7 @@ metadata: labels: knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.2" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: group: flows.knative.dev @@ -1489,6 +2322,12 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + type: string + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the reply. + audience: + description: Audience is the OIDC audience of the reply. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string steps: description: Steps is the list of Destinations (processors / functions) that will be called in the order provided. Each step has its own delivery options type: array @@ -1528,6 +2367,12 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string retry: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer @@ -1552,19 +2397,53 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string status: description: Status represents the current state of the Sequence. This data may be out of date. type: object properties: address: + description: Sequence is Addressable. It exposes the endpoint as an URI to get events delivered into the Sequence. type: object properties: + name: + type: string url: type: string + CACerts: + type: string + audience: + type: string + addresses: + description: Sequence is Addressable. It exposes the endpoints as URIs to get events delivered into the Sequence. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string annotations: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string channelStatuses: description: ChannelStatuses is an array of corresponding Channel statuses. Matches the Spec.Steps array in the order. type: array @@ -1754,7 +2633,7 @@ metadata: duck.knative.dev/source: "true" duck.knative.dev/binding: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.2" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing name: sinkbindings.sources.knative.dev spec: @@ -1804,6 +2683,12 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string subject: description: Subject references the resource(s) whose "runtime contract" should be augmented by Binding implementations. type: object @@ -1852,6 +2737,13 @@ spec: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string ceAttributes: description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. type: array @@ -1898,6 +2790,15 @@ spec: sinkUri: description: SinkURI is the current active sink URI that has been configured for the Source. type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + sinkAudience: + description: Audience is the OIDC audience of the sink. + type: string + oidcTokenSecretName: + description: Name of the secret with the OIDC token for the sink. + type: string additionalPrinterColumns: - name: Sink type: string @@ -1942,7 +2843,7 @@ metadata: name: subscriptions.messaging.knative.dev labels: knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.2" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: group: messaging.knative.dev @@ -1961,7 +2862,7 @@ spec: type: object properties: channel: - description: 'Reference to a channel that will be used to create the subscription. You can specify only the following fields of the KReference: kind, apiVersion and name. The resource pointed by this KReference must meet the contract to the ChannelableSpec duck type. If the resource does not meet this contract it will be reflected in the Subscription''s status. This field is immutable. We have no good answer on what happens to the events that are currently in the channel being consumed from and what the semantics there should be. For now, you can always delete the Subscription and recreate it to point to a different channel, giving the user more control over what semantics should be used (drain the channel first, possibly have events dropped, etc.)' + description: 'Reference to a channel that will be used to create the subscription. You can specify only the following fields of the KReference: kind, apiVersion, name and namespace. The resource pointed by this KReference must meet the contract to the ChannelableSpec duck type. If the resource does not meet this contract it will be reflected in the Subscription''s status. This field is immutable. We have no good answer on what happens to the events that are currently in the channel being consumed from and what the semantics there should be. For now, you can always delete the Subscription and recreate it to point to a different channel, giving the user more control over what semantics should be used (drain the channel first, possibly have events dropped, etc.)' type: object properties: apiVersion: @@ -1973,6 +2874,9 @@ spec: name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery: description: Delivery configuration @@ -2007,6 +2911,12 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string retry: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer @@ -2035,6 +2945,12 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string subscriber: description: Subscriber is reference to (optional) function for processing events. Events from the Channel will be delivered here and replies are sent to a Destination as specified by the Reply. type: object @@ -2059,6 +2975,12 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the subscription trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string status: type: object properties: @@ -2066,6 +2988,13 @@ spec: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string conditions: description: Conditions the latest available observations of a resource's current state. type: array @@ -2104,12 +3033,30 @@ spec: deadLetterSinkUri: description: ReplyURI is the fully resolved URI for the spec.delivery.deadLetterSink. type: string + deadLetterSinkCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + deadLetterSinkAudience: + description: OIDC audience of the dead letter sink. + type: string replyUri: description: ReplyURI is the fully resolved URI for the spec.reply. type: string + replyCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + replyAudience: + description: ReplyAudience is the OIDC audience for the replyUri. + type: string subscriberUri: description: SubscriberURI is the fully resolved URI for spec.subscriber. type: string + subscriberCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + subscriberAudience: + description: SubscriberAudience is the OIDC audience for the subscriberUri. + type: string additionalPrinterColumns: - name: Age type: date @@ -2153,7 +3100,7 @@ metadata: name: triggers.eventing.knative.dev labels: knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.2" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: group: eventing.knative.dev @@ -2192,6 +3139,22 @@ spec: broker: description: Broker is the broker that this trigger receives events from. type: string + brokerRef: + description: 'Reference to a broker that is enabled for cross-namespace referencing. You can specify only the following fields of the KReference: kind, apiVersion, name and namespace.' + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string delivery: description: Delivery contains the delivery spec for this specific trigger. type: object @@ -2226,6 +3189,12 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string retry: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer @@ -2261,6 +3230,12 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string status: description: Status represents the current state of the Trigger. This data may be out of date. type: object @@ -2269,6 +3244,13 @@ spec: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string conditions: description: Conditions the latest available observations of a resource's current state. type: array @@ -2299,6 +3281,12 @@ spec: deadLetterSinkUri: description: DeadLetterSinkURI is the resolved URI of the dead letter sink for this Trigger, in case there is none this will fallback to it's Broker status DeadLetterSinkURI. type: string + deadLetterSinkCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + deadLetterSinkAudience: + description: OIDC audience of the dead letter sink. + type: string observedGeneration: description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer @@ -2306,6 +3294,12 @@ spec: subscriberUri: description: SubscriberURI is the resolved URI of the receiver for this Trigger. type: string + subscriberCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + subscriberAudience: + description: OIDC audience of the subscriber. + type: string names: kind: Trigger plural: triggers diff --git a/cmd/operator/kodata/knative-eventing/1.10.4/2-eventing-core.yaml b/cmd/operator/kodata/knative-eventing/1.14.0/2-eventing-core.yaml similarity index 72% rename from cmd/operator/kodata/knative-eventing/1.10.4/2-eventing-core.yaml rename to cmd/operator/kodata/knative-eventing/1.14.0/2-eventing-core.yaml index 2072628e4b..634b6ddc9d 100644 --- a/cmd/operator/kodata/knative-eventing/1.10.4/2-eventing-core.yaml +++ b/cmd/operator/kodata/knative-eventing/1.14.0/2-eventing-core.yaml @@ -16,7 +16,7 @@ kind: Namespace metadata: name: knative-eventing labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing --- @@ -40,7 +40,7 @@ metadata: name: eventing-controller namespace: knative-eventing labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing --- apiVersion: rbac.authorization.k8s.io/v1 @@ -48,7 +48,7 @@ kind: ClusterRoleBinding metadata: name: eventing-controller labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -64,7 +64,7 @@ kind: ClusterRoleBinding metadata: name: eventing-controller-resolver labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -80,7 +80,7 @@ kind: ClusterRoleBinding metadata: name: eventing-controller-source-observer labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -96,7 +96,7 @@ kind: ClusterRoleBinding metadata: name: eventing-controller-sources-controller labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -112,7 +112,7 @@ kind: ClusterRoleBinding metadata: name: eventing-controller-manipulator labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -144,7 +144,7 @@ metadata: name: pingsource-mt-adapter namespace: knative-eventing labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing --- apiVersion: rbac.authorization.k8s.io/v1 @@ -152,7 +152,7 @@ kind: ClusterRoleBinding metadata: name: knative-eventing-pingsource-mt-adapter labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -184,7 +184,7 @@ metadata: name: eventing-webhook namespace: knative-eventing labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing --- apiVersion: rbac.authorization.k8s.io/v1 @@ -192,7 +192,7 @@ kind: ClusterRoleBinding metadata: name: eventing-webhook labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -209,7 +209,7 @@ metadata: namespace: knative-eventing name: eventing-webhook labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -225,7 +225,7 @@ kind: ClusterRoleBinding metadata: name: eventing-webhook-resolver labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -241,7 +241,7 @@ kind: ClusterRoleBinding metadata: name: eventing-webhook-podspecable-binding labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -273,7 +273,7 @@ metadata: name: config-br-default-channel namespace: knative-eventing labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing data: channel-template-spec: | @@ -301,7 +301,7 @@ metadata: name: config-br-defaults namespace: knative-eventing labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing data: # Configures the default for any Broker that does not specify a spec.config or Broker class. @@ -338,7 +338,7 @@ metadata: name: default-ch-webhook namespace: knative-eventing labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing data: # Configuration for defaulting channels that do not specify CRD implementations. @@ -371,10 +371,9 @@ kind: ConfigMap metadata: name: config-ping-defaults namespace: knative-eventing - labels: annotations: knative.dev/example-checksum: "9185c153" - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing data: _example: | @@ -420,7 +419,7 @@ metadata: labels: knative.dev/config-propagation: original knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing data: # ALPHA feature: The kreference-group allows you to use the Group field in KReferences. @@ -435,13 +434,22 @@ data: # ALPHA feature: The kreference-mapping allows you to map kreference onto templated URI # For more details: https://github.com/knative/eventing/issues/5593 kreference-mapping: "disabled" - # ALPHA feature: The new-trigger-filters flag allows you to use the new `filters` field + # BETA feature: The new-trigger-filters flag allows you to use the new `filters` field # in Trigger objects with its rich filtering capabilities. # For more details: https://github.com/knative/eventing/issues/5204 - new-trigger-filters: "disabled" + new-trigger-filters: "enabled" # ALPHA feature: The transport-encryption flag allows you to encrypt events in transit using the transport layer security (TLS) protocol. # For more details: https://github.com/knative/eventing/issues/5957 transport-encryption: "disabled" + # ALPHA feature: The eventtype-auto-create flag allows automatic creation of Even Type instances based on Event's type being processed. + # For more details: https://github.com/knative/eventing/issues/6909 + eventtype-auto-create: "disabled" + # ALPHA feature: The aauthentication-oidc flag allows you to use OIDC authentication for Eventing. + # For more details: https://github.com/knative/eventing/issues/7174 + authentication-oidc: "disabled" + # ALPHA feature: The cross-namespace-event-links flag allows you to use cross-namespace referencing for Eventing. + # For more details: https://github.com/knative/eventing/issues/7739 + cross-namespace-event-links: "disabled" --- # Copyright 2021 The Knative Authors @@ -512,7 +520,7 @@ metadata: name: config-leader-election namespace: knative-eventing labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing annotations: knative.dev/example-checksum: "f7948630" @@ -575,7 +583,7 @@ metadata: labels: knative.dev/config-propagation: original knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing data: # Common configuration for all Knative codebase @@ -628,7 +636,7 @@ metadata: labels: knative.dev/config-propagation: original knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing annotations: knative.dev/example-checksum: "f46cf09d" @@ -702,7 +710,7 @@ metadata: name: config-sugar namespace: knative-eventing labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing annotations: knative.dev/example-checksum: "62dfac6f" @@ -761,7 +769,7 @@ metadata: labels: knative.dev/config-propagation: original knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing annotations: knative.dev/example-checksum: "0492ceb0" @@ -818,7 +826,7 @@ metadata: labels: knative.dev/high-availability: "true" app.kubernetes.io/component: eventing-controller - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: selector: @@ -829,7 +837,7 @@ spec: labels: app: eventing-controller app.kubernetes.io/component: eventing-controller - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: # To avoid node becoming SPOF, spread our replicas to different nodes. @@ -847,7 +855,7 @@ spec: containers: - name: eventing-controller terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing/cmd/controller@sha256:f495fd0d887d762b41939f86a1f4b6d7a4cd70676360f93b11d9a1468abf92f0 + image: gcr.io/knative-releases/knative.dev/eventing/cmd/controller@sha256:1128802374bc637ee112c99197fdf9fcab2c277dd099a18bebf44b60987167b2 resources: requests: cpu: 100m @@ -865,7 +873,7 @@ spec: value: knative.dev/eventing # APIServerSource - name: APISERVER_RA_IMAGE - value: gcr.io/knative-releases/knative.dev/eventing/cmd/apiserver_receive_adapter@sha256:03711b8ce889f4bb1077f9604a36325e9b27e60bc74146ae7a5c6adce703e1d6 + value: gcr.io/knative-releases/knative.dev/eventing/cmd/apiserver_receive_adapter@sha256:028bfb89cb7376a8140f8b96acb91a56e1302f9a80cf0b5c6c6b9f904d52379d - name: POD_NAME valueFrom: fieldRef: @@ -935,21 +943,22 @@ metadata: namespace: knative-eventing labels: app.kubernetes.io/component: pingsource-mt-adapter - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: # when set to 0 (and only 0) will be set to 1 when the first PingSource is created. replicas: 0 selector: - matchLabels: &labels + matchLabels: eventing.knative.dev/source: ping-source-controller sources.knative.dev/role: adapter template: metadata: labels: - !!merge <<: *labels + eventing.knative.dev/source: ping-source-controller + sources.knative.dev/role: adapter app.kubernetes.io/component: pingsource-mt-adapter - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: affinity: @@ -957,13 +966,15 @@ spec: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: - matchLabels: *labels + matchLabels: + eventing.knative.dev/source: ping-source-controller + sources.knative.dev/role: adapter topologyKey: kubernetes.io/hostname weight: 100 enableServiceLinks: false containers: - name: dispatcher - image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtping@sha256:ede8d0e9657a5ac4ebaa18565009d5fcf6cbfe6ac921cd4b4557ec6ddcadd073 + image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtping@sha256:94490342d5d36236e103f2b703e295e6c36a2829e9e9a033411e7f37e1340052 env: - name: SYSTEM_NAMESPACE value: '' @@ -1037,7 +1048,7 @@ metadata: namespace: knative-eventing labels: app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: scaleTargetRef: @@ -1062,7 +1073,7 @@ metadata: namespace: knative-eventing labels: app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: minAvailable: 80% @@ -1092,19 +1103,20 @@ metadata: namespace: knative-eventing labels: app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: selector: - matchLabels: &labels + matchLabels: app: eventing-webhook role: eventing-webhook template: metadata: labels: - !!merge <<: *labels + app: eventing-webhook + role: eventing-webhook app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: # To avoid node becoming SPOF, spread our replicas to different nodes. @@ -1124,7 +1136,7 @@ spec: terminationMessagePolicy: FallbackToLogsOnError # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-releases/knative.dev/eventing/cmd/webhook@sha256:6b1171d4e1b29202162a656d66eab75391cf79b25c2a3ce3237fc0443c29c220 + image: gcr.io/knative-releases/knative.dev/eventing/cmd/webhook@sha256:974d97db4f9030a3f0e4981d4d896f65abcba406dcd6c5cd4110f1a47a199e92 resources: requests: # taken from serving. @@ -1176,7 +1188,7 @@ spec: containerPort: 9090 - name: profiling containerPort: 8008 - readinessProbe: &probe + readinessProbe: periodSeconds: 1 httpGet: scheme: HTTPS @@ -1185,7 +1197,13 @@ spec: - name: k-kubelet-probe value: "webhook" livenessProbe: - !!merge <<: *probe + periodSeconds: 1 + httpGet: + scheme: HTTPS + port: 8443 + httpHeaders: + - name: k-kubelet-probe + value: "webhook" initialDelaySeconds: 120 # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently # high value that we respect whatever value it has configured for the lame duck grace period. @@ -1197,7 +1215,7 @@ metadata: labels: role: eventing-webhook app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing name: eventing-webhook namespace: knative-eventing @@ -1232,18 +1250,36 @@ metadata: eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing annotations: - # TODO add schemas and descriptions + # TODO add schemas registry.knative.dev/eventTypes: | [ - { "type": "dev.knative.apiserver.resource.add" }, - { "type": "dev.knative.apiserver.resource.delete" }, - { "type": "dev.knative.apiserver.resource.update" }, - { "type": "dev.knative.apiserver.ref.add" }, - { "type": "dev.knative.apiserver.ref.delete" }, - { "type": "dev.knative.apiserver.ref.update" } + { + "type": "dev.knative.apiserver.resource.add", + "description": "CloudEvent type used for add operations when in Resource mode" + }, + { + "type": "dev.knative.apiserver.resource.delete", + "description": "CloudEvent type used for delete operations when in Resource mode" + }, + { + "type": "dev.knative.apiserver.resource.update", + "description": "CloudEvent type used for update operations when in Resource mode" + }, + { + "type": "dev.knative.apiserver.ref.add", + "description": "CloudEvent type used for add operations when in Reference mode" + }, + { + "type": "dev.knative.apiserver.ref.delete", + "description": "CloudEvent type used for delete operations when in Reference mode" + }, + { + "type": "dev.knative.apiserver.ref.update", + "description": "CloudEvent type used for update operations when in Reference mode" + } ] name: apiserversources.sources.knative.dev spec: @@ -1348,6 +1384,12 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string namespaceSelector: description: NamespaceSelector is a label selector to capture the namespaces that should be watched by the source. type: object @@ -1380,6 +1422,13 @@ spec: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string ceAttributes: description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. type: array @@ -1426,6 +1475,12 @@ spec: sinkUri: description: SinkURI is the current active sink URI that has been configured for the Source. type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + sinkAudience: + description: Audience is the OIDC audience of the sink. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string namespaces: description: Namespaces show the namespaces currently watched by the ApiServerSource type: array @@ -1476,7 +1531,7 @@ metadata: labels: knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: group: eventing.knative.dev @@ -1544,6 +1599,12 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string retry: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer @@ -1557,8 +1618,28 @@ spec: description: Broker is Addressable. It exposes the endpoint as an URI to get events delivered into the Broker mesh. type: object properties: + name: + type: string url: type: string + CACerts: + type: string + audience: + type: string + addresses: + description: Broker is Addressable. It exposes the endpoints as URIs to get events delivered into the Broker mesh. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string annotations: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object @@ -1593,6 +1674,12 @@ spec: deadLetterSinkUri: description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. type: string + deadLetterSinkCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + deadLetterSinkAudience: + description: OIDC audience of the dead letter sink. + type: string observedGeneration: description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer @@ -1647,7 +1734,7 @@ metadata: knative.dev/crd-install: "true" messaging.knative.dev/subscribable: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: group: messaging.knative.dev @@ -1726,6 +1813,12 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string retry: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer @@ -1779,24 +1872,67 @@ spec: description: Generation of the origin of the subscriber with uid:UID. type: integer format: int64 + name: + description: The name of the subscription + type: string replyUri: description: ReplyURI is the endpoint for the reply type: string + replyCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + replyAudience: + description: ReplyAudience is the OIDC audience for the replyUri. + type: string subscriberUri: description: SubscriberURI is the endpoint for the subscriber type: string + subscriberCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + subscriberAudience: + description: SubscriberAudience is the OIDC audience for the subscriberUri. + type: string uid: description: UID is used to understand the origin of the subscriber. type: string + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string status: description: Status represents the current state of the Channel. This data may be out of date. type: object properties: address: + description: Channel is Addressable. It exposes the endpoint as an URI to get events delivered into the Channel mesh. type: object properties: + name: + type: string url: type: string + CACerts: + type: string + audience: + type: string + addresses: + description: Channel is Addressable. It exposes the endpoints as URIs to get events delivered into the Channel mesh. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string annotations: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object @@ -1863,6 +1999,12 @@ spec: deadLetterSinkUri: description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. type: string + deadLetterSinkCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + deadLetterSinkAudience: + description: OIDC audience of the dead letter sink. + type: string observedGeneration: description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer @@ -1886,6 +2028,13 @@ spec: uid: description: UID is used to understand the origin of the subscriber. type: string + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string names: kind: Channel plural: channels @@ -1921,7 +2070,7 @@ metadata: eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing name: containersources.sources.knative.dev spec: @@ -1971,6 +2120,12 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string # WARNING: the schema tool can not parse PodTemplateSpec, stub here and redirect to Deployment documentation. template: type: object @@ -1983,6 +2138,13 @@ spec: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string ceAttributes: description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. type: array @@ -2029,6 +2191,12 @@ spec: sinkUri: description: SinkURI is the current active sink URI that has been configured for the Source. type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + sinkAudience: + description: Audience is the OIDC audience of the sink. + type: string additionalPrinterColumns: - name: Sink type: string @@ -2072,12 +2240,123 @@ metadata: name: eventtypes.eventing.knative.dev labels: knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: group: eventing.knative.dev versions: - - name: v1beta1 + - name: v1beta3 + served: false + storage: false + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + description: 'EventType represents a type of event that can be consumed from a resource.' + properties: + spec: + description: 'Spec defines the desired state of the EventType.' + type: object + properties: + reference: + description: Reference a resource. For example, Broker. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is an optional field, it gets defaulted to the object holding it if left out.' + type: string + description: + description: 'Description is an optional field used to describe the EventType, in any meaningful way.' + type: string + attributes: + description: "CloudEvent attribute and extension attributes." + type: array + items: + type: object + required: + - name + properties: + name: + type: string + description: "Name of the CloudEvent attribute." + required: + type: boolean + description: "Indicates whether the attribute is required." + value: + type: string + description: "Value of the attribute. May be a template string using curly brackets {} to represent variable sections of the string." + status: + description: 'Status represents the current state of the EventType. This data may be out of date.' + type: object + properties: + annotations: + description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + type: object + x-kubernetes-preserve-unknown-fields: true + conditions: + description: 'Conditions the latest available observations of a resource''s current state.' + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' + type: integer + format: int64 + additionalPrinterColumns: + - name: Type + type: string + jsonPath: ".spec.attributes[?(@.name='type')].value" + - name: Source + type: string + jsonPath: ".spec.attributes[?(@.name='source')].value" + - name: Reference Name + type: string + jsonPath: ".spec.reference.name" + - name: Reference Kind + type: string + jsonPath: ".spec.reference.kind" + - name: Description + type: string + jsonPath: ".spec.description" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + - name: v1beta2 served: true storage: true subresources: @@ -2085,7 +2364,7 @@ spec: schema: openAPIV3Schema: type: object - description: 'EventType represents a type of event that can be consumed from a Broker.' + description: 'EventType represents a type of event that can be consumed from a resource.' properties: spec: description: 'Spec defines the desired state of the EventType.' @@ -2093,6 +2372,22 @@ spec: properties: broker: type: string + reference: + description: Reference a resource. For example, Broker. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is an optional field, it gets defaulted to the object holding it if left out.' + type: string description: description: 'Description is an optional field used to describe the EventType, in any meaningful way.' type: string @@ -2157,110 +2452,243 @@ spec: - name: Schema type: string jsonPath: ".spec.schema" - - name: Broker + - name: Reference Name + type: string + jsonPath: ".spec.reference.name" + - name: Reference Kind type: string - jsonPath: ".spec.broker" + jsonPath: ".spec.reference.kind" - name: Description type: string jsonPath: ".spec.description" - # TODO remove Status https://github.com/knative/eventing/issues/2750 - name: Ready type: string jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - name: Reason type: string jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: EventType - plural: eventtypes - singular: eventtype - categories: - - all - - knative - - eventing - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: parallels.flows.knative.dev - labels: - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-eventing -spec: - group: flows.knative.dev - versions: - - name: v1 + - name: v1beta1 served: true - storage: true + storage: false subresources: status: {} schema: openAPIV3Schema: - description: 'Parallel defines conditional branches that will be wired in series through Channels and Subscriptions.' type: object + description: 'EventType represents a type of event that can be consumed from a resource.' properties: spec: - description: Spec defines the desired state of the Parallel. + description: 'Spec defines the desired state of the EventType.' type: object properties: - branches: - description: Branches is the list of Filter/Subscribers pairs. - type: array - items: - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - delivery: - description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: &addressableProperties - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: + broker: + type: string + reference: + description: Reference a resource. For example, Broker. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is an optional field, it gets defaulted to the object holding it if left out.' + type: string + description: + description: 'Description is an optional field used to describe the EventType, in any meaningful way.' + type: string + schema: + description: 'Schema is a URI, it represents the CloudEvents schemaurl extension attribute. It may be a JSON schema, a protobuf schema, etc. It is optional.' + type: string + schemaData: + description: 'SchemaData allows the CloudEvents schema to be stored directly in the EventType. Content is dependent on the encoding. Optional attribute. The contents are not validated or manipulated by the system.' + type: string + source: + description: 'Source is a URI, it represents the CloudEvents source.' + type: string + type: + description: 'Type represents the CloudEvents type. It is authoritative.' + type: string + status: + description: 'Status represents the current state of the EventType. This data may be out of date.' + type: object + properties: + annotations: + description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + type: object + x-kubernetes-preserve-unknown-fields: true + conditions: + description: 'Conditions the latest available observations of a resource''s current state.' + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' + type: integer + format: int64 + additionalPrinterColumns: + - name: Type + type: string + jsonPath: ".spec.type" + - name: Source + type: string + jsonPath: ".spec.source" + - name: Schema + type: string + jsonPath: ".spec.schema" + - name: Reference Name + type: string + jsonPath: ".spec.reference.name" + - name: Reference Kind + type: string + jsonPath: ".spec.reference.kind" + - name: Description + type: string + jsonPath: ".spec.description" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + # This indicates the v1beta1 version of the custom resource is deprecated. + # API requests to this version receive a warning header in the server response. + deprecated: true + # This overrides the default warning returned to API clients making v1beta1 API requests. + deprecationWarning: "eventing.knative.dev/v1beta1 EventType is deprecated; see https://knative.dev/docs/eventing/event-registry/ for instructions to migrate to eventing.knative.dev/v1beta2 EventType" + # v1beta1 schema is identical to the v1beta2 schema + names: + kind: EventType + plural: eventtypes + singular: eventtype + categories: + - all + - knative + - eventing + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: eventing-webhook + namespace: knative-eventing + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: parallels.flows.knative.dev + labels: + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.14.0" + app.kubernetes.io/name: knative-eventing +spec: + group: flows.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'Parallel defines conditional branches that will be wired in series through Channels and Subscriptions.' + type: object + properties: + spec: + description: Spec defines the desired state of the Parallel. + type: object + properties: + branches: + description: Branches is the list of Filter/Subscribers pairs. + type: array + items: + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + delivery: + description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + retry: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer format: int32 @@ -2269,17 +2697,89 @@ spec: description: Filter is the expression guarding the branch type: object properties: - !!merge <<: *addressableProperties + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string reply: description: Reply is a Reference to where the result of Subscriber of this case gets sent to. If not specified, sent the result to the Parallel Reply type: object properties: - !!merge <<: *addressableProperties + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string subscriber: description: Subscriber receiving the event when the filter passes type: object properties: - !!merge <<: *addressableProperties + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string channelTemplate: description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). type: object @@ -2298,20 +2798,72 @@ spec: description: Reply is a Reference to where the result of a case Subscriber gets sent to when the case does not have a Reply type: object properties: - !!merge <<: *addressableProperties + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string status: description: Status represents the current state of the Parallel. This data may be out of date. type: object properties: address: + description: Parallel is Addressable. It exposes the endpoint as an URI to get events delivered into the Parallel. type: object properties: + name: + type: string url: type: string + CACerts: + type: string + audience: + type: string + addresses: + description: Parallel is Addressable. It exposes the endpoints as URIs to get events delivered into the Parallel. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string annotations: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string branchStatuses: description: BranchStatuses is an array of corresponding to branch statuses. Matches the Spec.Branches array in the order. type: array @@ -2321,11 +2873,11 @@ spec: filterChannelStatus: description: FilterChannelStatus corresponds to the filter channel status. type: object - properties: &channelProperties + properties: channel: description: Channel is the reference to the underlying channel. type: object - properties: &referentProperties + properties: apiVersion: description: API version of the referent. type: string @@ -2351,7 +2903,7 @@ spec: description: ReadyCondition indicates whether the Channel is ready or not. type: object x-kubernetes-preserve-unknown-fields: true - properties: &readyConditionProperties + properties: message: description: A human readable message indicating details about the transition. type: string @@ -2375,12 +2927,46 @@ spec: description: ReadyCondition indicates whether the Subscription is ready or not. type: object properties: - !!merge <<: *readyConditionProperties + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string subscription: description: Subscription is the reference to the underlying Subscription. type: object properties: - !!merge <<: *referentProperties + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string subscriberSubscriptionStatus: description: SubscriptionStatus corresponds to the subscriber subscription status. type: object @@ -2389,24 +2975,116 @@ spec: description: ReadyCondition indicates whether the Subscription is ready or not. type: object properties: - !!merge <<: *readyConditionProperties + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string subscription: description: Subscription is the reference to the underlying Subscription. type: object properties: - !!merge <<: *referentProperties + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string conditions: description: Conditions the latest available observations of a resource's current state. type: array items: type: object properties: - !!merge <<: *readyConditionProperties + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string ingressChannelStatus: description: IngressChannelStatus corresponds to the ingress channel status. type: object properties: - !!merge <<: *channelProperties + channel: + description: Channel is the reference to the underlying channel. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + ready: + description: ReadyCondition indicates whether the Channel is ready or not. + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string observedGeneration: description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer @@ -2456,20 +3134,173 @@ metadata: eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing annotations: - # TODO add schemas and descriptions + # TODO add schema registry.knative.dev/eventTypes: | [ - { "type": "dev.knative.sources.ping" } + { + "type": "dev.knative.sources.ping", + "description": "CloudEvent type for fixed payloads on a specified cron schedule" + } ] name: pingsources.sources.knative.dev spec: group: sources.knative.dev versions: - - &version - name: v1beta2 + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + description: 'PingSource describes an event source with a fixed payload produced on a specified cron schedule.' + properties: + spec: + type: object + description: 'PingSourceSpec defines the desired state of the PingSource (from the client).' + properties: + ceOverrides: + description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' + type: object + properties: + extensions: + description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' + type: object + additionalProperties: + type: string + x-kubernetes-preserve-unknown-fields: true + contentType: + description: 'ContentType is the media type of `data` or `dataBase64`. Default is empty.' + type: string + data: + description: 'Data is data used as the body of the event posted to the sink. Default is empty. Mutually exclusive with `dataBase64`.' + type: string + dataBase64: + description: "DataBase64 is the base64-encoded string of the actual event's body posted to the sink. Default is empty. Mutually exclusive with `data`." + type: string + schedule: + description: 'Schedule is the cron schedule. Defaults to `* * * * *`.' + type: string + sink: + description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' + type: object + properties: + ref: + description: 'Ref points to an Addressable.' + type: object + properties: + apiVersion: + description: 'API version of the referent.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' + type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + timezone: + description: 'Timezone modifies the actual time relative to the specified timezone. Defaults to the system time zone. More general information about time zones: https://www.iana.org/time-zones List of valid timezone values: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones' + type: string + status: + type: object + description: 'PingSourceStatus defines the observed state of PingSource (from the controller).' + properties: + annotations: + description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + ceAttributes: + description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' + type: array + items: + type: object + properties: + source: + description: 'Source is the CloudEvents source attribute.' + type: string + type: + description: 'Type refers to the CloudEvent type attribute.' + type: string + conditions: + description: 'Conditions the latest available observations of a resource''s current state.' + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' + type: integer + format: int64 + sinkUri: + description: 'SinkURI is the current active sink URI that has been configured for the Source.' + type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + sinkAudience: + description: sinkAudience is the OIDC audience of the sink. + type: string + additionalPrinterColumns: + - name: Sink + type: string + jsonPath: .status.sinkUri + - name: Schedule + type: string + jsonPath: .spec.schedule + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + - name: v1beta2 served: true storage: false subresources: @@ -2528,6 +3359,12 @@ spec: uri: description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string timezone: description: 'Timezone modifies the actual time relative to the specified timezone. Defaults to the system time zone. More general information about time zones: https://www.iana.org/time-zones List of valid timezone values: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones' type: string @@ -2539,6 +3376,13 @@ spec: description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' type: object x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string ceAttributes: description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' type: array @@ -2585,6 +3429,12 @@ spec: sinkUri: description: 'SinkURI is the current active sink URI that has been configured for the Source.' type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + sinkAudience: + description: sinkAudience is the OIDC audience of the sink. + type: string additionalPrinterColumns: - name: Sink type: string @@ -2601,10 +3451,11 @@ spec: - name: Reason type: string jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - !!merge <<: *version - name: v1 - served: true - storage: true + # This indicates the v1beta2 version of the custom resource is deprecated. + # API requests to this version receive a warning header in the server response. + deprecated: true + # This overrides the default warning returned to API clients making v1beta2 API requests. + deprecationWarning: "sources.knative.dev/v1beta2 PingSource is deprecated; see https://knative.dev/docs/eventing/sources/ping-source/ for instructions to migrate to sources.knative.dev/v1 PingSource" # v1 schema is identical to the v1beta2 schema names: categories: @@ -2645,7 +3496,7 @@ metadata: labels: knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: group: flows.knative.dev @@ -2701,6 +3552,12 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + type: string + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the reply. + audience: + description: Audience is the OIDC audience of the reply. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string steps: description: Steps is the list of Destinations (processors / functions) that will be called in the order provided. Each step has its own delivery options type: array @@ -2740,6 +3597,12 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string retry: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer @@ -2764,19 +3627,53 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string status: description: Status represents the current state of the Sequence. This data may be out of date. type: object properties: address: + description: Sequence is Addressable. It exposes the endpoint as an URI to get events delivered into the Sequence. type: object properties: + name: + type: string url: type: string + CACerts: + type: string + audience: + type: string + addresses: + description: Sequence is Addressable. It exposes the endpoints as URIs to get events delivered into the Sequence. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string annotations: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string channelStatuses: description: ChannelStatuses is an array of corresponding Channel statuses. Matches the Spec.Steps array in the order. type: array @@ -2966,7 +3863,7 @@ metadata: duck.knative.dev/source: "true" duck.knative.dev/binding: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing name: sinkbindings.sources.knative.dev spec: @@ -3016,6 +3913,12 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string subject: description: Subject references the resource(s) whose "runtime contract" should be augmented by Binding implementations. type: object @@ -3064,6 +3967,13 @@ spec: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string ceAttributes: description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. type: array @@ -3110,6 +4020,15 @@ spec: sinkUri: description: SinkURI is the current active sink URI that has been configured for the Source. type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + sinkAudience: + description: Audience is the OIDC audience of the sink. + type: string + oidcTokenSecretName: + description: Name of the secret with the OIDC token for the sink. + type: string additionalPrinterColumns: - name: Sink type: string @@ -3154,7 +4073,7 @@ metadata: name: subscriptions.messaging.knative.dev labels: knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: group: messaging.knative.dev @@ -3173,7 +4092,7 @@ spec: type: object properties: channel: - description: 'Reference to a channel that will be used to create the subscription. You can specify only the following fields of the KReference: kind, apiVersion and name. The resource pointed by this KReference must meet the contract to the ChannelableSpec duck type. If the resource does not meet this contract it will be reflected in the Subscription''s status. This field is immutable. We have no good answer on what happens to the events that are currently in the channel being consumed from and what the semantics there should be. For now, you can always delete the Subscription and recreate it to point to a different channel, giving the user more control over what semantics should be used (drain the channel first, possibly have events dropped, etc.)' + description: 'Reference to a channel that will be used to create the subscription. You can specify only the following fields of the KReference: kind, apiVersion, name and namespace. The resource pointed by this KReference must meet the contract to the ChannelableSpec duck type. If the resource does not meet this contract it will be reflected in the Subscription''s status. This field is immutable. We have no good answer on what happens to the events that are currently in the channel being consumed from and what the semantics there should be. For now, you can always delete the Subscription and recreate it to point to a different channel, giving the user more control over what semantics should be used (drain the channel first, possibly have events dropped, etc.)' type: object properties: apiVersion: @@ -3185,6 +4104,9 @@ spec: name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery: description: Delivery configuration @@ -3219,6 +4141,12 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string retry: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer @@ -3247,6 +4175,12 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string subscriber: description: Subscriber is reference to (optional) function for processing events. Events from the Channel will be delivered here and replies are sent to a Destination as specified by the Reply. type: object @@ -3271,6 +4205,12 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the subscription trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string status: type: object properties: @@ -3278,6 +4218,13 @@ spec: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string conditions: description: Conditions the latest available observations of a resource's current state. type: array @@ -3316,12 +4263,30 @@ spec: deadLetterSinkUri: description: ReplyURI is the fully resolved URI for the spec.delivery.deadLetterSink. type: string + deadLetterSinkCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + deadLetterSinkAudience: + description: OIDC audience of the dead letter sink. + type: string replyUri: description: ReplyURI is the fully resolved URI for the spec.reply. type: string + replyCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + replyAudience: + description: ReplyAudience is the OIDC audience for the replyUri. + type: string subscriberUri: description: SubscriberURI is the fully resolved URI for spec.subscriber. type: string + subscriberCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + subscriberAudience: + description: SubscriberAudience is the OIDC audience for the subscriberUri. + type: string additionalPrinterColumns: - name: Age type: date @@ -3365,7 +4330,7 @@ metadata: name: triggers.eventing.knative.dev labels: knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: group: eventing.knative.dev @@ -3404,6 +4369,22 @@ spec: broker: description: Broker is the broker that this trigger receives events from. type: string + brokerRef: + description: 'Reference to a broker that is enabled for cross-namespace referencing. You can specify only the following fields of the KReference: kind, apiVersion, name and namespace.' + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string delivery: description: Delivery contains the delivery spec for this specific trigger. type: object @@ -3438,6 +4419,12 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string retry: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer @@ -3473,6 +4460,12 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string status: description: Status represents the current state of the Trigger. This data may be out of date. type: object @@ -3481,6 +4474,13 @@ spec: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string conditions: description: Conditions the latest available observations of a resource's current state. type: array @@ -3511,6 +4511,12 @@ spec: deadLetterSinkUri: description: DeadLetterSinkURI is the resolved URI of the dead letter sink for this Trigger, in case there is none this will fallback to it's Broker status DeadLetterSinkURI. type: string + deadLetterSinkCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + deadLetterSinkAudience: + description: OIDC audience of the dead letter sink. + type: string observedGeneration: description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer @@ -3518,6 +4524,12 @@ spec: subscriberUri: description: SubscriberURI is the resolved URI of the receiver for this Trigger. type: string + subscriberCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + subscriberAudience: + description: OIDC audience of the subscriber. + type: string names: kind: Trigger plural: triggers @@ -3549,7 +4561,7 @@ kind: ClusterRole metadata: name: addressable-resolver labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing aggregationRule: clusterRoleSelectors: @@ -3563,7 +4575,7 @@ metadata: name: service-addressable-resolver labels: duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: @@ -3582,7 +4594,7 @@ metadata: name: serving-addressable-resolver labels: duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: @@ -3604,7 +4616,7 @@ metadata: name: channel-addressable-resolver labels: duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: @@ -3630,7 +4642,7 @@ metadata: name: broker-addressable-resolver labels: duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: @@ -3650,7 +4662,7 @@ metadata: name: flows-addressable-resolver labels: duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: @@ -3686,7 +4698,7 @@ kind: ClusterRole metadata: name: eventing-broker-filter labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -3712,7 +4724,7 @@ kind: ClusterRole metadata: name: eventing-broker-ingress labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -3729,7 +4741,7 @@ kind: ClusterRole metadata: name: eventing-config-reader labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -3762,7 +4774,7 @@ kind: ClusterRole metadata: name: channelable-manipulator labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing aggregationRule: clusterRoleSelectors: @@ -3776,7 +4788,7 @@ metadata: name: meta-channelable-manipulator labels: duck.knative.dev/channelable: "true" - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "channelable-manipulator" role. rules: @@ -3815,7 +4827,7 @@ metadata: name: knative-eventing-namespaced-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["eventing.knative.dev"] @@ -3828,7 +4840,7 @@ metadata: name: knative-messaging-namespaced-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["messaging.knative.dev"] @@ -3841,7 +4853,7 @@ metadata: name: knative-flows-namespaced-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["flows.knative.dev"] @@ -3854,7 +4866,7 @@ metadata: name: knative-sources-namespaced-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["sources.knative.dev"] @@ -3867,7 +4879,7 @@ metadata: name: knative-bindings-namespaced-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["bindings.knative.dev"] @@ -3880,7 +4892,7 @@ metadata: name: knative-eventing-namespaced-edit labels: rbac.authorization.k8s.io/aggregate-to-edit: "true" - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev"] @@ -3893,7 +4905,7 @@ metadata: name: knative-eventing-namespaced-view labels: rbac.authorization.k8s.io/aggregate-to-view: "true" - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev"] @@ -3920,7 +4932,7 @@ kind: ClusterRole metadata: name: knative-eventing-controller labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -3934,7 +4946,8 @@ rules: - "events" - "serviceaccounts" - "pods" - verbs: &everything + - "serviceaccounts/token" + verbs: - "get" - "list" - "create" @@ -3947,7 +4960,14 @@ rules: - "apps" resources: - "deployments" - verbs: *everything + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" # PingSource controller manipulates Deployment owner reference - apiGroups: - "apps" @@ -3960,7 +4980,15 @@ rules: - "rbac.authorization.k8s.io" resources: - "rolebindings" - verbs: *everything + - "roles" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" # Our own resources and statuses we care about. - apiGroups: - "eventing.knative.dev" @@ -3971,7 +4999,14 @@ rules: - "triggers/status" - "eventtypes" - "eventtypes/status" - verbs: *everything + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" # Eventing resources and finalizers we care about. - apiGroups: - "eventing.knative.dev" @@ -3992,7 +5027,14 @@ rules: - "parallels/status" - "subscriptions" - "subscriptions/status" - verbs: *everything + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" # Flow resources and statuses we care about. - apiGroups: - "flows.knative.dev" @@ -4001,7 +5043,14 @@ rules: - "sequences/status" - "parallels" - "parallels/status" - verbs: *everything + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" # Messaging resources and finalizers we care about. - apiGroups: - "messaging.knative.dev" @@ -4033,7 +5082,14 @@ rules: - "coordination.k8s.io" resources: - "leases" - verbs: *everything + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" --- # Copyright 2020 The Knative Authors @@ -4055,7 +5111,7 @@ kind: ClusterRole metadata: name: knative-eventing-pingsource-mt-adapter labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -4066,6 +5122,12 @@ rules: - "get" - "list" - "watch" + - apiGroups: + - "" + resources: + - "serviceaccounts/token" + verbs: + - "create" - apiGroups: - sources.knative.dev resources: @@ -4122,7 +5184,7 @@ kind: ClusterRole metadata: name: podspecable-binding labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing aggregationRule: clusterRoleSelectors: @@ -4136,7 +5198,7 @@ metadata: name: builtin-podspecable-binding labels: duck.knative.dev/podspecable: "true" - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "podspecable-binding role. rules: @@ -4182,7 +5244,7 @@ kind: ClusterRole metadata: name: source-observer labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing aggregationRule: clusterRoleSelectors: @@ -4196,7 +5258,7 @@ metadata: name: eventing-sources-source-observer labels: duck.knative.dev/source: "true" - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "source-observer" role. rules: @@ -4232,7 +5294,7 @@ kind: ClusterRole metadata: name: knative-eventing-sources-controller labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -4241,7 +5303,7 @@ rules: - "secrets" - "configmaps" - "services" - verbs: &everything + verbs: - "get" - "list" - "create" @@ -4254,7 +5316,14 @@ rules: - "apps" resources: - "deployments" - verbs: *everything + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" # Source resources and statuses we care about. - apiGroups: - "sources.knative.dev" @@ -4271,25 +5340,53 @@ rules: - "containersources" - "containersources/status" - "containersources/finalizers" - verbs: *everything + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" # Knative Services admin - apiGroups: - serving.knative.dev resources: - services - verbs: *everything + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" # EventTypes admin - apiGroups: - eventing.knative.dev resources: - eventtypes - verbs: *everything + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" # Events admin - apiGroups: - "" resources: - events - verbs: *everything + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" # Authorization checker - apiGroups: - authorization.k8s.io @@ -4318,7 +5415,7 @@ kind: ClusterRole metadata: name: knative-eventing-webhook labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing rules: # For watching logging configuration and getting certs. @@ -4327,6 +5424,9 @@ rules: resources: - "configmaps" verbs: + - "create" + - "update" + - "delete" - "get" - "list" - "watch" @@ -4368,7 +5468,7 @@ rules: resources: - "mutatingwebhookconfigurations" - "validatingwebhookconfigurations" - verbs: &everything + verbs: - "get" - "list" - "create" @@ -4383,13 +5483,27 @@ rules: - "sinkbindings" - "sinkbindings/status" - "sinkbindings/finalizers" - verbs: *everything + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" # For leader election - apiGroups: - "coordination.k8s.io" resources: - "leases" - verbs: *everything + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" # For creating events - apiGroups: - "" @@ -4401,6 +5515,38 @@ rules: - "list" - "create" - "patch" + # For the SinkBinding reconciler adding the OIDC identity service accounts + - apiGroups: + - "" + resources: + - "serviceaccounts" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # For the SinkBinding reconciler creating the sinkbinding token secret + - apiGroups: + - "" + resources: + - "serviceaccounts/token" + verbs: + - "create" + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" # Necessary for conversion webhook. These are copied from the serving # TODO: Do we really need all these permissions? - apiGroups: ["apiextensions.k8s.io"] @@ -4428,7 +5574,7 @@ metadata: namespace: knative-eventing name: knative-eventing-webhook labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing rules: # For manipulating certs into secrets. @@ -4464,7 +5610,7 @@ kind: ValidatingWebhookConfiguration metadata: name: config.webhook.eventing.knative.dev labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing webhooks: - admissionReviewVersions: ["v1", "v1beta1"] @@ -4477,6 +5623,9 @@ webhooks: name: config.webhook.eventing.knative.dev namespaceSelector: matchExpressions: + - key: kubernetes.io/metadata.name + operator: In + values: ["knative-eventing"] timeoutSeconds: 10 --- @@ -4499,7 +5648,7 @@ kind: MutatingWebhookConfiguration metadata: name: webhook.eventing.knative.dev labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing webhooks: - admissionReviewVersions: ["v1", "v1beta1"] @@ -4532,7 +5681,7 @@ kind: ValidatingWebhookConfiguration metadata: name: validation.webhook.eventing.knative.dev labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing webhooks: - admissionReviewVersions: ["v1", "v1beta1"] @@ -4566,7 +5715,7 @@ metadata: name: eventing-webhook-certs namespace: knative-eventing labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing # The data is populated at install time. @@ -4590,7 +5739,7 @@ kind: MutatingWebhookConfiguration metadata: name: sinkbindings.webhook.sources.knative.dev labels: - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing webhooks: - admissionReviewVersions: ["v1", "v1beta1"] diff --git a/cmd/operator/kodata/knative-eventing/1.14.0/3-eventing-tls-networking.yaml b/cmd/operator/kodata/knative-eventing/1.14.0/3-eventing-tls-networking.yaml new file mode 100644 index 0000000000..822c56960f --- /dev/null +++ b/cmd/operator/kodata/knative-eventing/1.14.0/3-eventing-tls-networking.yaml @@ -0,0 +1,269 @@ +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This is the issuer that every Eventing component should use to issue their server's certs. +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: knative-eventing-ca-issuer +spec: + ca: + secretName: knative-eventing-ca + +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This is the root issuer to bootstrap the eventing CA. +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: knative-eventing-selfsigned-issuer +spec: + selfSigned: {} +--- +# This is the Eventing CA certificate. +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: knative-eventing-selfsigned-ca + namespace: cert-manager +spec: + secretName: knative-eventing-ca + isCA: true + commonName: selfsigned-ca + privateKey: + algorithm: ECDSA + size: 256 + issuerRef: + name: knative-eventing-selfsigned-issuer + kind: ClusterIssuer + group: cert-manager.io + +--- +# Copyright 2024 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: knative-eventing-bundle + namespace: knative-eventing + labels: + networking.knative.dev/trust-bundle: "true" + app.kubernetes.io/version: "1.14.0" + app.kubernetes.io/name: knative-eventing + +--- +# Copyright 2024 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: trust.cert-manager.io/v1alpha1 +kind: Bundle +metadata: + name: knative-eventing-bundle # The bundle name will also be used for the target +spec: + sources: + # Include a bundle of publicly trusted certificates which can be + # used to validate most TLS certificates on the internet, such as + # those issued by Let's Encrypt, Google, Amazon and others. + - useDefaultCAs: true + # A Secret in the "trust" namespace; see "Trust Namespace" below for further details + - secret: + name: "knative-eventing-ca" + key: "tls.crt" + target: + configMap: + key: "knative-eventing-bundle.pem" + additionalFormats: + jks: + key: "knative-eventing-bundle.jks" + pkcs12: + key: "knative-eventing-bundle.p12" + namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: "knative-eventing" + +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: imc-dispatcher-server-tls + namespace: knative-eventing +spec: + # Secret names are always required. + secretName: imc-dispatcher-server-tls + secretTemplate: + labels: + app.kubernetes.io/component: imc-dispatcher + app.kubernetes.io/name: knative-eventing + # Use 0m0s so that we don't run into https://github.com/cert-manager/cert-manager/issues/6408 on the operator + duration: 2160h0m0s # 90d + renewBefore: 360h0m0s # 15d + subject: + organizations: + - local + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + rotationPolicy: Always + dnsNames: + - imc-dispatcher.knative-eventing.svc.cluster.local + - imc-dispatcher.knative-eventing.svc + issuerRef: + name: knative-eventing-ca-issuer + kind: ClusterIssuer + group: cert-manager.io + +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: mt-broker-filter-server-tls + namespace: knative-eventing +spec: + # Secret names are always required. + secretName: mt-broker-filter-server-tls + secretTemplate: + labels: + app.kubernetes.io/component: broker-filter + app.kubernetes.io/name: knative-eventing + # Use 0m0s so that we don't run into https://github.com/cert-manager/cert-manager/issues/6408 on the operator + duration: 2160h0m0s # 90d + renewBefore: 360h0m0s # 15d + subject: + organizations: + - local + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + rotationPolicy: Always + dnsNames: + - broker-filter.knative-eventing.svc.cluster.local + - broker-filter.knative-eventing.svc + issuerRef: + name: knative-eventing-ca-issuer + kind: ClusterIssuer + group: cert-manager.io + +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: mt-broker-ingress-server-tls + namespace: knative-eventing +spec: + # Secret names are always required. + secretName: mt-broker-ingress-server-tls + secretTemplate: + labels: + app.kubernetes.io/component: broker-ingress + app.kubernetes.io/name: knative-eventing + # Use 0m0s so that we don't run into https://github.com/cert-manager/cert-manager/issues/6408 on the operator + duration: 2160h0m0s # 90d + renewBefore: 360h0m0s # 15d + subject: + organizations: + - local + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + rotationPolicy: Always + dnsNames: + - broker-ingress.knative-eventing.svc.cluster.local + - broker-ingress.knative-eventing.svc + issuerRef: + name: knative-eventing-ca-issuer + kind: ClusterIssuer + group: cert-manager.io + +--- diff --git a/cmd/operator/kodata/knative-eventing/1.10.3/4-in-memory-channel.yaml b/cmd/operator/kodata/knative-eventing/1.14.0/4-in-memory-channel.yaml similarity index 82% rename from cmd/operator/kodata/knative-eventing/1.10.3/4-in-memory-channel.yaml rename to cmd/operator/kodata/knative-eventing/1.14.0/4-in-memory-channel.yaml index 01f809789f..c8a7834d38 100644 --- a/cmd/operator/kodata/knative-eventing/1.10.3/4-in-memory-channel.yaml +++ b/cmd/operator/kodata/knative-eventing/1.14.0/4-in-memory-channel.yaml @@ -18,7 +18,7 @@ metadata: name: imc-controller namespace: knative-eventing labels: - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing --- apiVersion: rbac.authorization.k8s.io/v1 @@ -26,7 +26,7 @@ kind: ClusterRoleBinding metadata: name: imc-controller labels: - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -43,7 +43,7 @@ metadata: namespace: knative-eventing name: imc-controller labels: - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -59,7 +59,7 @@ kind: ClusterRoleBinding metadata: name: imc-controller-resolver labels: - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -91,7 +91,7 @@ metadata: name: imc-dispatcher namespace: knative-eventing labels: - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing --- apiVersion: rbac.authorization.k8s.io/v1 @@ -99,7 +99,7 @@ kind: ClusterRoleBinding metadata: name: imc-dispatcher labels: - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -109,113 +109,38 @@ roleRef: kind: ClusterRole name: imc-dispatcher apiGroup: rbac.authorization.k8s.io - --- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding metadata: - name: config-imc-event-dispatcher + name: imc-dispatcher-tls-role-binding namespace: knative-eventing - labels: - app.kubernetes.io/component: imc-controller - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing -data: - MaxIdleConnections: "1000" - MaxIdleConnectionsPerHost: "100" - +subjects: + - kind: ServiceAccount + name: imc-dispatcher + apiGroup: "" +roleRef: + kind: Role + name: imc-dispatcher-tls-role + apiGroup: rbac.authorization.k8s.io --- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role metadata: - name: config-observability + name: imc-dispatcher-tls-role namespace: knative-eventing - labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-eventing - annotations: - knative.dev/example-checksum: "f46cf09d" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # metrics.backend-destination field specifies the system metrics destination. - # It supports either prometheus (the default) or stackdriver. - # Note: Using stackdriver will incur additional charges - metrics.backend-destination: prometheus - - # metrics.request-metrics-backend-destination specifies the request metrics - # destination. If non-empty, it enables queue proxy to send request metrics. - # Currently supported values: prometheus, stackdriver. - metrics.request-metrics-backend-destination: prometheus - - # metrics.stackdriver-project-id field specifies the stackdriver project ID. This - # field is optional. When running on GCE, application default credentials will be - # used if this field is not provided. - metrics.stackdriver-project-id: "" - - # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to - # Stackdriver using "global" resource type and custom metric type if the - # metrics are not supported by "knative_broker", "knative_trigger", and "knative_source" resource types. - # Setting this flag to "true" could cause extra Stackdriver charge. - # If metrics.backend-destination is not Stackdriver, this is ignored. - metrics.allow-stackdriver-custom-metrics: "false" - - # profiling.enable indicates whether it is allowed to retrieve runtime profiling data from - # the pods via an HTTP server in the format expected by the pprof visualization tool. When - # enabled, the Knative Eventing pods expose the profiling data on an alternate HTTP port 8008. - # The HTTP context root for profiling is then /debug/pprof/. - profiling.enable: "false" - - # sink-event-error-reporting.enable whether the adapter reports a kube event to the CRD indicating - # a failure to send a cloud event to the sink. - sink-event-error-reporting.enable: "false" +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch --- -# Copyright 2019 The Knative Authors +# Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -232,44 +157,15 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: config-tracing + name: config-imc-event-dispatcher namespace: knative-eventing labels: - knative.dev/config-propagation: original - knative.dev/config-category: eventing - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/component: imc-controller + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing - annotations: - knative.dev/example-checksum: "0492ceb0" data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - # - # This may be "zipkin" or "none". the default is "none" - backend: "none" - - # URL to zipkin collector where traces are sent. - # This must be specified when backend is "zipkin" - zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans" - - # Enable zipkin debug mode. This allows all spans to be sent to the server - # bypassing sampling. - debug: "false" - - # Percentage (0-1) of requests to trace - sample-rate: "0.1" + MaxIdleConnections: "1000" + MaxIdleConnectionsPerHost: "100" --- # Copyright 2019 The Knative Authors @@ -294,19 +190,20 @@ metadata: labels: knative.dev/high-availability: "true" app.kubernetes.io/component: imc-controller - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: selector: - matchLabels: &labels + matchLabels: messaging.knative.dev/channel: in-memory-channel messaging.knative.dev/role: controller template: metadata: labels: - !!merge <<: *labels + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: controller app.kubernetes.io/component: imc-controller - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: affinity: @@ -314,14 +211,16 @@ spec: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: - matchLabels: *labels + matchLabels: + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: controller topologyKey: kubernetes.io/hostname weight: 100 serviceAccountName: imc-controller enableServiceLinks: false containers: - name: controller - image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_controller@sha256:213617878e130c6744b58a164e193780b62cb5fa638e4d9bd39e5ba1dd77b128 + image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_controller@sha256:0c8628adc931aa556d12750ce3499ce0b10b84e7f5322fcd76a07d161d58b354 env: - name: WEBHOOK_NAME value: inmemorychannel-webhook @@ -338,7 +237,7 @@ spec: fieldRef: fieldPath: metadata.namespace - name: DISPATCHER_IMAGE - value: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:1bb5bb82ed5c12a3c43bb3ec16124c98cafe8d3b9286dc80632d9e037999fadb + value: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:d8baebdce96049e03a27a22534b553fbfa49825f649d44ebf43e0f5f0468379b - name: POD_NAME valueFrom: fieldRef: @@ -359,7 +258,7 @@ spec: containerPort: 8008 - name: https-webhook containerPort: 8443 - readinessProbe: &probe + readinessProbe: periodSeconds: 1 httpGet: scheme: HTTPS @@ -368,7 +267,13 @@ spec: - name: k-kubelet-probe value: "webhook" livenessProbe: - !!merge <<: *probe + periodSeconds: 1 + httpGet: + scheme: HTTPS + port: 8443 + httpHeaders: + - name: k-kubelet-probe + value: "webhook" initialDelaySeconds: 120 # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently # high value that we respect whatever value it has configured for the lame duck grace period. @@ -379,7 +284,7 @@ kind: Service metadata: labels: app.kubernetes.io/component: imc-controller - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing name: inmemorychannel-webhook namespace: knative-eventing @@ -421,7 +326,7 @@ metadata: messaging.knative.dev/channel: in-memory-channel messaging.knative.dev/role: dispatcher app.kubernetes.io/component: imc-dispatcher - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: selector: @@ -432,6 +337,10 @@ spec: port: 80 protocol: TCP targetPort: 8080 + - name: https-dispatcher + port: 443 + protocol: TCP + targetPort: 8443 - name: http-metrics port: 9090 targetPort: 9090 @@ -459,19 +368,20 @@ metadata: labels: knative.dev/high-availability: "true" app.kubernetes.io/component: imc-dispatcher - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: selector: - matchLabels: &labels + matchLabels: messaging.knative.dev/channel: in-memory-channel messaging.knative.dev/role: dispatcher template: metadata: labels: - !!merge <<: *labels + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: dispatcher app.kubernetes.io/component: imc-dispatcher - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: affinity: @@ -479,15 +389,17 @@ spec: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: - matchLabels: *labels + matchLabels: + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: dispatcher topologyKey: kubernetes.io/hostname weight: 100 serviceAccountName: imc-dispatcher enableServiceLinks: false containers: - name: dispatcher - image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:1bb5bb82ed5c12a3c43bb3ec16124c98cafe8d3b9286dc80632d9e037999fadb - readinessProbe: &probe + image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:d8baebdce96049e03a27a22534b553fbfa49825f649d44ebf43e0f5f0468379b + readinessProbe: failureThreshold: 3 httpGet: path: /healthz @@ -497,7 +409,14 @@ spec: successThreshold: 1 timeoutSeconds: 1 livenessProbe: - !!merge <<: *probe + failureThreshold: 3 + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 initialDelaySeconds: 5 env: - name: CONFIG_LOGGING_NAME @@ -524,6 +443,9 @@ spec: - containerPort: 8080 name: http protocol: TCP + - containerPort: 8443 + name: https + protocol: TCP - containerPort: 9090 name: metrics securityContext: @@ -558,7 +480,7 @@ metadata: knative.dev/crd-install: "true" messaging.knative.dev/subscribable: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: group: messaging.knative.dev @@ -610,6 +532,12 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string retry: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer @@ -654,6 +582,12 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string retry: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer @@ -663,24 +597,70 @@ spec: description: Generation of the origin of the subscriber with uid:UID. type: integer format: int64 + name: + description: The name of the subscription + type: string + namespace: + description: The namespace of the subscription + type: string replyUri: description: ReplyURI is the endpoint for the reply type: string + replyCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + replyAudience: + description: ReplyAudience is the OIDC audience for the replyUri. + type: string subscriberUri: description: SubscriberURI is the endpoint for the subscriber type: string + subscriberCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + subscriberAudience: + description: SubscriberAudience is the OIDC audience for the subscriberUri. + type: string uid: description: UID is used to understand the origin of the subscriber. type: string + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string status: description: Status represents the current state of the Channel. This data may be out of date. type: object properties: address: + description: InMemoryChannel is Addressable. It exposes the endpoint as an URI to get events delivered into the channel mesh. type: object properties: + name: + type: string url: type: string + CACerts: + type: string + audience: + type: string + addresses: + description: InMemoryChannel is Addressable. It exposes the endpoints as URIs to get events delivered into the channel mesh. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string annotations: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object @@ -731,6 +711,12 @@ spec: deadLetterSinkUri: description: DeadLetterSinkURI is the resolved URI of the dead letter ref if one is specified in the Spec.Delivery. type: string + deadLetterSinkCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + deadLetterSinkAudience: + description: OIDC audience of the dead letter sink. + type: string observedGeneration: description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer @@ -754,6 +740,13 @@ spec: uid: description: UID is used to understand the origin of the subscriber. type: string + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string additionalPrinterColumns: - name: URL type: string @@ -801,7 +794,7 @@ metadata: name: imc-addressable-resolver labels: duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: @@ -836,7 +829,7 @@ metadata: name: imc-channelable-manipulator labels: duck.knative.dev/channelable: "true" - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "channelable-manipulator" role. rules: @@ -874,7 +867,7 @@ kind: ClusterRole metadata: name: imc-controller labels: - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -906,7 +899,7 @@ rules: resources: - services - serviceaccounts - verbs: &everything + verbs: - get - list - watch @@ -925,12 +918,24 @@ rules: - "rbac.authorization.k8s.io" resources: - rolebindings - verbs: *everything + verbs: + - get + - list + - watch + - create + - update + - patch - apiGroups: - apps resources: - deployments - verbs: *everything + verbs: + - get + - list + - watch + - create + - update + - patch - apiGroups: - apps resources: @@ -958,14 +963,20 @@ rules: - coordination.k8s.io resources: - leases - verbs: *everything + verbs: + - get + - list + - watch + - create + - update + - patch # For actually registering our webhook. - apiGroups: - "admissionregistration.k8s.io" resources: - "mutatingwebhookconfigurations" - "validatingwebhookconfigurations" - verbs: &everything + verbs: - "get" - "list" - "create" @@ -1012,7 +1023,7 @@ kind: ClusterRole metadata: name: imc-dispatcher labels: - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -1039,6 +1050,13 @@ rules: verbs: - create - patch + # Create OIDC tokens + - apiGroups: + - "" + resources: + - "serviceaccounts/token" + verbs: + - create # Updates the finalizer so we can remove our handlers when channel is deleted # Patches the status.subscribers to reflect when the subscription dataplane has been # configured. @@ -1061,6 +1079,15 @@ rules: - create - update - patch + - apiGroups: + - eventing.knative.dev + resources: + - eventtypes + verbs: + - create + - get + - list + - watch --- # Copyright 2020 The Knative Authors @@ -1083,7 +1110,7 @@ metadata: namespace: knative-eventing name: knative-inmemorychannel-webhook labels: - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing rules: # For manipulating certs into secrets. @@ -1119,7 +1146,7 @@ kind: MutatingWebhookConfiguration metadata: name: inmemorychannel.eventing.knative.dev labels: - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing webhooks: - admissionReviewVersions: ["v1"] @@ -1152,7 +1179,7 @@ kind: ValidatingWebhookConfiguration metadata: name: validation.inmemorychannel.eventing.knative.dev labels: - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing webhooks: - admissionReviewVersions: ["v1"] @@ -1186,7 +1213,7 @@ metadata: name: inmemorychannel-webhook-certs namespace: knative-eventing labels: - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing # The data is populated at install time. diff --git a/cmd/operator/kodata/knative-eventing/1.10.1/5-mt-channel-broker.yaml b/cmd/operator/kodata/knative-eventing/1.14.0/5-mt-channel-broker.yaml similarity index 73% rename from cmd/operator/kodata/knative-eventing/1.10.1/5-mt-channel-broker.yaml rename to cmd/operator/kodata/knative-eventing/1.14.0/5-mt-channel-broker.yaml index 4f368ac304..e5adb2749d 100644 --- a/cmd/operator/kodata/knative-eventing/1.10.1/5-mt-channel-broker.yaml +++ b/cmd/operator/kodata/knative-eventing/1.14.0/5-mt-channel-broker.yaml @@ -16,7 +16,7 @@ kind: ClusterRole metadata: name: knative-eventing-mt-channel-broker-controller labels: - app.kubernetes.io/version: "1.10.1" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing rules: # Configs resources and status we care about. @@ -58,12 +58,14 @@ kind: ClusterRole metadata: name: knative-eventing-mt-broker-filter labels: - app.kubernetes.io/version: "1.10.1" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing rules: - apiGroups: - eventing.knative.dev resources: + - brokers + - brokers/status - triggers - triggers/status verbs: @@ -78,6 +80,51 @@ rules: - get - list - watch + - apiGroups: + - "" + resources: + - "serviceaccounts/token" + verbs: + - create + - apiGroups: + - "eventing.knative.dev" + resources: + - "eventtypes" + verbs: + - "get" + - "list" + - "watch" + - "create" + +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: mt-broker-filter + namespace: knative-eventing +rules: + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - get + - list + - watch --- # Copyright 2020 The Knative Authors @@ -99,7 +146,7 @@ metadata: name: mt-broker-filter namespace: knative-eventing labels: - app.kubernetes.io/version: "1.10.1" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing --- @@ -121,9 +168,18 @@ kind: ClusterRole metadata: name: knative-eventing-mt-broker-ingress labels: - app.kubernetes.io/version: "1.10.1" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing rules: + - apiGroups: + - eventing.knative.dev + resources: + - eventtypes + verbs: + - create + - get + - list + - watch - apiGroups: - eventing.knative.dev resources: @@ -141,6 +197,66 @@ rules: - list - watch +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: mt-broker-ingress + namespace: knative-eventing +rules: + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - "serviceaccounts/token" + resourceNames: + - "mt-broker-ingress-oidc" + verbs: + - create + +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: mt-broker-ingress-oidc + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.14.0" + app.kubernetes.io/name: knative-eventing + --- # Copyright 2020 The Knative Authors # @@ -161,7 +277,7 @@ metadata: name: mt-broker-ingress namespace: knative-eventing labels: - app.kubernetes.io/version: "1.10.1" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing --- @@ -184,7 +300,7 @@ kind: ClusterRoleBinding metadata: name: eventing-mt-channel-broker-controller labels: - app.kubernetes.io/version: "1.10.1" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -215,7 +331,7 @@ kind: ClusterRoleBinding metadata: name: knative-eventing-mt-broker-filter labels: - app.kubernetes.io/version: "1.10.1" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -226,6 +342,35 @@ roleRef: name: knative-eventing-mt-broker-filter apiGroup: rbac.authorization.k8s.io +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: mt-broker-filter + namespace: knative-eventing +subjects: + - kind: ServiceAccount + name: mt-broker-filter + namespace: knative-eventing +roleRef: + kind: Role + name: mt-broker-filter + apiGroup: rbac.authorization.k8s.io + --- # Copyright 2020 The Knative Authors # @@ -246,7 +391,7 @@ kind: ClusterRoleBinding metadata: name: knative-eventing-mt-broker-ingress labels: - app.kubernetes.io/version: "1.10.1" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -257,6 +402,34 @@ roleRef: name: knative-eventing-mt-broker-ingress apiGroup: rbac.authorization.k8s.io +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: mt-broker-ingress + namespace: knative-eventing +subjects: + - kind: ServiceAccount + name: mt-broker-ingress + namespace: knative-eventing +roleRef: + kind: Role + name: mt-broker-ingress + apiGroup: rbac.authorization.k8s.io + --- # Copyright 2020 The Knative Authors # @@ -279,7 +452,7 @@ metadata: namespace: knative-eventing labels: app.kubernetes.io/component: broker-filter - app.kubernetes.io/version: "1.10.1" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: selector: @@ -290,7 +463,7 @@ spec: labels: eventing.knative.dev/brokerRole: filter app.kubernetes.io/component: broker-filter - app.kubernetes.io/version: "1.10.1" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: serviceAccountName: mt-broker-filter @@ -298,8 +471,8 @@ spec: containers: - name: filter terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing/cmd/broker/filter@sha256:29bd9f43359153c0ea39cf382d5f25ca43f55abbbce3d802ca37cc4d5c4a6942 - readinessProbe: &probe + image: gcr.io/knative-releases/knative.dev/eventing/cmd/broker/filter@sha256:3f2516ed4cb0e18ce8c841a7f508f6ad62eb09b27b5c81fe9760ee31c4658c6f + readinessProbe: failureThreshold: 3 httpGet: path: /healthz @@ -309,7 +482,14 @@ spec: successThreshold: 1 timeoutSeconds: 1 livenessProbe: - !!merge <<: *probe + failureThreshold: 3 + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 initialDelaySeconds: 5 resources: requests: @@ -319,6 +499,9 @@ spec: - containerPort: 8080 name: http protocol: TCP + - containerPort: 8443 + name: https + protocol: TCP - containerPort: 9092 name: metrics protocol: TCP @@ -348,6 +531,8 @@ spec: value: knative.dev/internal/eventing - name: FILTER_PORT value: "8080" + - name: FILTER_PORT_HTTPS + value: "8443" securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true @@ -364,7 +549,7 @@ metadata: labels: eventing.knative.dev/brokerRole: filter app.kubernetes.io/component: broker-filter - app.kubernetes.io/version: "1.10.1" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing name: broker-filter namespace: knative-eventing @@ -374,6 +559,10 @@ spec: port: 80 protocol: TCP targetPort: 8080 + - name: https + port: 443 + protocol: TCP + targetPort: 8443 - name: http-metrics port: 9092 protocol: TCP @@ -403,7 +592,7 @@ metadata: namespace: knative-eventing labels: app.kubernetes.io/component: broker-ingress - app.kubernetes.io/version: "1.10.1" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: selector: @@ -414,7 +603,7 @@ spec: labels: eventing.knative.dev/brokerRole: ingress app.kubernetes.io/component: broker-ingress - app.kubernetes.io/version: "1.10.1" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: serviceAccountName: mt-broker-ingress @@ -422,8 +611,8 @@ spec: containers: - name: ingress terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing/cmd/broker/ingress@sha256:7f3b05f6e0abae19e9438fac44dd9938ddd2293014ef0fb8d388450c9ff63000 - readinessProbe: &probe + image: gcr.io/knative-releases/knative.dev/eventing/cmd/broker/ingress@sha256:17814ae8f86fa4b3671f7a4176f788cdd215eceba0899a2b2bd7e9471b7c3050 + readinessProbe: failureThreshold: 3 httpGet: path: /healthz @@ -433,7 +622,14 @@ spec: successThreshold: 1 timeoutSeconds: 1 livenessProbe: - !!merge <<: *probe + failureThreshold: 3 + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 initialDelaySeconds: 5 resources: requests: @@ -443,6 +639,9 @@ spec: - containerPort: 8080 name: http protocol: TCP + - containerPort: 8443 + name: https + protocol: TCP - containerPort: 9092 name: metrics protocol: TCP @@ -472,6 +671,8 @@ spec: value: knative.dev/internal/eventing - name: INGRESS_PORT value: "8080" + - name: INGRESS_PORT_HTTPS + value: "8443" securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true @@ -488,7 +689,7 @@ metadata: labels: eventing.knative.dev/brokerRole: ingress app.kubernetes.io/component: broker-ingress - app.kubernetes.io/version: "1.10.1" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing name: broker-ingress namespace: knative-eventing @@ -498,6 +699,10 @@ spec: port: 80 protocol: TCP targetPort: 8080 + - name: https + port: 443 + protocol: TCP + targetPort: 8443 - name: http-metrics port: 9092 protocol: TCP @@ -527,7 +732,7 @@ metadata: namespace: knative-eventing labels: app.kubernetes.io/component: mt-broker-controller - app.kubernetes.io/version: "1.10.1" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: selector: @@ -538,7 +743,7 @@ spec: labels: app: mt-broker-controller app.kubernetes.io/component: broker-controller - app.kubernetes.io/version: "1.10.1" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: # To avoid node becoming SPOF, spread our replicas to different nodes. @@ -556,7 +761,7 @@ spec: containers: - name: mt-broker-controller terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtchannel_broker@sha256:4040ffc2d34e950b7969b4ba90cec29e65e506126ddb195faf3a56cb2fa653e8 + image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtchannel_broker@sha256:85d185a37d7016a2ff48d563e4f2d60a0e31936e3b4c5b23c8e139b96fc12044 resources: requests: cpu: 100m @@ -613,7 +818,7 @@ metadata: namespace: knative-eventing labels: app.kubernetes.io/component: broker-ingress - app.kubernetes.io/version: "1.10.1" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: scaleTargetRef: @@ -637,7 +842,7 @@ metadata: namespace: knative-eventing labels: app.kubernetes.io/component: broker-filter - app.kubernetes.io/version: "1.10.1" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing spec: scaleTargetRef: diff --git a/cmd/operator/kodata/knative-eventing/1.10.0/6-eventing-post-install.yaml b/cmd/operator/kodata/knative-eventing/1.14.0/6-eventing-post-install.yaml similarity index 95% rename from cmd/operator/kodata/knative-eventing/1.10.0/6-eventing-post-install.yaml rename to cmd/operator/kodata/knative-eventing/1.14.0/6-eventing-post-install.yaml index 3da4ce05b4..965bc852ff 100644 --- a/cmd/operator/kodata/knative-eventing/1.10.0/6-eventing-post-install.yaml +++ b/cmd/operator/kodata/knative-eventing/1.14.0/6-eventing-post-install.yaml @@ -17,7 +17,7 @@ kind: ClusterRole metadata: name: knative-eventing-post-install-job-role labels: - app.kubernetes.io/version: "1.10.0" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing rules: # Storage version upgrader needs to be able to patch CRDs. @@ -138,7 +138,7 @@ metadata: name: knative-eventing-post-install-job namespace: knative-eventing labels: - app.kubernetes.io/version: "1.10.0" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing --- apiVersion: rbac.authorization.k8s.io/v1 @@ -146,7 +146,7 @@ kind: ClusterRoleBinding metadata: name: knative-eventing-post-install-job-role-binding labels: - app.kubernetes.io/version: "1.10.0" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -181,7 +181,7 @@ metadata: app: "storage-version-migration-eventing" app.kubernetes.io/name: knative-eventing app.kubernetes.io/component: storage-version-migration-job - app.kubernetes.io/version: "1.10.0" + app.kubernetes.io/version: "1.14.0" spec: ttlSecondsAfterFinished: 600 backoffLimit: 10 @@ -191,7 +191,7 @@ spec: app: "storage-version-migration-eventing" app.kubernetes.io/name: knative-eventing app.kubernetes.io/component: storage-version-migration-job - app.kubernetes.io/version: "1.10.0" + app.kubernetes.io/version: "1.14.0" annotations: sidecar.istio.io/inject: "false" spec: @@ -199,7 +199,7 @@ spec: restartPolicy: OnFailure containers: - name: migrate - image: gcr.io/knative-releases/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:8c291d300a65f5ec87200766341240fa67da1aba9df6431161f56b0e1920f934 + image: gcr.io/knative-releases/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:2afdbb002ac8b1a3f8cb072f09b6488fa37f9a33cea484c31fc74bb7e364591b args: - "apiserversources.sources.knative.dev" - "brokers.eventing.knative.dev" diff --git a/cmd/operator/kodata/knative-serving/1.10.0/1-serving-crds.yaml b/cmd/operator/kodata/knative-serving/1.10.0/1-serving-crds.yaml deleted file mode 100644 index 0396022eb4..0000000000 --- a/cmd/operator/kodata/knative-serving/1.10.0/1-serving-crds.yaml +++ /dev/null @@ -1,4260 +0,0 @@ -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: certificates.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.0" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Certificate is responsible for provisioning a SSL certificate for the given hosts. It is a Knative abstraction for various SSL certificate provisioning solutions (such as cert-manager or self-signed SSL certificate). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the Certificate. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - dnsNames - - secretName - properties: - dnsNames: - description: DNSNames is a list of DNS names the Certificate could support. The wildcard format of DNSNames (e.g. *.default.example.com) is supported. - type: array - items: - type: string - domain: - description: Domain is the top level domain of the values for DNSNames. - type: string - secretName: - description: SecretName is the name of the secret resource to store the SSL certificate in. - type: string - status: - description: 'Status is the current state of the Certificate. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - http01Challenges: - description: HTTP01Challenges is a list of HTTP01 challenges that need to be fulfilled in order to get the TLS certificate.. - type: array - items: - description: HTTP01Challenge defines the status of a HTTP01 challenge that a certificate needs to fulfill. - type: object - properties: - serviceName: - description: ServiceName is the name of the service to serve HTTP01 challenge requests. - type: string - serviceNamespace: - description: ServiceNamespace is the namespace of the service to serve HTTP01 challenge requests. - type: string - servicePort: - description: ServicePort is the port of the service to serve HTTP01 challenge requests. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - url: - description: URL is the URL that the HTTP01 challenge is expected to serve on. - type: string - notAfter: - description: The expiration time of the TLS certificate stored in the secret named by this resource in spec.secretName. - type: string - format: date-time - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Certificate - plural: certificates - singular: certificate - categories: - - knative-internal - - networking - shortNames: - - kcert - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: configurations.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" - knative.dev/crd-install: "true" - duck.knative.dev/podspecable: "true" -spec: - group: serving.knative.dev - names: - kind: Configuration - plural: configurations - singular: configuration - categories: - - all - - knative - - serving - shortNames: - - config - - cfg - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: LatestCreated - type: string - jsonPath: .status.latestCreatedRevisionName - - name: LatestReady - type: string - jsonPath: .status.latestReadyRevisionName - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'Configuration represents the "floating HEAD" of a linear history of Revisions. Users create new Revisions by updating the Configuration''s spec. The "latest created" revision''s name is available under status, as is the "latest ready" revision''s name. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#configuration' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConfigurationSpec holds the desired state of the Configuration (from the client). - type: object - properties: - template: - description: Template holds the latest specification for the Revision to be stamped out. - type: object - properties: - metadata: - type: object - properties: - annotations: - type: object - additionalProperties: - type: string - finalizers: - type: array - items: - type: string - labels: - type: object - additionalProperties: - type: string - name: - type: string - namespace: - type: string - x-kubernetes-preserve-unknown-fields: true - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - status: - description: ConfigurationStatus communicates the observed state of the Configuration (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - latestCreatedRevisionName: - description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. - type: string - latestReadyRevisionName: - description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterdomainclaims.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.0" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: ClusterDomainClaim is a cluster-wide reservation for a particular domain name. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the ClusterDomainClaim. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - namespace - properties: - namespace: - description: Namespace is the namespace which is allowed to create a DomainMapping using this ClusterDomainClaim's name. - type: string - names: - kind: ClusterDomainClaim - plural: clusterdomainclaims - singular: clusterdomainclaim - categories: - - knative-internal - - networking - shortNames: - - cdc - scope: Cluster - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: domainmappings.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" - knative.dev/crd-install: "true" -spec: - group: serving.knative.dev - versions: - - name: v1beta1 - served: true - storage: false - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - "schema": - "openAPIV3Schema": - description: DomainMapping is a mapping from a custom hostname to an Addressable. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - ref - properties: - ref: - description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." - type: object - required: - - kind - - name - properties: - address: - description: Address points to a specific Address Name. - type: string - apiVersion: - description: API version of the referent. - type: string - group: - description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - tls: - description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. - type: object - required: - - secretName - properties: - secretName: - description: SecretName is the name of the existing secret used to terminate TLS traffic. - type: string - status: - description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - address: - description: Address holds the information needed for a DomainMapping to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - url: - description: URL is the URL of this DomainMapping. - type: string - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: DomainMapping is a mapping from a custom hostname to an Addressable. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - ref - properties: - ref: - description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." - type: object - required: - - kind - - name - properties: - address: - description: Address points to a specific Address Name. - type: string - apiVersion: - description: API version of the referent. - type: string - group: - description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - tls: - description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. - type: object - required: - - secretName - properties: - secretName: - description: SecretName is the name of the existing secret used to terminate TLS traffic. - type: string - status: - description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - address: - description: Address holds the information needed for a DomainMapping to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - url: - description: URL is the URL of this DomainMapping. - type: string - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: DomainMapping - plural: domainmappings - singular: domainmapping - categories: - - all - - knative - - serving - shortNames: - - dm - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ingresses.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.0" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: "Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable URLs, load balance traffic, offer name based virtual hosting, etc. \n This is heavily based on K8s Ingress https://godoc.org/k8s.io/api/networking/v1beta1#Ingress which some highlighted modifications." - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the Ingress. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - httpOption: - description: 'HTTPOption is the option of HTTP. It has the following two values: `HTTPOptionEnabled`, `HTTPOptionRedirected`' - type: string - rules: - description: A list of host rules used to configure the Ingress. - type: array - items: - description: IngressRule represents the rules mapping the paths under a specified host to the related backend services. Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching IngressRuleValue. - type: object - properties: - hosts: - description: 'Host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the "host" part of the URI as defined in the RFC: 1. IPs are not allowed. Currently a rule value can only apply to the IP in the Spec of the parent . 2. The `:` delimiter is not respected because ports are not allowed. Currently the port of an Ingress is implicitly :80 for http and :443 for https. Both these may change in the future. If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue. If multiple matching Hosts were provided, the first rule will take precedent.' - type: array - items: - type: string - http: - description: HTTP represents a rule to apply against incoming requests. If the rule is satisfied, the request is routed to the specified backend. - type: object - required: - - paths - properties: - paths: - description: "A collection of paths that map requests to backends. \n If they are multiple matching paths, the first match takes precedence." - type: array - items: - description: HTTPIngressPath associates a path regex with a backend. Incoming URLs matching the path are forwarded to the backend. - type: object - required: - - splits - properties: - appendHeaders: - description: "AppendHeaders allow specifying additional HTTP headers to add before forwarding a request to the destination service. \n NOTE: This differs from K8s Ingress which doesn't allow header appending." - type: object - additionalProperties: - type: string - headers: - description: Headers defines header matching rules which is a map from a header name to HeaderMatch which specify a matching condition. When a request matched with all the header matching rules, the request is routed by the corresponding ingress rule. If it is empty, the headers are not used for matching - type: object - additionalProperties: - description: HeaderMatch represents a matching value of Headers in HTTPIngressPath. Currently, only the exact matching is supported. - type: object - required: - - exact - properties: - exact: - type: string - path: - description: Path represents a literal prefix to which this rule should apply. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/'. If unspecified, the path defaults to a catch all sending traffic to the backend. - type: string - rewriteHost: - description: "RewriteHost rewrites the incoming request's host header. \n This field is currently experimental and not supported by all Ingress implementations." - type: string - splits: - description: Splits defines the referenced service endpoints to which the traffic will be forwarded to. - type: array - items: - description: IngressBackendSplit describes all endpoints for a given service and port. - type: object - required: - - serviceName - - serviceNamespace - - servicePort - properties: - appendHeaders: - description: "AppendHeaders allow specifying additional HTTP headers to add before forwarding a request to the destination service. \n NOTE: This differs from K8s Ingress which doesn't allow header appending." - type: object - additionalProperties: - type: string - percent: - description: "Specifies the split percentage, a number between 0 and 100. If only one split is specified, we default to 100. \n NOTE: This differs from K8s Ingress to allow percentage split." - type: integer - serviceName: - description: Specifies the name of the referenced service. - type: string - serviceNamespace: - description: "Specifies the namespace of the referenced service. \n NOTE: This differs from K8s Ingress to allow routing to different namespaces." - type: string - servicePort: - description: Specifies the port of the referenced service. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - visibility: - description: Visibility signifies whether this rule should `ClusterLocal`. If it's not specified then it defaults to `ExternalIP`. - type: string - tls: - description: 'TLS configuration. Currently Ingress only supports a single TLS port: 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI.' - type: array - items: - description: IngressTLS describes the transport layer security associated with an Ingress. - type: object - properties: - hosts: - description: Hosts is a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified. - type: array - items: - type: string - secretName: - description: SecretName is the name of the secret used to terminate SSL traffic. - type: string - secretNamespace: - description: SecretNamespace is the namespace of the secret used to terminate SSL traffic. If not set the namespace should be assumed to be the same as the Ingress. If set the secret should have the same namespace as the Ingress otherwise the behaviour is undefined and not supported. - type: string - status: - description: 'Status is the current state of the Ingress. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - privateLoadBalancer: - description: PrivateLoadBalancer contains the current status of the load-balancer. - type: object - properties: - ingress: - description: Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points. - type: array - items: - description: 'LoadBalancerIngressStatus represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.' - type: object - properties: - domain: - description: Domain is set for load-balancer ingress points that are DNS based (typically AWS load-balancers) - type: string - domainInternal: - description: "DomainInternal is set if there is a cluster-local DNS name to access the Ingress. \n NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local DNS name to allow routing in case of not having a mesh." - type: string - ip: - description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers) - type: string - meshOnly: - description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. - type: boolean - publicLoadBalancer: - description: PublicLoadBalancer contains the current status of the load-balancer. - type: object - properties: - ingress: - description: Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points. - type: array - items: - description: 'LoadBalancerIngressStatus represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.' - type: object - properties: - domain: - description: Domain is set for load-balancer ingress points that are DNS based (typically AWS load-balancers) - type: string - domainInternal: - description: "DomainInternal is set if there is a cluster-local DNS name to access the Ingress. \n NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local DNS name to allow routing in case of not having a mesh." - type: string - ip: - description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers) - type: string - meshOnly: - description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. - type: boolean - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: Ingress - plural: ingresses - singular: ingress - categories: - - knative-internal - - networking - shortNames: - - kingress - - king - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: metrics.autoscaling.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" - knative.dev/crd-install: "true" -spec: - group: autoscaling.internal.knative.dev - names: - kind: Metric - plural: metrics - singular: metric - categories: - - knative-internal - - autoscaling - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: Metric represents a resource to configure the metric collector with. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Metric (from the client). - type: object - required: - - panicWindow - - scrapeTarget - - stableWindow - properties: - panicWindow: - description: PanicWindow is the aggregation window for metrics where quick reactions are needed. - type: integer - format: int64 - scrapeTarget: - description: ScrapeTarget is the K8s service that publishes the metric endpoint. - type: string - stableWindow: - description: StableWindow is the aggregation window for metrics in a stable state. - type: integer - format: int64 - status: - description: Status communicates the observed state of the Metric (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: podautoscalers.autoscaling.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" - knative.dev/crd-install: "true" -spec: - group: autoscaling.internal.knative.dev - names: - kind: PodAutoscaler - plural: podautoscalers - singular: podautoscaler - categories: - - knative-internal - - autoscaling - shortNames: - - kpa - - pa - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: DesiredScale - type: integer - jsonPath: ".status.desiredScale" - - name: ActualScale - type: integer - jsonPath: ".status.actualScale" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'PodAutoscaler is a Knative abstraction that encapsulates the interface by which Knative components instantiate autoscalers. This definition is an abstraction that may be backed by multiple definitions. For more information, see the Knative Pluggability presentation: https://docs.google.com/presentation/d/19vW9HFZ6Puxt31biNZF3uLRejDmu82rxJIk1cWmxF7w/edit' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the PodAutoscaler (from the client). - type: object - required: - - protocolType - - scaleTargetRef - properties: - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means unlimited concurrency. - type: integer - format: int64 - protocolType: - description: The application-layer protocol. Matches `ProtocolType` inferred from the revision spec. - type: string - reachability: - description: Reachability specifies whether or not the `ScaleTargetRef` can be reached (ie. has a route). Defaults to `ReachabilityUnknown` - type: string - scaleTargetRef: - description: ScaleTargetRef defines the /scale-able resource that this PodAutoscaler is responsible for quickly right-sizing. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - x-kubernetes-map-type: atomic - status: - description: Status communicates the observed state of the PodAutoscaler (from the controller). - type: object - required: - - metricsServiceName - - serviceName - properties: - actualScale: - description: ActualScale shows the actual number of replicas for the revision. - type: integer - format: int32 - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - desiredScale: - description: DesiredScale shows the current desired number of replicas for the revision. - type: integer - format: int32 - metricsServiceName: - description: MetricsServiceName is the K8s Service name that provides revision metrics. The service is managed by the PA object. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - serviceName: - description: ServiceName is the K8s Service name that serves the revision, scaled by this PA. The service is created and owned by the ServerlessService object owned by this PA. - type: string - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: revisions.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" - knative.dev/crd-install: "true" -spec: - group: serving.knative.dev - names: - kind: Revision - plural: revisions - singular: revision - categories: - - all - - knative - - serving - shortNames: - - rev - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Config Name - type: string - jsonPath: ".metadata.labels['serving\\.knative\\.dev/configuration']" - - name: K8s Service Name - type: string - jsonPath: ".status.serviceName" - - name: Generation - type: string # int in string form :( - jsonPath: ".metadata.labels['serving\\.knative\\.dev/configurationGeneration']" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - name: Actual Replicas - type: integer - jsonPath: ".status.actualReplicas" - - name: Desired Replicas - type: integer - jsonPath: ".status.desiredReplicas" - schema: - openAPIV3Schema: - description: "Revision is an immutable snapshot of code and configuration. A revision references a container image. Revisions are created by updates to a Configuration. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#revision" - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - status: - description: RevisionStatus communicates the observed state of the Revision (from the controller). - type: object - properties: - actualReplicas: - description: ActualReplicas reflects the amount of ready pods running this revision. - type: integer - format: int32 - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - containerStatuses: - description: 'ContainerStatuses is a slice of images present in .Spec.Container[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' - type: array - items: - description: ContainerStatus holds the information of container name and image digest value - type: object - properties: - imageDigest: - type: string - name: - type: string - desiredReplicas: - description: DesiredReplicas reflects the desired amount of pods running this revision. - type: integer - format: int32 - initContainerStatuses: - description: 'InitContainerStatuses is a slice of images present in .Spec.InitContainer[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' - type: array - items: - description: ContainerStatus holds the information of container name and image digest value - type: object - properties: - imageDigest: - type: string - name: - type: string - logUrl: - description: LogURL specifies the generated logging url for this particular revision based on the revision url template specified in the controller's config. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: routes.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" -spec: - group: serving.knative.dev - names: - kind: Route - plural: routes - singular: route - categories: - - all - - knative - - serving - shortNames: - - rt - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'Route is responsible for configuring ingress over a collection of Revisions. Some of the Revisions a Route distributes traffic over may be specified by referencing the Configuration responsible for creating them; in these cases the Route is additionally responsible for monitoring the Configuration for "latest ready revision" changes, and smoothly rolling out latest revisions. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#route' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Route (from the client). - type: object - properties: - traffic: - description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - status: - description: Status communicates the observed state of the Route (from the controller). - type: object - properties: - address: - description: Address holds the information needed for a Route to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - traffic: - description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - url: - description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} - type: string - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: serverlessservices.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.0" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'ServerlessService is a proxy for the K8s service objects containing the endpoints for the revision, whether those are endpoints of the activator or revision pods. See: https://knative.page.link/naxz for details.' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the ServerlessService. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - objectRef - - protocolType - properties: - mode: - description: Mode describes the mode of operation of the ServerlessService. - type: string - numActivators: - description: NumActivators contains number of Activators that this revision should be assigned. O means — assign all. - type: integer - format: int32 - objectRef: - description: ObjectRef defines the resource that this ServerlessService is responsible for making "serverless". - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - x-kubernetes-map-type: atomic - protocolType: - description: The application-layer protocol. Matches `RevisionProtocolType` set on the owning pa/revision. serving imports networking, so just use string. - type: string - status: - description: 'Status is the current state of the ServerlessService. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - privateServiceName: - description: PrivateServiceName holds the name of a core K8s Service resource that load balances over the user service pods backing this Revision. - type: string - serviceName: - description: ServiceName holds the name of a core K8s Service resource that load balances over the pods backing this Revision (activator or revision). - type: string - additionalPrinterColumns: - - name: Mode - type: string - jsonPath: ".spec.mode" - - name: Activators - type: integer - jsonPath: ".spec.numActivators" - - name: ServiceName - type: string - jsonPath: ".status.serviceName" - - name: PrivateServiceName - type: string - jsonPath: ".status.privateServiceName" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: ServerlessService - plural: serverlessservices - singular: serverlessservice - categories: - - knative-internal - - networking - shortNames: - - sks - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: services.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - duck.knative.dev/podspecable: "true" -spec: - group: serving.knative.dev - names: - kind: Service - plural: services - singular: service - categories: - - all - - knative - - serving - shortNames: - - kservice - - ksvc - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: LatestCreated - type: string - jsonPath: .status.latestCreatedRevisionName - - name: LatestReady - type: string - jsonPath: .status.latestReadyRevisionName - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: "Service acts as a top-level container that manages a Route and Configuration which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership. Service acts only as an orchestrator of the underlying Routes and Configurations (much as a kubernetes Deployment orchestrates ReplicaSets), and its usage is optional but recommended. \n The Service's controller will track the statuses of its owned Configuration and Route, reflecting their statuses and conditions as its own. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#service" - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ServiceSpec represents the configuration for the Service object. A Service's specification is the union of the specifications for a Route and Configuration. The Service restricts what can be expressed in these fields, e.g. the Route must reference the provided Configuration; however, these limitations also enable friendlier defaulting, e.g. Route never needs a Configuration name, and may be defaulted to the appropriate "run latest" spec. - type: object - properties: - template: - description: Template holds the latest specification for the Revision to be stamped out. - type: object - properties: - metadata: - type: object - properties: - annotations: - type: object - additionalProperties: - type: string - finalizers: - type: array - items: - type: string - labels: - type: object - additionalProperties: - type: string - name: - type: string - namespace: - type: string - x-kubernetes-preserve-unknown-fields: true - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - traffic: - description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - status: - description: ServiceStatus represents the Status stanza of the Service resource. - type: object - properties: - address: - description: Address holds the information needed for a Route to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - latestCreatedRevisionName: - description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. - type: string - latestReadyRevisionName: - description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - traffic: - description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - url: - description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} - type: string - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: images.caching.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" - knative.dev/crd-install: "true" -spec: - group: caching.internal.knative.dev - names: - kind: Image - plural: images - singular: image - categories: - - knative-internal - - caching - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Image is a Knative abstraction that encapsulates the interface by which Knative components express a desire to have a particular image cached. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Image (from the client). - type: object - required: - - image - properties: - image: - description: Image is the name of the container image url to cache across the cluster. - type: string - imagePullSecrets: - description: ImagePullSecrets contains the names of the Kubernetes Secrets containing login information used by the Pods which will run this container. - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - serviceAccountName: - description: 'ServiceAccountName is the name of the Kubernetes ServiceAccount as which the Pods will run this container. This is potentially used to authenticate the image pull if the service account has attached pull secrets. For more information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account' - type: string - status: - description: Status communicates the observed state of the Image (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: Image - type: string - jsonPath: .spec.image - ---- diff --git a/cmd/operator/kodata/knative-serving/1.10.0/2-serving-core.yaml b/cmd/operator/kodata/knative-serving/1.10.0/2-serving-core.yaml deleted file mode 100644 index 2969d4a96a..0000000000 --- a/cmd/operator/kodata/knative-serving/1.10.0/2-serving-core.yaml +++ /dev/null @@ -1,7203 +0,0 @@ -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Namespace -metadata: - name: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Use this aggregated ClusterRole when you need readonly access to "Addressables" -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - # Named like this to avoid clashing with eventing's existing `addressable-resolver` role - # (which should be identical, but isn't guaranteed to be installed alongside serving). - name: knative-serving-aggregated-addressable-resolver - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-serving -aggregationRule: - clusterRoleSelectors: - - matchLabels: - duck.knative.dev/addressable: "true" ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-addressable-resolver - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-serving - # Labeled to facilitate aggregated cluster roles that act on Addressables. - duck.knative.dev/addressable: "true" -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - serving.knative.dev - resources: - - routes - - routes/status - - services - - services/status - verbs: - - get - - list - - watch - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-namespaced-admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-serving -rules: - - apiGroups: ["serving.knative.dev"] - resources: ["*"] - verbs: ["*"] - - apiGroups: ["networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] - resources: ["*"] - verbs: ["get", "list", "watch"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-namespaced-edit - labels: - rbac.authorization.k8s.io/aggregate-to-edit: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-serving -rules: - - apiGroups: ["serving.knative.dev"] - resources: ["*"] - verbs: ["create", "update", "patch", "delete"] - - apiGroups: ["networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] - resources: ["*"] - verbs: ["get", "list", "watch"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-namespaced-view - labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-serving -rules: - - apiGroups: ["serving.knative.dev", "networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] - resources: ["*"] - verbs: ["get", "list", "watch"] - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-core - labels: - serving.knative.dev/controller: "true" - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-serving -rules: - - apiGroups: [""] - resources: ["pods", "namespaces", "secrets", "configmaps", "endpoints", "services", "events", "serviceaccounts"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: [""] - resources: ["endpoints/restricted"] # Permission for RestrictedEndpointsAdmission - verbs: ["create"] - - apiGroups: [""] - resources: ["namespaces/finalizers"] # finalizers are needed for the owner reference of the webhook - verbs: ["update"] - - apiGroups: ["apps"] - resources: ["deployments", "deployments/finalizers"] # finalizers are needed for the owner reference of the webhook - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions", "customresourcedefinitions/status"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["autoscaling"] - resources: ["horizontalpodautoscalers"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["serving.knative.dev", "autoscaling.internal.knative.dev", "networking.internal.knative.dev"] - resources: ["*", "*/status", "*/finalizers"] - verbs: ["get", "list", "create", "update", "delete", "deletecollection", "patch", "watch"] - - apiGroups: ["caching.internal.knative.dev"] - resources: ["images"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-podspecable-binding - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-serving - # Labeled to facilitate aggregated cluster roles that act on PodSpecables. - duck.knative.dev/podspecable: "true" -# Do not use this role directly. These rules will be added to the "podspecable-binder" role. -rules: - - apiGroups: - - serving.knative.dev - resources: - - configurations - - services - verbs: - - list - - watch - - patch - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: controller - namespace: knative-serving - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-admin - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" -aggregationRule: - clusterRoleSelectors: - - matchLabels: - serving.knative.dev/controller: "true" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-serving-controller-admin - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" -subjects: - - kind: ServiceAccount - name: controller - namespace: knative-serving -roleRef: - kind: ClusterRole - name: knative-serving-admin - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-serving-controller-addressable-resolver - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" -subjects: - - kind: ServiceAccount - name: controller - namespace: knative-serving -roleRef: - kind: ClusterRole - name: knative-serving-aggregated-addressable-resolver - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: images.caching.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" - knative.dev/crd-install: "true" -spec: - group: caching.internal.knative.dev - names: - kind: Image - plural: images - singular: image - categories: - - knative-internal - - caching - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Image is a Knative abstraction that encapsulates the interface by which Knative components express a desire to have a particular image cached. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Image (from the client). - type: object - required: - - image - properties: - image: - description: Image is the name of the container image url to cache across the cluster. - type: string - imagePullSecrets: - description: ImagePullSecrets contains the names of the Kubernetes Secrets containing login information used by the Pods which will run this container. - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - serviceAccountName: - description: 'ServiceAccountName is the name of the Kubernetes ServiceAccount as which the Pods will run this container. This is potentially used to authenticate the image pull if the service account has attached pull secrets. For more information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account' - type: string - status: - description: Status communicates the observed state of the Image (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: Image - type: string - jsonPath: .spec.image - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: certificates.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.0" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Certificate is responsible for provisioning a SSL certificate for the given hosts. It is a Knative abstraction for various SSL certificate provisioning solutions (such as cert-manager or self-signed SSL certificate). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the Certificate. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - dnsNames - - secretName - properties: - dnsNames: - description: DNSNames is a list of DNS names the Certificate could support. The wildcard format of DNSNames (e.g. *.default.example.com) is supported. - type: array - items: - type: string - domain: - description: Domain is the top level domain of the values for DNSNames. - type: string - secretName: - description: SecretName is the name of the secret resource to store the SSL certificate in. - type: string - status: - description: 'Status is the current state of the Certificate. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - http01Challenges: - description: HTTP01Challenges is a list of HTTP01 challenges that need to be fulfilled in order to get the TLS certificate.. - type: array - items: - description: HTTP01Challenge defines the status of a HTTP01 challenge that a certificate needs to fulfill. - type: object - properties: - serviceName: - description: ServiceName is the name of the service to serve HTTP01 challenge requests. - type: string - serviceNamespace: - description: ServiceNamespace is the namespace of the service to serve HTTP01 challenge requests. - type: string - servicePort: - description: ServicePort is the port of the service to serve HTTP01 challenge requests. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - url: - description: URL is the URL that the HTTP01 challenge is expected to serve on. - type: string - notAfter: - description: The expiration time of the TLS certificate stored in the secret named by this resource in spec.secretName. - type: string - format: date-time - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Certificate - plural: certificates - singular: certificate - categories: - - knative-internal - - networking - shortNames: - - kcert - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: configurations.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" - knative.dev/crd-install: "true" - duck.knative.dev/podspecable: "true" -spec: - group: serving.knative.dev - names: - kind: Configuration - plural: configurations - singular: configuration - categories: - - all - - knative - - serving - shortNames: - - config - - cfg - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: LatestCreated - type: string - jsonPath: .status.latestCreatedRevisionName - - name: LatestReady - type: string - jsonPath: .status.latestReadyRevisionName - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'Configuration represents the "floating HEAD" of a linear history of Revisions. Users create new Revisions by updating the Configuration''s spec. The "latest created" revision''s name is available under status, as is the "latest ready" revision''s name. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#configuration' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConfigurationSpec holds the desired state of the Configuration (from the client). - type: object - properties: - template: - description: Template holds the latest specification for the Revision to be stamped out. - type: object - properties: - metadata: - type: object - properties: - annotations: - type: object - additionalProperties: - type: string - finalizers: - type: array - items: - type: string - labels: - type: object - additionalProperties: - type: string - name: - type: string - namespace: - type: string - x-kubernetes-preserve-unknown-fields: true - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - status: - description: ConfigurationStatus communicates the observed state of the Configuration (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - latestCreatedRevisionName: - description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. - type: string - latestReadyRevisionName: - description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterdomainclaims.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.0" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: ClusterDomainClaim is a cluster-wide reservation for a particular domain name. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the ClusterDomainClaim. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - namespace - properties: - namespace: - description: Namespace is the namespace which is allowed to create a DomainMapping using this ClusterDomainClaim's name. - type: string - names: - kind: ClusterDomainClaim - plural: clusterdomainclaims - singular: clusterdomainclaim - categories: - - knative-internal - - networking - shortNames: - - cdc - scope: Cluster - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: domainmappings.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" - knative.dev/crd-install: "true" -spec: - group: serving.knative.dev - versions: - - name: v1beta1 - served: true - storage: false - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - "schema": - "openAPIV3Schema": - description: DomainMapping is a mapping from a custom hostname to an Addressable. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - ref - properties: - ref: - description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." - type: object - required: - - kind - - name - properties: - address: - description: Address points to a specific Address Name. - type: string - apiVersion: - description: API version of the referent. - type: string - group: - description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - tls: - description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. - type: object - required: - - secretName - properties: - secretName: - description: SecretName is the name of the existing secret used to terminate TLS traffic. - type: string - status: - description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - address: - description: Address holds the information needed for a DomainMapping to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - url: - description: URL is the URL of this DomainMapping. - type: string - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: DomainMapping is a mapping from a custom hostname to an Addressable. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - ref - properties: - ref: - description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." - type: object - required: - - kind - - name - properties: - address: - description: Address points to a specific Address Name. - type: string - apiVersion: - description: API version of the referent. - type: string - group: - description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - tls: - description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. - type: object - required: - - secretName - properties: - secretName: - description: SecretName is the name of the existing secret used to terminate TLS traffic. - type: string - status: - description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - address: - description: Address holds the information needed for a DomainMapping to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - url: - description: URL is the URL of this DomainMapping. - type: string - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: DomainMapping - plural: domainmappings - singular: domainmapping - categories: - - all - - knative - - serving - shortNames: - - dm - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ingresses.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.0" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: "Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable URLs, load balance traffic, offer name based virtual hosting, etc. \n This is heavily based on K8s Ingress https://godoc.org/k8s.io/api/networking/v1beta1#Ingress which some highlighted modifications." - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the Ingress. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - httpOption: - description: 'HTTPOption is the option of HTTP. It has the following two values: `HTTPOptionEnabled`, `HTTPOptionRedirected`' - type: string - rules: - description: A list of host rules used to configure the Ingress. - type: array - items: - description: IngressRule represents the rules mapping the paths under a specified host to the related backend services. Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching IngressRuleValue. - type: object - properties: - hosts: - description: 'Host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the "host" part of the URI as defined in the RFC: 1. IPs are not allowed. Currently a rule value can only apply to the IP in the Spec of the parent . 2. The `:` delimiter is not respected because ports are not allowed. Currently the port of an Ingress is implicitly :80 for http and :443 for https. Both these may change in the future. If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue. If multiple matching Hosts were provided, the first rule will take precedent.' - type: array - items: - type: string - http: - description: HTTP represents a rule to apply against incoming requests. If the rule is satisfied, the request is routed to the specified backend. - type: object - required: - - paths - properties: - paths: - description: "A collection of paths that map requests to backends. \n If they are multiple matching paths, the first match takes precedence." - type: array - items: - description: HTTPIngressPath associates a path regex with a backend. Incoming URLs matching the path are forwarded to the backend. - type: object - required: - - splits - properties: - appendHeaders: - description: "AppendHeaders allow specifying additional HTTP headers to add before forwarding a request to the destination service. \n NOTE: This differs from K8s Ingress which doesn't allow header appending." - type: object - additionalProperties: - type: string - headers: - description: Headers defines header matching rules which is a map from a header name to HeaderMatch which specify a matching condition. When a request matched with all the header matching rules, the request is routed by the corresponding ingress rule. If it is empty, the headers are not used for matching - type: object - additionalProperties: - description: HeaderMatch represents a matching value of Headers in HTTPIngressPath. Currently, only the exact matching is supported. - type: object - required: - - exact - properties: - exact: - type: string - path: - description: Path represents a literal prefix to which this rule should apply. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/'. If unspecified, the path defaults to a catch all sending traffic to the backend. - type: string - rewriteHost: - description: "RewriteHost rewrites the incoming request's host header. \n This field is currently experimental and not supported by all Ingress implementations." - type: string - splits: - description: Splits defines the referenced service endpoints to which the traffic will be forwarded to. - type: array - items: - description: IngressBackendSplit describes all endpoints for a given service and port. - type: object - required: - - serviceName - - serviceNamespace - - servicePort - properties: - appendHeaders: - description: "AppendHeaders allow specifying additional HTTP headers to add before forwarding a request to the destination service. \n NOTE: This differs from K8s Ingress which doesn't allow header appending." - type: object - additionalProperties: - type: string - percent: - description: "Specifies the split percentage, a number between 0 and 100. If only one split is specified, we default to 100. \n NOTE: This differs from K8s Ingress to allow percentage split." - type: integer - serviceName: - description: Specifies the name of the referenced service. - type: string - serviceNamespace: - description: "Specifies the namespace of the referenced service. \n NOTE: This differs from K8s Ingress to allow routing to different namespaces." - type: string - servicePort: - description: Specifies the port of the referenced service. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - visibility: - description: Visibility signifies whether this rule should `ClusterLocal`. If it's not specified then it defaults to `ExternalIP`. - type: string - tls: - description: 'TLS configuration. Currently Ingress only supports a single TLS port: 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI.' - type: array - items: - description: IngressTLS describes the transport layer security associated with an Ingress. - type: object - properties: - hosts: - description: Hosts is a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified. - type: array - items: - type: string - secretName: - description: SecretName is the name of the secret used to terminate SSL traffic. - type: string - secretNamespace: - description: SecretNamespace is the namespace of the secret used to terminate SSL traffic. If not set the namespace should be assumed to be the same as the Ingress. If set the secret should have the same namespace as the Ingress otherwise the behaviour is undefined and not supported. - type: string - status: - description: 'Status is the current state of the Ingress. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - privateLoadBalancer: - description: PrivateLoadBalancer contains the current status of the load-balancer. - type: object - properties: - ingress: - description: Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points. - type: array - items: - description: 'LoadBalancerIngressStatus represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.' - type: object - properties: - domain: - description: Domain is set for load-balancer ingress points that are DNS based (typically AWS load-balancers) - type: string - domainInternal: - description: "DomainInternal is set if there is a cluster-local DNS name to access the Ingress. \n NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local DNS name to allow routing in case of not having a mesh." - type: string - ip: - description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers) - type: string - meshOnly: - description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. - type: boolean - publicLoadBalancer: - description: PublicLoadBalancer contains the current status of the load-balancer. - type: object - properties: - ingress: - description: Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points. - type: array - items: - description: 'LoadBalancerIngressStatus represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.' - type: object - properties: - domain: - description: Domain is set for load-balancer ingress points that are DNS based (typically AWS load-balancers) - type: string - domainInternal: - description: "DomainInternal is set if there is a cluster-local DNS name to access the Ingress. \n NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local DNS name to allow routing in case of not having a mesh." - type: string - ip: - description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers) - type: string - meshOnly: - description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. - type: boolean - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: Ingress - plural: ingresses - singular: ingress - categories: - - knative-internal - - networking - shortNames: - - kingress - - king - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: metrics.autoscaling.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" - knative.dev/crd-install: "true" -spec: - group: autoscaling.internal.knative.dev - names: - kind: Metric - plural: metrics - singular: metric - categories: - - knative-internal - - autoscaling - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: Metric represents a resource to configure the metric collector with. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Metric (from the client). - type: object - required: - - panicWindow - - scrapeTarget - - stableWindow - properties: - panicWindow: - description: PanicWindow is the aggregation window for metrics where quick reactions are needed. - type: integer - format: int64 - scrapeTarget: - description: ScrapeTarget is the K8s service that publishes the metric endpoint. - type: string - stableWindow: - description: StableWindow is the aggregation window for metrics in a stable state. - type: integer - format: int64 - status: - description: Status communicates the observed state of the Metric (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: podautoscalers.autoscaling.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" - knative.dev/crd-install: "true" -spec: - group: autoscaling.internal.knative.dev - names: - kind: PodAutoscaler - plural: podautoscalers - singular: podautoscaler - categories: - - knative-internal - - autoscaling - shortNames: - - kpa - - pa - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: DesiredScale - type: integer - jsonPath: ".status.desiredScale" - - name: ActualScale - type: integer - jsonPath: ".status.actualScale" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'PodAutoscaler is a Knative abstraction that encapsulates the interface by which Knative components instantiate autoscalers. This definition is an abstraction that may be backed by multiple definitions. For more information, see the Knative Pluggability presentation: https://docs.google.com/presentation/d/19vW9HFZ6Puxt31biNZF3uLRejDmu82rxJIk1cWmxF7w/edit' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the PodAutoscaler (from the client). - type: object - required: - - protocolType - - scaleTargetRef - properties: - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means unlimited concurrency. - type: integer - format: int64 - protocolType: - description: The application-layer protocol. Matches `ProtocolType` inferred from the revision spec. - type: string - reachability: - description: Reachability specifies whether or not the `ScaleTargetRef` can be reached (ie. has a route). Defaults to `ReachabilityUnknown` - type: string - scaleTargetRef: - description: ScaleTargetRef defines the /scale-able resource that this PodAutoscaler is responsible for quickly right-sizing. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - x-kubernetes-map-type: atomic - status: - description: Status communicates the observed state of the PodAutoscaler (from the controller). - type: object - required: - - metricsServiceName - - serviceName - properties: - actualScale: - description: ActualScale shows the actual number of replicas for the revision. - type: integer - format: int32 - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - desiredScale: - description: DesiredScale shows the current desired number of replicas for the revision. - type: integer - format: int32 - metricsServiceName: - description: MetricsServiceName is the K8s Service name that provides revision metrics. The service is managed by the PA object. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - serviceName: - description: ServiceName is the K8s Service name that serves the revision, scaled by this PA. The service is created and owned by the ServerlessService object owned by this PA. - type: string - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: revisions.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" - knative.dev/crd-install: "true" -spec: - group: serving.knative.dev - names: - kind: Revision - plural: revisions - singular: revision - categories: - - all - - knative - - serving - shortNames: - - rev - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Config Name - type: string - jsonPath: ".metadata.labels['serving\\.knative\\.dev/configuration']" - - name: K8s Service Name - type: string - jsonPath: ".status.serviceName" - - name: Generation - type: string # int in string form :( - jsonPath: ".metadata.labels['serving\\.knative\\.dev/configurationGeneration']" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - name: Actual Replicas - type: integer - jsonPath: ".status.actualReplicas" - - name: Desired Replicas - type: integer - jsonPath: ".status.desiredReplicas" - schema: - openAPIV3Schema: - description: "Revision is an immutable snapshot of code and configuration. A revision references a container image. Revisions are created by updates to a Configuration. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#revision" - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - status: - description: RevisionStatus communicates the observed state of the Revision (from the controller). - type: object - properties: - actualReplicas: - description: ActualReplicas reflects the amount of ready pods running this revision. - type: integer - format: int32 - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - containerStatuses: - description: 'ContainerStatuses is a slice of images present in .Spec.Container[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' - type: array - items: - description: ContainerStatus holds the information of container name and image digest value - type: object - properties: - imageDigest: - type: string - name: - type: string - desiredReplicas: - description: DesiredReplicas reflects the desired amount of pods running this revision. - type: integer - format: int32 - initContainerStatuses: - description: 'InitContainerStatuses is a slice of images present in .Spec.InitContainer[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' - type: array - items: - description: ContainerStatus holds the information of container name and image digest value - type: object - properties: - imageDigest: - type: string - name: - type: string - logUrl: - description: LogURL specifies the generated logging url for this particular revision based on the revision url template specified in the controller's config. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: routes.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" -spec: - group: serving.knative.dev - names: - kind: Route - plural: routes - singular: route - categories: - - all - - knative - - serving - shortNames: - - rt - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'Route is responsible for configuring ingress over a collection of Revisions. Some of the Revisions a Route distributes traffic over may be specified by referencing the Configuration responsible for creating them; in these cases the Route is additionally responsible for monitoring the Configuration for "latest ready revision" changes, and smoothly rolling out latest revisions. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#route' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Route (from the client). - type: object - properties: - traffic: - description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - status: - description: Status communicates the observed state of the Route (from the controller). - type: object - properties: - address: - description: Address holds the information needed for a Route to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - traffic: - description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - url: - description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} - type: string - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: serverlessservices.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.0" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'ServerlessService is a proxy for the K8s service objects containing the endpoints for the revision, whether those are endpoints of the activator or revision pods. See: https://knative.page.link/naxz for details.' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the ServerlessService. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - objectRef - - protocolType - properties: - mode: - description: Mode describes the mode of operation of the ServerlessService. - type: string - numActivators: - description: NumActivators contains number of Activators that this revision should be assigned. O means — assign all. - type: integer - format: int32 - objectRef: - description: ObjectRef defines the resource that this ServerlessService is responsible for making "serverless". - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - x-kubernetes-map-type: atomic - protocolType: - description: The application-layer protocol. Matches `RevisionProtocolType` set on the owning pa/revision. serving imports networking, so just use string. - type: string - status: - description: 'Status is the current state of the ServerlessService. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - privateServiceName: - description: PrivateServiceName holds the name of a core K8s Service resource that load balances over the user service pods backing this Revision. - type: string - serviceName: - description: ServiceName holds the name of a core K8s Service resource that load balances over the pods backing this Revision (activator or revision). - type: string - additionalPrinterColumns: - - name: Mode - type: string - jsonPath: ".spec.mode" - - name: Activators - type: integer - jsonPath: ".spec.numActivators" - - name: ServiceName - type: string - jsonPath: ".status.serviceName" - - name: PrivateServiceName - type: string - jsonPath: ".status.privateServiceName" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: ServerlessService - plural: serverlessservices - singular: serverlessservice - categories: - - knative-internal - - networking - shortNames: - - sks - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: services.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - duck.knative.dev/podspecable: "true" -spec: - group: serving.knative.dev - names: - kind: Service - plural: services - singular: service - categories: - - all - - knative - - serving - shortNames: - - kservice - - ksvc - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: LatestCreated - type: string - jsonPath: .status.latestCreatedRevisionName - - name: LatestReady - type: string - jsonPath: .status.latestReadyRevisionName - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: "Service acts as a top-level container that manages a Route and Configuration which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership. Service acts only as an orchestrator of the underlying Routes and Configurations (much as a kubernetes Deployment orchestrates ReplicaSets), and its usage is optional but recommended. \n The Service's controller will track the statuses of its owned Configuration and Route, reflecting their statuses and conditions as its own. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#service" - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ServiceSpec represents the configuration for the Service object. A Service's specification is the union of the specifications for a Route and Configuration. The Service restricts what can be expressed in these fields, e.g. the Route must reference the provided Configuration; however, these limitations also enable friendlier defaulting, e.g. Route never needs a Configuration name, and may be defaulted to the appropriate "run latest" spec. - type: object - properties: - template: - description: Template holds the latest specification for the Revision to be stamped out. - type: object - properties: - metadata: - type: object - properties: - annotations: - type: object - additionalProperties: - type: string - finalizers: - type: array - items: - type: string - labels: - type: object - additionalProperties: - type: string - name: - type: string - namespace: - type: string - x-kubernetes-preserve-unknown-fields: true - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - traffic: - description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - status: - description: ServiceStatus represents the Status stanza of the Service resource. - type: object - properties: - address: - description: Address holds the information needed for a Route to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - latestCreatedRevisionName: - description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. - type: string - latestReadyRevisionName: - description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - traffic: - description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - url: - description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} - type: string - ---- -# Copyright 2022 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - # Do not drop -ctrl-ca suffix as control-protocol requires it. - # https://github.com/knative-sandbox/control-protocol/blob/main/pkg/certificates/reconciler/controller.go - name: serving-certs-ctrl-ca - namespace: knative-serving - labels: - serving-certs-ctrl: "data-plane" - networking.internal.knative.dev/certificate-uid: "serving-certs" - -# The data is populated when internal-encryption is enabled. ---- -apiVersion: v1 -kind: Secret -metadata: - name: knative-serving-certs - namespace: knative-serving - labels: - serving-certs-ctrl: "data-plane" - networking.internal.knative.dev/certificate-uid: "serving-certs" - -# The data is populated when internal-encryption is enabled. ---- -apiVersion: v1 -kind: Secret -metadata: - name: control-serving-certs - namespace: knative-serving - labels: - serving-certs-ctrl: "control-plane" - networking.internal.knative.dev/certificate-uid: "serving-certs" - -# The data is populated when internal-encryption is enabled. ---- -apiVersion: v1 -kind: Secret -metadata: - name: routing-serving-certs - namespace: knative-serving - labels: - serving-certs-ctrl: "data-plane-routing" - routing-id: "0" - networking.internal.knative.dev/certificate-uid: "serving-certs" -# The data is populated when internal-encryption is enabled. - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: caching.internal.knative.dev/v1alpha1 -kind: Image -metadata: - name: queue-proxy - namespace: knative-serving - labels: - app.kubernetes.io/component: queue-proxy - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" -spec: - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:05f7dabe3447d22099172c17c0903cdcbc7c386cc32aa871ae49f22e8f3e85d7 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-autoscaler - namespace: knative-serving - labels: - app.kubernetes.io/component: autoscaler - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" - annotations: - knative.dev/example-checksum: "47c2487f" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # The Revision ContainerConcurrency field specifies the maximum number - # of requests the Container can handle at once. Container concurrency - # target percentage is how much of that maximum to use in a stable - # state. E.g. if a Revision specifies ContainerConcurrency of 10, then - # the Autoscaler will try to maintain 7 concurrent connections per pod - # on average. - # Note: this limit will be applied to container concurrency set at every - # level (ConfigMap, Revision Spec or Annotation). - # For legacy and backwards compatibility reasons, this value also accepts - # fractional values in (0, 1] interval (i.e. 0.7 ⇒ 70%). - # Thus minimal percentage value must be greater than 1.0, or it will be - # treated as a fraction. - # NOTE: that this value does not affect actual number of concurrent requests - # the user container may receive, but only the average number of requests - # that the revision pods will receive. - container-concurrency-target-percentage: "70" - - # The container concurrency target default is what the Autoscaler will - # try to maintain when concurrency is used as the scaling metric for the - # Revision and the Revision specifies unlimited concurrency. - # When revision explicitly specifies container concurrency, that value - # will be used as a scaling target for autoscaler. - # When specifying unlimited concurrency, the autoscaler will - # horizontally scale the application based on this target concurrency. - # This is what we call "soft limit" in the documentation, i.e. it only - # affects number of pods and does not affect the number of requests - # individual pod processes. - # The value must be a positive number such that the value multiplied - # by container-concurrency-target-percentage is greater than 0.01. - # NOTE: that this value will be adjusted by application of - # container-concurrency-target-percentage, i.e. by default - # the system will target on average 70 concurrent requests - # per revision pod. - # NOTE: Only one metric can be used for autoscaling a Revision. - container-concurrency-target-default: "100" - - # The requests per second (RPS) target default is what the Autoscaler will - # try to maintain when RPS is used as the scaling metric for a Revision and - # the Revision specifies unlimited RPS. Even when specifying unlimited RPS, - # the autoscaler will horizontally scale the application based on this - # target RPS. - # Must be greater than 1.0. - # NOTE: Only one metric can be used for autoscaling a Revision. - requests-per-second-target-default: "200" - - # The target burst capacity specifies the size of burst in concurrent - # requests that the system operator expects the system will receive. - # Autoscaler will try to protect the system from queueing by introducing - # Activator in the request path if the current spare capacity of the - # service is less than this setting. - # If this setting is 0, then Activator will be in the request path only - # when the revision is scaled to 0. - # If this setting is > 0 and container-concurrency-target-percentage is - # 100% or 1.0, then activator will always be in the request path. - # -1 denotes unlimited target-burst-capacity and activator will always - # be in the request path. - # Other negative values are invalid. - target-burst-capacity: "211" - - # When operating in a stable mode, the autoscaler operates on the - # average concurrency over the stable window. - # Stable window must be in whole seconds. - stable-window: "60s" - - # When observed average concurrency during the panic window reaches - # panic-threshold-percentage the target concurrency, the autoscaler - # enters panic mode. When operating in panic mode, the autoscaler - # scales on the average concurrency over the panic window which is - # panic-window-percentage of the stable-window. - # Must be in the [1, 100] range. - # When computing the panic window it will be rounded to the closest - # whole second, at least 1s. - panic-window-percentage: "10.0" - - # The percentage of the container concurrency target at which to - # enter panic mode when reached within the panic window. - panic-threshold-percentage: "200.0" - - # Max scale up rate limits the rate at which the autoscaler will - # increase pod count. It is the maximum ratio of desired pods versus - # observed pods. - # Cannot be less or equal to 1. - # I.e with value of 2.0 the number of pods can at most go N to 2N - # over single Autoscaler period (2s), but at least N to - # N+1, if Autoscaler needs to scale up. - max-scale-up-rate: "1000.0" - - # Max scale down rate limits the rate at which the autoscaler will - # decrease pod count. It is the maximum ratio of observed pods versus - # desired pods. - # Cannot be less or equal to 1. - # I.e. with value of 2.0 the number of pods can at most go N to N/2 - # over single Autoscaler evaluation period (2s), but at - # least N to N-1, if Autoscaler needs to scale down. - max-scale-down-rate: "2.0" - - # Scale to zero feature flag. - enable-scale-to-zero: "true" - - # Scale to zero grace period is the time an inactive revision is left - # running before it is scaled to zero (must be positive, but recommended - # at least a few seconds if running with mesh networking). - # This is the upper limit and is provided not to enforce timeout after - # the revision stopped receiving requests for stable window, but to - # ensure network reprogramming to put activator in the path has completed. - # If the system determines that a shorter period is satisfactory, - # then the system will only wait that amount of time before scaling to 0. - # NOTE: this period might actually be 0, if activator has been - # in the request path sufficiently long. - # If there is necessity for the last pod to linger longer use - # scale-to-zero-pod-retention-period flag. - scale-to-zero-grace-period: "30s" - - # Scale to zero pod retention period defines the minimum amount - # of time the last pod will remain after Autoscaler has decided to - # scale to zero. - # This flag is for the situations where the pod startup is very expensive - # and the traffic is bursty (requiring smaller windows for fast action), - # but patchy. - # The larger of this flag and `scale-to-zero-grace-period` will effectively - # determine how the last pod will hang around. - scale-to-zero-pod-retention-period: "0s" - - # pod-autoscaler-class specifies the default pod autoscaler class - # that should be used if none is specified. If omitted, - # the Knative Pod Autoscaler (KPA) is used by default. - pod-autoscaler-class: "kpa.autoscaling.knative.dev" - - # The capacity of a single activator task. - # The `unit` is one concurrent request proxied by the activator. - # activator-capacity must be at least 1. - # This value is used for computation of the Activator subset size. - # See the algorithm here: http://bit.ly/38XiCZ3. - # TODO(vagababov): tune after actual benchmarking. - activator-capacity: "100.0" - - # initial-scale is the cluster-wide default value for the initial target - # scale of a revision after creation, unless overridden by the - # "autoscaling.knative.dev/initialScale" annotation. - # This value must be greater than 0 unless allow-zero-initial-scale is true. - initial-scale: "1" - - # allow-zero-initial-scale controls whether either the cluster-wide initial-scale flag, - # or the "autoscaling.knative.dev/initialScale" annotation, can be set to 0. - allow-zero-initial-scale: "false" - - # min-scale is the cluster-wide default value for the min scale of a revision, - # unless overridden by the "autoscaling.knative.dev/minScale" annotation. - min-scale: "0" - - # max-scale is the cluster-wide default value for the max scale of a revision, - # unless overridden by the "autoscaling.knative.dev/maxScale" annotation. - # If set to 0, the revision has no maximum scale. - max-scale: "0" - - # scale-down-delay is the amount of time that must pass at reduced - # concurrency before a scale down decision is applied. This can be useful, - # for example, to maintain replica count and avoid a cold start penalty if - # more requests come in within the scale down delay period. - # The default, 0s, imposes no delay at all. - scale-down-delay: "0s" - - # max-scale-limit sets the maximum permitted value for the max scale of a revision. - # When this is set to a positive value, a revision with a maxScale above that value - # (including a maxScale of "0" = unlimited) is disallowed. - # A value of zero (the default) allows any limit, including unlimited. - max-scale-limit: "0" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-defaults - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.0" - annotations: - knative.dev/example-checksum: "e7973912" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # revision-timeout-seconds contains the default number of - # seconds to use for the revision's per-request timeout, if - # none is specified. - revision-timeout-seconds: "300" # 5 minutes - - # max-revision-timeout-seconds contains the maximum number of - # seconds that can be used for revision-timeout-seconds. - # This value must be greater than or equal to revision-timeout-seconds. - # If omitted, the system default is used (600 seconds). - # - # If this value is increased, the activator's terminationGraceTimeSeconds - # should also be increased to prevent in-flight requests being disrupted. - max-revision-timeout-seconds: "600" # 10 minutes - - # revision-response-start-timeout-seconds contains the default number of - # seconds a request will be allowed to stay open while waiting to - # receive any bytes from the user's application, if none is specified. - # - # This defaults to 'revision-timeout-seconds' - revision-response-start-timeout-seconds: "300" - - # revision-idle-timeout-seconds contains the default number of - # seconds a request will be allowed to stay open while not receiving any - # bytes from the user's application, if none is specified. - revision-idle-timeout-seconds: "0" # infinite - - # revision-cpu-request contains the cpu allocation to assign - # to revisions by default. If omitted, no value is specified - # and the system default is used. - # Below is an example of setting revision-cpu-request. - # By default, it is not set by Knative. - revision-cpu-request: "400m" # 0.4 of a CPU (aka 400 milli-CPU) - - # revision-memory-request contains the memory allocation to assign - # to revisions by default. If omitted, no value is specified - # and the system default is used. - # Below is an example of setting revision-memory-request. - # By default, it is not set by Knative. - revision-memory-request: "100M" # 100 megabytes of memory - - # revision-ephemeral-storage-request contains the ephemeral storage - # allocation to assign to revisions by default. If omitted, no value is - # specified and the system default is used. - revision-ephemeral-storage-request: "500M" # 500 megabytes of storage - - # revision-cpu-limit contains the cpu allocation to limit - # revisions to by default. If omitted, no value is specified - # and the system default is used. - # Below is an example of setting revision-cpu-limit. - # By default, it is not set by Knative. - revision-cpu-limit: "1000m" # 1 CPU (aka 1000 milli-CPU) - - # revision-memory-limit contains the memory allocation to limit - # revisions to by default. If omitted, no value is specified - # and the system default is used. - # Below is an example of setting revision-memory-limit. - # By default, it is not set by Knative. - revision-memory-limit: "200M" # 200 megabytes of memory - - # revision-ephemeral-storage-limit contains the ephemeral storage - # allocation to limit revisions to by default. If omitted, no value is - # specified and the system default is used. - revision-ephemeral-storage-limit: "750M" # 750 megabytes of storage - - # container-name-template contains a template for the default - # container name, if none is specified. This field supports - # Go templating and is supplied with the ObjectMeta of the - # enclosing Service or Configuration, so values such as - # {{.Name}} are also valid. - container-name-template: "user-container" - - # init-container-name-template contains a template for the default - # init container name, if none is specified. This field supports - # Go templating and is supplied with the ObjectMeta of the - # enclosing Service or Configuration, so values such as - # {{.Name}} are also valid. - init-container-name-template: "init-container" - - # container-concurrency specifies the maximum number - # of requests the Container can handle at once, and requests - # above this threshold are queued. Setting a value of zero - # disables this throttling and lets through as many requests as - # the pod receives. - container-concurrency: "0" - - # The container concurrency max limit is an operator setting ensuring that - # the individual revisions cannot have arbitrary large concurrency - # values, or autoscaling targets. `container-concurrency` default setting - # must be at or below this value. - # - # Must be greater than 1. - # - # Note: even with this set, a user can choose a containerConcurrency - # of 0 (i.e. unbounded) unless allow-container-concurrency-zero is - # set to "false". - container-concurrency-max-limit: "1000" - - # allow-container-concurrency-zero controls whether users can - # specify 0 (i.e. unbounded) for containerConcurrency. - allow-container-concurrency-zero: "true" - - # enable-service-links specifies the default value used for the - # enableServiceLinks field of the PodSpec, when it is omitted by the user. - # See: https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service - # - # This is a tri-state flag with possible values of (true|false|default). - # - # In environments with large number of services it is suggested - # to set this value to `false`. - # See https://github.com/knative/serving/issues/8498. - enable-service-links: "false" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-deployment - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.0" - annotations: - knative.dev/example-checksum: "410041a0" -data: - # This is the Go import path for the binary that is containerized - # and substituted here. - queue-sidecar-image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:05f7dabe3447d22099172c17c0903cdcbc7c386cc32aa871ae49f22e8f3e85d7 - _example: |- - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # List of repositories for which tag to digest resolving should be skipped - registries-skipping-tag-resolving: "kind.local,ko.local,dev.local" - - # Maximum time allowed for an image's digests to be resolved. - digest-resolution-timeout: "10s" - - # Duration we wait for the deployment to be ready before considering it failed. - progress-deadline: "600s" - - # Sets the queue proxy's CPU request. - # If omitted, a default value (currently "25m"), is used. - queue-sidecar-cpu-request: "25m" - - # Sets the queue proxy's CPU limit. - # If omitted, no value is specified and the system default is used. - queue-sidecar-cpu-limit: "1000m" - - # Sets the queue proxy's memory request. - # If omitted, no value is specified and the system default is used. - queue-sidecar-memory-request: "400Mi" - - # Sets the queue proxy's memory limit. - # If omitted, no value is specified and the system default is used. - queue-sidecar-memory-limit: "800Mi" - - # Sets the queue proxy's ephemeral storage request. - # If omitted, no value is specified and the system default is used. - queue-sidecar-ephemeral-storage-request: "512Mi" - - # Sets the queue proxy's ephemeral storage limit. - # If omitted, no value is specified and the system default is used. - queue-sidecar-ephemeral-storage-limit: "1024Mi" - - # Sets tokens associated with specific audiences for queue proxy - used by QPOptions - # - # For example, to add the `service-x` audience: - # queue-sidecar-token-audiences: "service-x" - # Also supports a list of audiences, for example: - # queue-sidecar-token-audiences: "service-x,service-y" - # If omitted, or empty, no tokens are created - queue-sidecar-token-audiences: "" - - # Sets rootCA for the queue proxy - used by QPOptions - # If omitted, or empty, no rootCA is added to the golang rootCAs - queue-sidecar-rootca: "" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-domain - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.0" - annotations: - knative.dev/example-checksum: "26c09de5" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # Default value for domain. - # Routes having the cluster domain suffix (by default 'svc.cluster.local') - # will not be exposed through Ingress. You can define your own label - # selector to assign that domain suffix to your Route here, or you can set - # the label - # "networking.knative.dev/visibility=cluster-local" - # to achieve the same effect. This shows how to make routes having - # the label app=secret only exposed to the local cluster. - svc.cluster.local: | - selector: - app: secret - - # These are example settings of domain. - # example.com will be used for all routes, but it is the least-specific rule so it - # will only be used if no other domain matches. - example.com: | - - # example.org will be used for routes having app=nonprofit. - example.org: | - selector: - app: nonprofit - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-features - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.0" - annotations: - knative.dev/example-checksum: "d3565159" -data: - _example: |- - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # Default SecurityContext settings to secure-by-default values - # if unset. - # - # This value will default to "enabled" in a future release, - # probably Knative 1.10 - secure-pod-defaults: "disabled" - - # Indicates whether multi container support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#multi-containers - multi-container: "enabled" - - # Indicates whether Kubernetes affinity support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-node-affinity - kubernetes.podspec-affinity: "disabled" - - # Indicates whether Kubernetes topologySpreadConstraints support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-topology-spread-constraints - kubernetes.podspec-topologyspreadconstraints: "disabled" - - # Indicates whether Kubernetes hostAliases support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-host-aliases - kubernetes.podspec-hostaliases: "disabled" - - # Indicates whether Kubernetes nodeSelector support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-node-selector - kubernetes.podspec-nodeselector: "disabled" - - # Indicates whether Kubernetes tolerations support is enabled - # - # WARNING: Cannot safely be disabled once enabled - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-toleration - kubernetes.podspec-tolerations: "disabled" - - # Indicates whether Kubernetes FieldRef support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-fieldref - kubernetes.podspec-fieldref: "disabled" - - # Indicates whether Kubernetes RuntimeClassName support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-runtime-class - kubernetes.podspec-runtimeclassname: "disabled" - - # Indicates whether Kubernetes DNSPolicy support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-dnspolicy - kubernetes.podspec-dnspolicy: "disabled" - - # Indicates whether Kubernetes DNSConfig support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-dnsconfig - kubernetes.podspec-dnsconfig: "disabled" - - # This feature allows end-users to set a subset of fields on the Pod's SecurityContext - # - # When set to "enabled" or "allowed" it allows the following - # PodSecurityContext properties: - # - FSGroup - # - RunAsGroup - # - RunAsNonRoot - # - SupplementalGroups - # - RunAsUser - # - SeccompProfile - # - # This feature flag should be used with caution as the PodSecurityContext - # properties may have a side-effect on non-user sidecar containers that come - # from Knative or your service mesh - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-security-context - kubernetes.podspec-securitycontext: "disabled" - - # Indicates whether Kubernetes PriorityClassName support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-priority-class-name - kubernetes.podspec-priorityclassname: "disabled" - - # Indicates whether Kubernetes SchedulerName support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-scheduler-name - kubernetes.podspec-schedulername: "disabled" - - # This feature flag allows end-users to add a subset of capabilities on the Pod's SecurityContext. - # - # When set to "enabled" or "allowed" it allows capabilities to be added to the container. - # For a list of possible capabilities, see https://man7.org/linux/man-pages/man7/capabilities.7.html - kubernetes.containerspec-addcapabilities: "disabled" - - # This feature validates PodSpecs from the validating webhook - # against the K8s API Server. - # - # When "enabled", the server will always run the extra validation. - # When "allowed", the server will not run the dry-run validation by default. - # However, clients may enable the behavior on an individual Service by - # attaching the following metadata annotation: "features.knative.dev/podspec-dryrun":"enabled". - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-dry-run - kubernetes.podspec-dryrun: "allowed" - - # Controls whether tag header based routing feature are enabled or not. - # 1. Enabled: enabling tag header based routing - # 2. Disabled: disabling tag header based routing - # See: https://knative.dev/docs/serving/feature-flags/#tag-header-based-routing - tag-header-based-routing: "disabled" - - # Controls whether http2 auto-detection should be enabled or not. - # 1. Enabled: http2 connection will be attempted via upgrade. - # 2. Disabled: http2 connection will only be attempted when port name is set to "h2c". - autodetect-http2: "disabled" - - # Controls whether volume support for EmptyDir is enabled or not. - # 1. Enabled: enabling EmptyDir volume support - # 2. Disabled: disabling EmptyDir volume support - kubernetes.podspec-volumes-emptydir: "enabled" - - # Controls whether init containers support is enabled or not. - # 1. Enabled: enabling init containers support - # 2. Disabled: disabling init containers support - kubernetes.podspec-init-containers: "disabled" - - # Controls whether persistent volume claim support is enabled or not. - # 1. Enabled: enabling persistent volume claim support - # 2. Disabled: disabling persistent volume claim support - kubernetes.podspec-persistent-volume-claim: "disabled" - - # Controls whether write access for persistent volumes is enabled or not. - # 1. Enabled: enabling write access for persistent volumes - # 2. Disabled: disabling write access for persistent volumes - kubernetes.podspec-persistent-volume-write: "disabled" - - # Controls if the queue proxy podInfo feature is enabled, allowed or disabled - # - # This feature should be enabled/allowed when using queue proxy Options (Extensions) - # Enabling will mount a podInfo volume to the queue proxy container. - # The volume will contains an 'annotations' file (from the pod's annotation field). - # The annotations in this file include the Service annotations set by the client creating the service. - # If mounted, the annotations can be accessed by queue proxy extensions at /etc/podinfo/annnotations - # - # 1. "enabled": always mount a podInfo volume - # 2. "disabled": never mount a podInfo volume - # 3. "allowed": by default, do not mount a podInfo volume - # However, a client may mount the podInfo volume on an individual Service by attaching - # the following metadata annotation to the Service: "features.knative.dev/queueproxy-podinfo":"enabled". - # - # NOTE THAT THIS IS AN EXPERIMENTAL / ALPHA FEATURE - queueproxy.mount-podinfo: "disabled" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-gc - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.0" - annotations: - knative.dev/example-checksum: "aa3813a8" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # --------------------------------------- - # Garbage Collector Settings - # --------------------------------------- - # - # Active - # * Revisions which are referenced by a Route are considered active. - # * Individual revisions may be marked with the annotation - # "serving.knative.dev/no-gc":"true" to be permanently considered active. - # * Active revisions are not considered for GC. - # Retention - # * Revisions are retained if they are any of the following: - # 1. Active - # 2. Were created within "retain-since-create-time" - # 3. Were last referenced by a route within - # "retain-since-last-active-time" - # 4. There are fewer than "min-non-active-revisions" - # If none of these conditions are met, or if the count of revisions exceed - # "max-non-active-revisions", they will be deleted by GC. - # The special value "disabled" may be used to turn off these limits. - # - # Example config to immediately collect any inactive revision: - # min-non-active-revisions: "0" - # max-non-active-revisions: "0" - # retain-since-create-time: "disabled" - # retain-since-last-active-time: "disabled" - # - # Example config to always keep around the last ten non-active revisions: - # retain-since-create-time: "disabled" - # retain-since-last-active-time: "disabled" - # max-non-active-revisions: "10" - # - # Example config to disable all garbage collection: - # retain-since-create-time: "disabled" - # retain-since-last-active-time: "disabled" - # max-non-active-revisions: "disabled" - # - # Example config to keep recently deployed or active revisions, - # always maintain the last two in case of rollback, and prevent - # burst activity from exploding the count of old revisions: - # retain-since-create-time: "48h" - # retain-since-last-active-time: "15h" - # min-non-active-revisions: "2" - # max-non-active-revisions: "1000" - - # Duration since creation before considering a revision for GC or "disabled". - retain-since-create-time: "48h" - - # Duration since active before considering a revision for GC or "disabled". - retain-since-last-active-time: "15h" - - # Minimum number of non-active revisions to retain. - min-non-active-revisions: "20" - - # Maximum number of non-active revisions to retain - # or "disabled" to disable any maximum limit. - max-non-active-revisions: "1000" - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-leader-election - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.0" - annotations: - knative.dev/example-checksum: "f4b71f57" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # lease-duration is how long non-leaders will wait to try to acquire the - # lock; 15 seconds is the value used by core kubernetes controllers. - lease-duration: "60s" - - # renew-deadline is how long a leader will try to renew the lease before - # giving up; 10 seconds is the value used by core kubernetes controllers. - renew-deadline: "40s" - - # retry-period is how long the leader election client waits between tries of - # actions; 2 seconds is the value used by core kubernetes controllers. - retry-period: "10s" - - # buckets is the number of buckets used to partition key space of each - # Reconciler. If this number is M and the replica number of the controller - # is N, the N replicas will compete for the M buckets. The owner of a - # bucket will take care of the reconciling for the keys partitioned into - # that bucket. - buckets: "1" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-logging - namespace: knative-serving - labels: - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/component: logging - app.kubernetes.io/name: knative-serving - annotations: - knative.dev/example-checksum: "b0f3c6f2" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # Common configuration for all Knative codebase - zap-logger-config: | - { - "level": "info", - "development": false, - "outputPaths": ["stdout"], - "errorOutputPaths": ["stderr"], - "encoding": "json", - "encoderConfig": { - "timeKey": "timestamp", - "levelKey": "severity", - "nameKey": "logger", - "callerKey": "caller", - "messageKey": "message", - "stacktraceKey": "stacktrace", - "lineEnding": "", - "levelEncoder": "", - "timeEncoder": "iso8601", - "durationEncoder": "", - "callerEncoder": "" - } - } - - # Log level overrides - # For all components except the queue proxy, - # changes are picked up immediately. - # For queue proxy, changes require recreation of the pods. - loglevel.controller: "info" - loglevel.autoscaler: "info" - loglevel.queueproxy: "info" - loglevel.webhook: "info" - loglevel.activator: "info" - loglevel.hpaautoscaler: "info" - loglevel.net-certmanager-controller: "info" - loglevel.net-istio-controller: "info" - loglevel.net-contour-controller: "info" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-network - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.0" - annotations: - knative.dev/example-checksum: "73d96d1b" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # ingress-class specifies the default ingress class - # to use when not dictated by Route annotation. - # - # If not specified, will use the Istio ingress. - # - # Note that changing the Ingress class of an existing Route - # will result in undefined behavior. Therefore it is best to only - # update this value during the setup of Knative, to avoid getting - # undefined behavior. - ingress-class: "istio.ingress.networking.knative.dev" - - # certificate-class specifies the default Certificate class - # to use when not dictated by Route annotation. - # - # If not specified, will use the Cert-Manager Certificate. - # - # Note that changing the Certificate class of an existing Route - # will result in undefined behavior. Therefore it is best to only - # update this value during the setup of Knative, to avoid getting - # undefined behavior. - certificate-class: "cert-manager.certificate.networking.knative.dev" - - # namespace-wildcard-cert-selector specifies a LabelSelector which - # determines which namespaces should have a wildcard certificate - # provisioned. - # - # Use an empty value to disable the feature (this is the default): - # namespace-wildcard-cert-selector: "" - # - # Use an empty object to enable for all namespaces - # namespace-wildcard-cert-selector: {} - # - # Useful labels include the "kubernetes.io/metadata.name" label to - # avoid provisioning a certifcate for the "kube-system" namespaces. - # Use the following selector to match pre-1.0 behavior of using - # "networking.knative.dev/disableWildcardCert" to exclude namespaces: - # - # matchExpressions: - # - key: "networking.knative.dev/disableWildcardCert" - # operator: "NotIn" - # values: ["true"] - namespace-wildcard-cert-selector: "" - - # domain-template specifies the golang text template string to use - # when constructing the Knative service's DNS name. The default - # value is "{{.Name}}.{{.Namespace}}.{{.Domain}}". - # - # Valid variables defined in the template include Name, Namespace, Domain, - # Labels, and Annotations. Name will be the result of the tagTemplate - # below, if a tag is specified for the route. - # - # Changing this value might be necessary when the extra levels in - # the domain name generated is problematic for wildcard certificates - # that only support a single level of domain name added to the - # certificate's domain. In those cases you might consider using a value - # of "{{.Name}}-{{.Namespace}}.{{.Domain}}", or removing the Namespace - # entirely from the template. When choosing a new value be thoughtful - # of the potential for conflicts - for example, when users choose to use - # characters such as `-` in their service, or namespace, names. - # {{.Annotations}} or {{.Labels}} can be used for any customization in the - # go template if needed. - # We strongly recommend keeping namespace part of the template to avoid - # domain name clashes: - # eg. '{{.Name}}-{{.Namespace}}.{{ index .Annotations "sub"}}.{{.Domain}}' - # and you have an annotation {"sub":"foo"}, then the generated template - # would be {Name}-{Namespace}.foo.{Domain} - domain-template: "{{.Name}}.{{.Namespace}}.{{.Domain}}" - - # tagTemplate specifies the golang text template string to use - # when constructing the DNS name for "tags" within the traffic blocks - # of Routes and Configuration. This is used in conjunction with the - # domainTemplate above to determine the full URL for the tag. - tag-template: "{{.Tag}}-{{.Name}}" - - # Controls whether TLS certificates are automatically provisioned and - # installed in the Knative ingress to terminate external TLS connection. - # 1. Enabled: enabling auto-TLS feature. - # 2. Disabled: disabling auto-TLS feature. - auto-tls: "Disabled" - - # Controls the behavior of the HTTP endpoint for the Knative ingress. - # It requires autoTLS to be enabled. - # 1. Enabled: The Knative ingress will be able to serve HTTP connection. - # 2. Redirected: The Knative ingress will send a 301 redirect for all - # http connections, asking the clients to use HTTPS. - # - # "Disabled" option is deprecated. - http-protocol: "Enabled" - - # rollout-duration contains the minimal duration in seconds over which the - # Configuration traffic targets are rolled out to the newest revision. - rollout-duration: "0" - - # autocreate-cluster-domain-claims controls whether ClusterDomainClaims should - # be automatically created (and deleted) as needed when DomainMappings are - # reconciled. - # - # If this is "false" (the default), the cluster administrator is - # responsible for creating ClusterDomainClaims and delegating them to - # namespaces via their spec.Namespace field. This setting should be used in - # multitenant environments which need to control which namespace can use a - # particular domain name in a domain mapping. - # - # If this is "true", users are able to associate arbitrary names with their - # services via the DomainMapping feature. - autocreate-cluster-domain-claims: "false" - - # If true, networking plugins can add additional information to deployed - # applications to make their pods directly accessible via their IPs even if mesh is - # enabled and thus direct-addressability is usually not possible. - # Consumers like Knative Serving can use this setting to adjust their behavior - # accordingly, i.e. to drop fallback solutions for non-pod-addressable systems. - # - # NOTE: This flag is in an alpha state and is mostly here to enable internal testing - # for now. Use with caution. - enable-mesh-pod-addressability: "false" - - # mesh-compatibility-mode indicates whether consumers of network plugins - # should directly contact Pod IPs (most efficient), or should use the - # Cluster IP (less efficient, needed when mesh is enabled unless - # `enable-mesh-pod-addressability`, above, is set). - # Permitted values are: - # - "auto" (default): automatically determine which mesh mode to use by trying Pod IP and falling back to Cluster IP as needed. - # - "enabled": always use Cluster IP and do not attempt to use Pod IPs. - # - "disabled": always use Pod IPs and do not fall back to Cluster IP on failure. - mesh-compatibility-mode: "auto" - - # Defines the scheme used for external URLs if autoTLS is not enabled. - # This can be used for making Knative report all URLs as "HTTPS" for example, if you're - # fronting Knative with an external loadbalancer that deals with TLS termination and - # Knative doesn't know about that otherwise. - default-external-scheme: "http" - - # internal-encryption indicates whether internal traffic is encrypted or not. - # If this is "true", the following traffic are encrypted: - # - ingress to activator - # - ingress to queue-proxy - # - activator to queue-proxy - # - # NOTE: This flag is in an alpha state and is mostly here to enable internal testing - # for now. Use with caution. - internal-encryption: "false" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-observability - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: observability - app.kubernetes.io/version: "1.10.0" - annotations: - knative.dev/example-checksum: "fed4756e" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # logging.enable-var-log-collection defaults to false. - # The fluentd daemon set will be set up to collect /var/log if - # this flag is true. - logging.enable-var-log-collection: "false" - - # logging.revision-url-template provides a template to use for producing the - # logging URL that is injected into the status of each Revision. - logging.revision-url-template: "http://logging.example.com/?revisionUID=${REVISION_UID}" - - # If non-empty, this enables queue proxy writing user request logs to stdout, excluding probe - # requests. - # NB: after 0.18 release logging.enable-request-log must be explicitly set to true - # in order for request logging to be enabled. - # - # The value determines the shape of the request logs and it must be a valid go text/template. - # It is important to keep this as a single line. Multiple lines are parsed as separate entities - # by most collection agents and will split the request logs into multiple records. - # - # The following fields and functions are available to the template: - # - # Request: An http.Request (see https://golang.org/pkg/net/http/#Request) - # representing an HTTP request received by the server. - # - # Response: - # struct { - # Code int // HTTP status code (see https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml) - # Size int // An int representing the size of the response. - # Latency float64 // A float64 representing the latency of the response in seconds. - # } - # - # Revision: - # struct { - # Name string // Knative revision name - # Namespace string // Knative revision namespace - # Service string // Knative service name - # Configuration string // Knative configuration name - # PodName string // Name of the pod hosting the revision - # PodIP string // IP of the pod hosting the revision - # } - # - logging.request-log-template: '{"httpRequest": {"requestMethod": "{{.Request.Method}}", "requestUrl": "{{js .Request.RequestURI}}", "requestSize": "{{.Request.ContentLength}}", "status": {{.Response.Code}}, "responseSize": "{{.Response.Size}}", "userAgent": "{{js .Request.UserAgent}}", "remoteIp": "{{js .Request.RemoteAddr}}", "serverIp": "{{.Revision.PodIP}}", "referer": "{{js .Request.Referer}}", "latency": "{{.Response.Latency}}s", "protocol": "{{.Request.Proto}}"}, "traceId": "{{index .Request.Header "X-B3-Traceid"}}"}' - - # If true, the request logging will be enabled. - # NB: up to and including Knative version 0.18 if logging.request-log-template is non-empty, this value - # will be ignored. - logging.enable-request-log: "false" - - # If true, this enables queue proxy writing request logs for probe requests to stdout. - # It uses the same template for user requests, i.e. logging.request-log-template. - logging.enable-probe-request-log: "false" - - # metrics.backend-destination field specifies the system metrics destination. - # It supports either prometheus (the default) or opencensus. - metrics.backend-destination: prometheus - - # metrics.request-metrics-backend-destination specifies the request metrics - # destination. It enables queue proxy to send request metrics. - # Currently supported values: prometheus (the default), opencensus. - metrics.request-metrics-backend-destination: prometheus - - # profiling.enable indicates whether it is allowed to retrieve runtime profiling data from - # the pods via an HTTP server in the format expected by the pprof visualization tool. When - # enabled, the Knative Serving pods expose the profiling data on an alternate HTTP port 8008. - # The HTTP context root for profiling is then /debug/pprof/. - profiling.enable: "false" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-tracing - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: tracing - app.kubernetes.io/version: "1.10.0" - annotations: - knative.dev/example-checksum: "26614636" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - # - # This may be "zipkin" or "none" (default) - backend: "none" - - # URL to zipkin collector where traces are sent. - # This must be specified when backend is "zipkin" - zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans" - - # Enable zipkin debug mode. This allows all spans to be sent to the server - # bypassing sampling. - debug: "false" - - # Percentage (0-1) of requests to trace - sample-rate: "0.1" - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: activator - namespace: knative-serving - labels: - app.kubernetes.io/component: activator - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" -spec: - minReplicas: 1 - maxReplicas: 20 - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: activator - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - # Percentage of the requested CPU - averageUtilization: 100 ---- -# Activator PDB. Currently we permit unavailability of 20% of tasks at the same time. -# Given the subsetting and that the activators are partially stateful systems, we want -# a slow rollout of the new versions and slow migration during node upgrades. -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: activator-pdb - namespace: knative-serving - labels: - app.kubernetes.io/component: activator - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" -spec: - minAvailable: 80% - selector: - matchLabels: - app: activator - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: activator - namespace: knative-serving - labels: - app.kubernetes.io/component: activator - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-serving -spec: - selector: - matchLabels: - app: activator - role: activator - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - labels: - app: activator - role: activator - app.kubernetes.io/component: activator - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" - spec: - serviceAccountName: controller - containers: - - name: activator - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/activator@sha256:c129149520cbe84b676d26c08787b471a8c81c5439118f2eb936bdc942836830 - # The numbers are based on performance test results from - # https://github.com/knative/serving/issues/1625#issuecomment-511930023 - resources: - requests: - cpu: 300m - memory: 60Mi - limits: - cpu: 1000m - memory: 600Mi - env: - # Run Activator with GC collection when newly generated memory is 500%. - - name: GOGC - value: "500" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/internal/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: http1 - containerPort: 8012 - - name: h2c - containerPort: 8013 - readinessProbe: - httpGet: - port: 8012 - httpHeaders: - - name: k-kubelet-probe - value: "activator" - periodSeconds: 5 - failureThreshold: 5 - livenessProbe: - httpGet: - port: 8012 - httpHeaders: - - name: k-kubelet-probe - value: "activator" - periodSeconds: 10 - failureThreshold: 12 - initialDelaySeconds: 15 - # The activator (often) sits on the dataplane, and may proxy long (e.g. - # streaming, websockets) requests. We give a long grace period for the - # activator to "lame duck" and drain outstanding requests before we - # forcibly terminate the pod (and outstanding connections). This value - # should be at least as large as the upper bound on the Revision's - # timeoutSeconds property to avoid servicing events disrupting - # connections. - terminationGracePeriodSeconds: 600 ---- -apiVersion: v1 -kind: Service -metadata: - name: activator-service - namespace: knative-serving - labels: - app: activator - app.kubernetes.io/component: activator - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-serving -spec: - selector: - app: activator - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: http - port: 80 - targetPort: 8012 - - name: http2 - port: 81 - targetPort: 8013 - - name: https - port: 443 - targetPort: 8112 - type: ClusterIP - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: autoscaler - namespace: knative-serving - labels: - app.kubernetes.io/component: autoscaler - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" -spec: - replicas: 1 - selector: - matchLabels: - app: autoscaler - strategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 0 - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - labels: - app: autoscaler - app.kubernetes.io/component: autoscaler - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: autoscaler - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: autoscaler - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler@sha256:b30009e0d9eb80b2e288145580b2854715b611622907eab14c89d6d4b71a37af - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 1000m - memory: 1000Mi - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: websocket - containerPort: 8080 - readinessProbe: - httpGet: - port: 8080 - httpHeaders: - - name: k-kubelet-probe - value: "autoscaler" - livenessProbe: - httpGet: - port: 8080 - httpHeaders: - - name: k-kubelet-probe - value: "autoscaler" - failureThreshold: 6 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: autoscaler - app.kubernetes.io/component: autoscaler - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" - name: autoscaler - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: http - port: 8080 - targetPort: 8080 - selector: - app: autoscaler - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller - namespace: knative-serving - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" -spec: - selector: - matchLabels: - app: controller - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "true" - labels: - app: controller - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: controller - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: controller - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/controller@sha256:0763e6f5fe14db808dad883ef0c7ef8640227e9bedec744be7db514d6cba0da1 - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 1000m - memory: 1000Mi - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/internal/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - livenessProbe: - httpGet: - path: /health - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 6 - readinessProbe: - httpGet: - path: /readiness - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 3 - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: probes - containerPort: 8080 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: controller - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" - name: controller - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - selector: - app: controller - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: domain-mapping - namespace: knative-serving - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" -spec: - selector: - matchLabels: - app: domain-mapping - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "true" - labels: - app: domain-mapping - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: domain-mapping - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: domain-mapping - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping@sha256:0831d24d3b7150893b2fba3899c9d6b6f0bad79123681ad4e3d14c1359bb23e2 - resources: - requests: - cpu: 30m - memory: 40Mi - limits: - cpu: 300m - memory: 400Mi - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - livenessProbe: - httpGet: - path: /health - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 6 - readinessProbe: - httpGet: - path: /readiness - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 3 - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: probes - containerPort: 8080 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: domainmapping-webhook - namespace: knative-serving - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" -spec: - selector: - matchLabels: - app: domainmapping-webhook - role: domainmapping-webhook - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - labels: - app: domainmapping-webhook - role: domainmapping-webhook - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: domainmapping-webhook - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: domainmapping-webhook - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping-webhook@sha256:50df310c19bc7c98ea4705a4b909482abafb1a3bb7ec2e26ef61cbd742afa297 - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 500m - memory: 500Mi - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: WEBHOOK_PORT - value: "8443" - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: https-webhook - containerPort: 8443 - readinessProbe: - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - livenessProbe: - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - failureThreshold: 6 - initialDelaySeconds: 20 - # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently - # high value that we respect whatever value it has configured for the lame duck grace period. - terminationGracePeriodSeconds: 300 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - role: domainmapping-webhook - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" - name: domainmapping-webhook - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: https-webhook - port: 443 - targetPort: 8443 - selector: - app: domainmapping-webhook - role: domainmapping-webhook - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: webhook - namespace: knative-serving - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" -spec: - minReplicas: 1 - maxReplicas: 5 - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: webhook - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - # Percentage of the requested CPU - averageUtilization: 100 ---- -# Webhook PDB. -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: webhook-pdb - namespace: knative-serving - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" -spec: - minAvailable: 80% - selector: - matchLabels: - app: webhook - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: webhook - namespace: knative-serving - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-serving -spec: - selector: - matchLabels: - app: webhook - role: webhook - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - labels: - app: webhook - role: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-serving - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: webhook - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: webhook - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/webhook@sha256:a43a7bf3a2d2a62782fe802dcd3ba287fb277a0d8274e5a6aef1bba9d09a0dd6 - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 500m - memory: 500Mi - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: WEBHOOK_NAME - value: webhook - - name: WEBHOOK_PORT - value: "8443" - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/internal/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: https-webhook - containerPort: 8443 - readinessProbe: - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - livenessProbe: - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - failureThreshold: 6 - initialDelaySeconds: 20 - # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently - # high value that we respect whatever value it has configured for the lame duck grace period. - terminationGracePeriodSeconds: 300 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - role: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/version: "1.10.0" - app.kubernetes.io/name: knative-serving - name: webhook - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: https-webhook - port: 443 - targetPort: 8443 - selector: - app: webhook - role: webhook - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: config.webhook.serving.knative.dev - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: config.webhook.serving.knative.dev - objectSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: ["knative-serving"] - - key: app.kubernetes.io/component - operator: In - values: ["autoscaler", "controller", "logging", "networking", "observability", "tracing"] - timeoutSeconds: 10 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: webhook.serving.knative.dev - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: webhook.serving.knative.dev - timeoutSeconds: 10 - rules: - - apiGroups: - - autoscaling.internal.knative.dev - - networking.internal.knative.dev - - serving.knative.dev - apiVersions: - - "*" - operations: - - CREATE - - UPDATE - scope: "*" - resources: - - metrics - - podautoscalers - - certificates - - ingresses - - serverlessservices - - configurations - - revisions - - routes - - services - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: webhook.domainmapping.serving.knative.dev - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: domainmapping-webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: webhook.domainmapping.serving.knative.dev - timeoutSeconds: 10 - rules: - - apiGroups: - - serving.knative.dev - apiVersions: - - "*" - operations: - - CREATE - - UPDATE - scope: "*" - resources: - - domainmappings - - domainmappings/status - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: domainmapping-webhook-certs - namespace: knative-serving - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" -# The data is populated at install time. - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validation.webhook.domainmapping.serving.knative.dev - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: domainmapping-webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: validation.webhook.domainmapping.serving.knative.dev - timeoutSeconds: 10 - rules: - - apiGroups: - - serving.knative.dev - apiVersions: - - "*" - operations: - - CREATE - - UPDATE - - DELETE - scope: "*" - resources: - - domainmappings - - domainmappings/status - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validation.webhook.serving.knative.dev - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: validation.webhook.serving.knative.dev - timeoutSeconds: 10 - rules: - - apiGroups: - - autoscaling.internal.knative.dev - - networking.internal.knative.dev - - serving.knative.dev - apiVersions: - - "*" - operations: - - CREATE - - UPDATE - - DELETE - scope: "*" - resources: - - metrics - - podautoscalers - - certificates - - ingresses - - serverlessservices - - configurations - - revisions - - routes - - services - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: webhook-certs - namespace: knative-serving - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" -# The data is populated at install time. - ---- diff --git a/cmd/operator/kodata/knative-serving/1.10.0/3-serving-hpa.yaml b/cmd/operator/kodata/knative-serving/1.10.0/3-serving-hpa.yaml deleted file mode 100644 index dd3fde18a4..0000000000 --- a/cmd/operator/kodata/knative-serving/1.10.0/3-serving-hpa.yaml +++ /dev/null @@ -1,128 +0,0 @@ -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: autoscaler-hpa - namespace: knative-serving - labels: - autoscaling.knative.dev/autoscaler-provider: hpa - app.kubernetes.io/component: autoscaler-hpa - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" -spec: - selector: - matchLabels: - app: autoscaler-hpa - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "true" - labels: - app: autoscaler-hpa - app.kubernetes.io/component: autoscaler-hpa - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: autoscaler-hpa - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: autoscaler-hpa - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler-hpa@sha256:c059477149b577037fb522ea789efbf30781c81b2d01e0acfbf04d694bc8145c - resources: - requests: - cpu: 30m - memory: 40Mi - limits: - cpu: 300m - memory: 400Mi - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - livenessProbe: - httpGet: - path: /health - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 5 - readinessProbe: - httpGet: - path: /readiness - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 5 - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: probes - containerPort: 8080 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: autoscaler-hpa - autoscaling.knative.dev/autoscaler-provider: hpa - app.kubernetes.io/component: autoscaler-hpa - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.0" - name: autoscaler-hpa - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - selector: - app: autoscaler-hpa - ---- diff --git a/cmd/operator/kodata/knative-serving/1.10.0/4-serving-post-install-jobs.yaml b/cmd/operator/kodata/knative-serving/1.10.0/4-serving-post-install-jobs.yaml deleted file mode 100644 index c96a02513d..0000000000 --- a/cmd/operator/kodata/knative-serving/1.10.0/4-serving-post-install-jobs.yaml +++ /dev/null @@ -1,70 +0,0 @@ - ---- -# /tmp/knative.MG2c4DLV/tmp.tCtzJkR9pm/serving-storage-version-migration.yaml -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: batch/v1 -kind: Job -metadata: - generateName: storage-version-migration-serving- - namespace: knative-serving - labels: - app: storage-version-migration-serving - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: storage-version-migration-job - app.kubernetes.io/version: "1.10.0" -spec: - ttlSecondsAfterFinished: 600 - backoffLimit: 10 - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - labels: - app: storage-version-migration-serving - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: storage-version-migration-job - app.kubernetes.io/version: "1.10.0" - spec: - serviceAccountName: controller - restartPolicy: OnFailure - containers: - - name: migrate - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:bdd19753c0b218e20092db3710ed7e61f4c86b049df8c10353d9cf4a2c179894 - args: - - "services.serving.knative.dev" - - "configurations.serving.knative.dev" - - "revisions.serving.knative.dev" - - "routes.serving.knative.dev" - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 1000m - memory: 1000Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ---- diff --git a/cmd/operator/kodata/knative-serving/1.10.1/1-serving-crds.yaml b/cmd/operator/kodata/knative-serving/1.10.1/1-serving-crds.yaml deleted file mode 100644 index 7a19c7f046..0000000000 --- a/cmd/operator/kodata/knative-serving/1.10.1/1-serving-crds.yaml +++ /dev/null @@ -1,4260 +0,0 @@ -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: certificates.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.1" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Certificate is responsible for provisioning a SSL certificate for the given hosts. It is a Knative abstraction for various SSL certificate provisioning solutions (such as cert-manager or self-signed SSL certificate). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the Certificate. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - dnsNames - - secretName - properties: - dnsNames: - description: DNSNames is a list of DNS names the Certificate could support. The wildcard format of DNSNames (e.g. *.default.example.com) is supported. - type: array - items: - type: string - domain: - description: Domain is the top level domain of the values for DNSNames. - type: string - secretName: - description: SecretName is the name of the secret resource to store the SSL certificate in. - type: string - status: - description: 'Status is the current state of the Certificate. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - http01Challenges: - description: HTTP01Challenges is a list of HTTP01 challenges that need to be fulfilled in order to get the TLS certificate.. - type: array - items: - description: HTTP01Challenge defines the status of a HTTP01 challenge that a certificate needs to fulfill. - type: object - properties: - serviceName: - description: ServiceName is the name of the service to serve HTTP01 challenge requests. - type: string - serviceNamespace: - description: ServiceNamespace is the namespace of the service to serve HTTP01 challenge requests. - type: string - servicePort: - description: ServicePort is the port of the service to serve HTTP01 challenge requests. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - url: - description: URL is the URL that the HTTP01 challenge is expected to serve on. - type: string - notAfter: - description: The expiration time of the TLS certificate stored in the secret named by this resource in spec.secretName. - type: string - format: date-time - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Certificate - plural: certificates - singular: certificate - categories: - - knative-internal - - networking - shortNames: - - kcert - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: configurations.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" - knative.dev/crd-install: "true" - duck.knative.dev/podspecable: "true" -spec: - group: serving.knative.dev - names: - kind: Configuration - plural: configurations - singular: configuration - categories: - - all - - knative - - serving - shortNames: - - config - - cfg - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: LatestCreated - type: string - jsonPath: .status.latestCreatedRevisionName - - name: LatestReady - type: string - jsonPath: .status.latestReadyRevisionName - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'Configuration represents the "floating HEAD" of a linear history of Revisions. Users create new Revisions by updating the Configuration''s spec. The "latest created" revision''s name is available under status, as is the "latest ready" revision''s name. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#configuration' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConfigurationSpec holds the desired state of the Configuration (from the client). - type: object - properties: - template: - description: Template holds the latest specification for the Revision to be stamped out. - type: object - properties: - metadata: - type: object - properties: - annotations: - type: object - additionalProperties: - type: string - finalizers: - type: array - items: - type: string - labels: - type: object - additionalProperties: - type: string - name: - type: string - namespace: - type: string - x-kubernetes-preserve-unknown-fields: true - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - status: - description: ConfigurationStatus communicates the observed state of the Configuration (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - latestCreatedRevisionName: - description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. - type: string - latestReadyRevisionName: - description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterdomainclaims.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.1" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: ClusterDomainClaim is a cluster-wide reservation for a particular domain name. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the ClusterDomainClaim. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - namespace - properties: - namespace: - description: Namespace is the namespace which is allowed to create a DomainMapping using this ClusterDomainClaim's name. - type: string - names: - kind: ClusterDomainClaim - plural: clusterdomainclaims - singular: clusterdomainclaim - categories: - - knative-internal - - networking - shortNames: - - cdc - scope: Cluster - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: domainmappings.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" - knative.dev/crd-install: "true" -spec: - group: serving.knative.dev - versions: - - name: v1beta1 - served: true - storage: false - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - "schema": - "openAPIV3Schema": - description: DomainMapping is a mapping from a custom hostname to an Addressable. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - ref - properties: - ref: - description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." - type: object - required: - - kind - - name - properties: - address: - description: Address points to a specific Address Name. - type: string - apiVersion: - description: API version of the referent. - type: string - group: - description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - tls: - description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. - type: object - required: - - secretName - properties: - secretName: - description: SecretName is the name of the existing secret used to terminate TLS traffic. - type: string - status: - description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - address: - description: Address holds the information needed for a DomainMapping to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - url: - description: URL is the URL of this DomainMapping. - type: string - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: DomainMapping is a mapping from a custom hostname to an Addressable. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - ref - properties: - ref: - description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." - type: object - required: - - kind - - name - properties: - address: - description: Address points to a specific Address Name. - type: string - apiVersion: - description: API version of the referent. - type: string - group: - description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - tls: - description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. - type: object - required: - - secretName - properties: - secretName: - description: SecretName is the name of the existing secret used to terminate TLS traffic. - type: string - status: - description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - address: - description: Address holds the information needed for a DomainMapping to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - url: - description: URL is the URL of this DomainMapping. - type: string - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: DomainMapping - plural: domainmappings - singular: domainmapping - categories: - - all - - knative - - serving - shortNames: - - dm - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ingresses.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.1" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: "Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable URLs, load balance traffic, offer name based virtual hosting, etc. \n This is heavily based on K8s Ingress https://godoc.org/k8s.io/api/networking/v1beta1#Ingress which some highlighted modifications." - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the Ingress. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - httpOption: - description: 'HTTPOption is the option of HTTP. It has the following two values: `HTTPOptionEnabled`, `HTTPOptionRedirected`' - type: string - rules: - description: A list of host rules used to configure the Ingress. - type: array - items: - description: IngressRule represents the rules mapping the paths under a specified host to the related backend services. Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching IngressRuleValue. - type: object - properties: - hosts: - description: 'Host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the "host" part of the URI as defined in the RFC: 1. IPs are not allowed. Currently a rule value can only apply to the IP in the Spec of the parent . 2. The `:` delimiter is not respected because ports are not allowed. Currently the port of an Ingress is implicitly :80 for http and :443 for https. Both these may change in the future. If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue. If multiple matching Hosts were provided, the first rule will take precedent.' - type: array - items: - type: string - http: - description: HTTP represents a rule to apply against incoming requests. If the rule is satisfied, the request is routed to the specified backend. - type: object - required: - - paths - properties: - paths: - description: "A collection of paths that map requests to backends. \n If they are multiple matching paths, the first match takes precedence." - type: array - items: - description: HTTPIngressPath associates a path regex with a backend. Incoming URLs matching the path are forwarded to the backend. - type: object - required: - - splits - properties: - appendHeaders: - description: "AppendHeaders allow specifying additional HTTP headers to add before forwarding a request to the destination service. \n NOTE: This differs from K8s Ingress which doesn't allow header appending." - type: object - additionalProperties: - type: string - headers: - description: Headers defines header matching rules which is a map from a header name to HeaderMatch which specify a matching condition. When a request matched with all the header matching rules, the request is routed by the corresponding ingress rule. If it is empty, the headers are not used for matching - type: object - additionalProperties: - description: HeaderMatch represents a matching value of Headers in HTTPIngressPath. Currently, only the exact matching is supported. - type: object - required: - - exact - properties: - exact: - type: string - path: - description: Path represents a literal prefix to which this rule should apply. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/'. If unspecified, the path defaults to a catch all sending traffic to the backend. - type: string - rewriteHost: - description: "RewriteHost rewrites the incoming request's host header. \n This field is currently experimental and not supported by all Ingress implementations." - type: string - splits: - description: Splits defines the referenced service endpoints to which the traffic will be forwarded to. - type: array - items: - description: IngressBackendSplit describes all endpoints for a given service and port. - type: object - required: - - serviceName - - serviceNamespace - - servicePort - properties: - appendHeaders: - description: "AppendHeaders allow specifying additional HTTP headers to add before forwarding a request to the destination service. \n NOTE: This differs from K8s Ingress which doesn't allow header appending." - type: object - additionalProperties: - type: string - percent: - description: "Specifies the split percentage, a number between 0 and 100. If only one split is specified, we default to 100. \n NOTE: This differs from K8s Ingress to allow percentage split." - type: integer - serviceName: - description: Specifies the name of the referenced service. - type: string - serviceNamespace: - description: "Specifies the namespace of the referenced service. \n NOTE: This differs from K8s Ingress to allow routing to different namespaces." - type: string - servicePort: - description: Specifies the port of the referenced service. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - visibility: - description: Visibility signifies whether this rule should `ClusterLocal`. If it's not specified then it defaults to `ExternalIP`. - type: string - tls: - description: 'TLS configuration. Currently Ingress only supports a single TLS port: 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI.' - type: array - items: - description: IngressTLS describes the transport layer security associated with an Ingress. - type: object - properties: - hosts: - description: Hosts is a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified. - type: array - items: - type: string - secretName: - description: SecretName is the name of the secret used to terminate SSL traffic. - type: string - secretNamespace: - description: SecretNamespace is the namespace of the secret used to terminate SSL traffic. If not set the namespace should be assumed to be the same as the Ingress. If set the secret should have the same namespace as the Ingress otherwise the behaviour is undefined and not supported. - type: string - status: - description: 'Status is the current state of the Ingress. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - privateLoadBalancer: - description: PrivateLoadBalancer contains the current status of the load-balancer. - type: object - properties: - ingress: - description: Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points. - type: array - items: - description: 'LoadBalancerIngressStatus represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.' - type: object - properties: - domain: - description: Domain is set for load-balancer ingress points that are DNS based (typically AWS load-balancers) - type: string - domainInternal: - description: "DomainInternal is set if there is a cluster-local DNS name to access the Ingress. \n NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local DNS name to allow routing in case of not having a mesh." - type: string - ip: - description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers) - type: string - meshOnly: - description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. - type: boolean - publicLoadBalancer: - description: PublicLoadBalancer contains the current status of the load-balancer. - type: object - properties: - ingress: - description: Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points. - type: array - items: - description: 'LoadBalancerIngressStatus represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.' - type: object - properties: - domain: - description: Domain is set for load-balancer ingress points that are DNS based (typically AWS load-balancers) - type: string - domainInternal: - description: "DomainInternal is set if there is a cluster-local DNS name to access the Ingress. \n NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local DNS name to allow routing in case of not having a mesh." - type: string - ip: - description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers) - type: string - meshOnly: - description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. - type: boolean - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: Ingress - plural: ingresses - singular: ingress - categories: - - knative-internal - - networking - shortNames: - - kingress - - king - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: metrics.autoscaling.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" - knative.dev/crd-install: "true" -spec: - group: autoscaling.internal.knative.dev - names: - kind: Metric - plural: metrics - singular: metric - categories: - - knative-internal - - autoscaling - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: Metric represents a resource to configure the metric collector with. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Metric (from the client). - type: object - required: - - panicWindow - - scrapeTarget - - stableWindow - properties: - panicWindow: - description: PanicWindow is the aggregation window for metrics where quick reactions are needed. - type: integer - format: int64 - scrapeTarget: - description: ScrapeTarget is the K8s service that publishes the metric endpoint. - type: string - stableWindow: - description: StableWindow is the aggregation window for metrics in a stable state. - type: integer - format: int64 - status: - description: Status communicates the observed state of the Metric (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: podautoscalers.autoscaling.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" - knative.dev/crd-install: "true" -spec: - group: autoscaling.internal.knative.dev - names: - kind: PodAutoscaler - plural: podautoscalers - singular: podautoscaler - categories: - - knative-internal - - autoscaling - shortNames: - - kpa - - pa - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: DesiredScale - type: integer - jsonPath: ".status.desiredScale" - - name: ActualScale - type: integer - jsonPath: ".status.actualScale" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'PodAutoscaler is a Knative abstraction that encapsulates the interface by which Knative components instantiate autoscalers. This definition is an abstraction that may be backed by multiple definitions. For more information, see the Knative Pluggability presentation: https://docs.google.com/presentation/d/19vW9HFZ6Puxt31biNZF3uLRejDmu82rxJIk1cWmxF7w/edit' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the PodAutoscaler (from the client). - type: object - required: - - protocolType - - scaleTargetRef - properties: - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means unlimited concurrency. - type: integer - format: int64 - protocolType: - description: The application-layer protocol. Matches `ProtocolType` inferred from the revision spec. - type: string - reachability: - description: Reachability specifies whether or not the `ScaleTargetRef` can be reached (ie. has a route). Defaults to `ReachabilityUnknown` - type: string - scaleTargetRef: - description: ScaleTargetRef defines the /scale-able resource that this PodAutoscaler is responsible for quickly right-sizing. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - x-kubernetes-map-type: atomic - status: - description: Status communicates the observed state of the PodAutoscaler (from the controller). - type: object - required: - - metricsServiceName - - serviceName - properties: - actualScale: - description: ActualScale shows the actual number of replicas for the revision. - type: integer - format: int32 - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - desiredScale: - description: DesiredScale shows the current desired number of replicas for the revision. - type: integer - format: int32 - metricsServiceName: - description: MetricsServiceName is the K8s Service name that provides revision metrics. The service is managed by the PA object. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - serviceName: - description: ServiceName is the K8s Service name that serves the revision, scaled by this PA. The service is created and owned by the ServerlessService object owned by this PA. - type: string - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: revisions.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" - knative.dev/crd-install: "true" -spec: - group: serving.knative.dev - names: - kind: Revision - plural: revisions - singular: revision - categories: - - all - - knative - - serving - shortNames: - - rev - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Config Name - type: string - jsonPath: ".metadata.labels['serving\\.knative\\.dev/configuration']" - - name: K8s Service Name - type: string - jsonPath: ".status.serviceName" - - name: Generation - type: string # int in string form :( - jsonPath: ".metadata.labels['serving\\.knative\\.dev/configurationGeneration']" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - name: Actual Replicas - type: integer - jsonPath: ".status.actualReplicas" - - name: Desired Replicas - type: integer - jsonPath: ".status.desiredReplicas" - schema: - openAPIV3Schema: - description: "Revision is an immutable snapshot of code and configuration. A revision references a container image. Revisions are created by updates to a Configuration. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#revision" - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - status: - description: RevisionStatus communicates the observed state of the Revision (from the controller). - type: object - properties: - actualReplicas: - description: ActualReplicas reflects the amount of ready pods running this revision. - type: integer - format: int32 - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - containerStatuses: - description: 'ContainerStatuses is a slice of images present in .Spec.Container[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' - type: array - items: - description: ContainerStatus holds the information of container name and image digest value - type: object - properties: - imageDigest: - type: string - name: - type: string - desiredReplicas: - description: DesiredReplicas reflects the desired amount of pods running this revision. - type: integer - format: int32 - initContainerStatuses: - description: 'InitContainerStatuses is a slice of images present in .Spec.InitContainer[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' - type: array - items: - description: ContainerStatus holds the information of container name and image digest value - type: object - properties: - imageDigest: - type: string - name: - type: string - logUrl: - description: LogURL specifies the generated logging url for this particular revision based on the revision url template specified in the controller's config. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: routes.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" -spec: - group: serving.knative.dev - names: - kind: Route - plural: routes - singular: route - categories: - - all - - knative - - serving - shortNames: - - rt - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'Route is responsible for configuring ingress over a collection of Revisions. Some of the Revisions a Route distributes traffic over may be specified by referencing the Configuration responsible for creating them; in these cases the Route is additionally responsible for monitoring the Configuration for "latest ready revision" changes, and smoothly rolling out latest revisions. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#route' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Route (from the client). - type: object - properties: - traffic: - description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - status: - description: Status communicates the observed state of the Route (from the controller). - type: object - properties: - address: - description: Address holds the information needed for a Route to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - traffic: - description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - url: - description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} - type: string - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: serverlessservices.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.1" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'ServerlessService is a proxy for the K8s service objects containing the endpoints for the revision, whether those are endpoints of the activator or revision pods. See: https://knative.page.link/naxz for details.' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the ServerlessService. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - objectRef - - protocolType - properties: - mode: - description: Mode describes the mode of operation of the ServerlessService. - type: string - numActivators: - description: NumActivators contains number of Activators that this revision should be assigned. O means — assign all. - type: integer - format: int32 - objectRef: - description: ObjectRef defines the resource that this ServerlessService is responsible for making "serverless". - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - x-kubernetes-map-type: atomic - protocolType: - description: The application-layer protocol. Matches `RevisionProtocolType` set on the owning pa/revision. serving imports networking, so just use string. - type: string - status: - description: 'Status is the current state of the ServerlessService. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - privateServiceName: - description: PrivateServiceName holds the name of a core K8s Service resource that load balances over the user service pods backing this Revision. - type: string - serviceName: - description: ServiceName holds the name of a core K8s Service resource that load balances over the pods backing this Revision (activator or revision). - type: string - additionalPrinterColumns: - - name: Mode - type: string - jsonPath: ".spec.mode" - - name: Activators - type: integer - jsonPath: ".spec.numActivators" - - name: ServiceName - type: string - jsonPath: ".status.serviceName" - - name: PrivateServiceName - type: string - jsonPath: ".status.privateServiceName" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: ServerlessService - plural: serverlessservices - singular: serverlessservice - categories: - - knative-internal - - networking - shortNames: - - sks - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: services.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - duck.knative.dev/podspecable: "true" -spec: - group: serving.knative.dev - names: - kind: Service - plural: services - singular: service - categories: - - all - - knative - - serving - shortNames: - - kservice - - ksvc - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: LatestCreated - type: string - jsonPath: .status.latestCreatedRevisionName - - name: LatestReady - type: string - jsonPath: .status.latestReadyRevisionName - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: "Service acts as a top-level container that manages a Route and Configuration which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership. Service acts only as an orchestrator of the underlying Routes and Configurations (much as a kubernetes Deployment orchestrates ReplicaSets), and its usage is optional but recommended. \n The Service's controller will track the statuses of its owned Configuration and Route, reflecting their statuses and conditions as its own. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#service" - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ServiceSpec represents the configuration for the Service object. A Service's specification is the union of the specifications for a Route and Configuration. The Service restricts what can be expressed in these fields, e.g. the Route must reference the provided Configuration; however, these limitations also enable friendlier defaulting, e.g. Route never needs a Configuration name, and may be defaulted to the appropriate "run latest" spec. - type: object - properties: - template: - description: Template holds the latest specification for the Revision to be stamped out. - type: object - properties: - metadata: - type: object - properties: - annotations: - type: object - additionalProperties: - type: string - finalizers: - type: array - items: - type: string - labels: - type: object - additionalProperties: - type: string - name: - type: string - namespace: - type: string - x-kubernetes-preserve-unknown-fields: true - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - traffic: - description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - status: - description: ServiceStatus represents the Status stanza of the Service resource. - type: object - properties: - address: - description: Address holds the information needed for a Route to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - latestCreatedRevisionName: - description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. - type: string - latestReadyRevisionName: - description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - traffic: - description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - url: - description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} - type: string - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: images.caching.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" - knative.dev/crd-install: "true" -spec: - group: caching.internal.knative.dev - names: - kind: Image - plural: images - singular: image - categories: - - knative-internal - - caching - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Image is a Knative abstraction that encapsulates the interface by which Knative components express a desire to have a particular image cached. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Image (from the client). - type: object - required: - - image - properties: - image: - description: Image is the name of the container image url to cache across the cluster. - type: string - imagePullSecrets: - description: ImagePullSecrets contains the names of the Kubernetes Secrets containing login information used by the Pods which will run this container. - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - serviceAccountName: - description: 'ServiceAccountName is the name of the Kubernetes ServiceAccount as which the Pods will run this container. This is potentially used to authenticate the image pull if the service account has attached pull secrets. For more information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account' - type: string - status: - description: Status communicates the observed state of the Image (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: Image - type: string - jsonPath: .spec.image - ---- diff --git a/cmd/operator/kodata/knative-serving/1.10.1/2-serving-core.yaml b/cmd/operator/kodata/knative-serving/1.10.1/2-serving-core.yaml deleted file mode 100644 index 1606244420..0000000000 --- a/cmd/operator/kodata/knative-serving/1.10.1/2-serving-core.yaml +++ /dev/null @@ -1,7203 +0,0 @@ -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Namespace -metadata: - name: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Use this aggregated ClusterRole when you need readonly access to "Addressables" -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - # Named like this to avoid clashing with eventing's existing `addressable-resolver` role - # (which should be identical, but isn't guaranteed to be installed alongside serving). - name: knative-serving-aggregated-addressable-resolver - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-serving -aggregationRule: - clusterRoleSelectors: - - matchLabels: - duck.knative.dev/addressable: "true" ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-addressable-resolver - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-serving - # Labeled to facilitate aggregated cluster roles that act on Addressables. - duck.knative.dev/addressable: "true" -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - serving.knative.dev - resources: - - routes - - routes/status - - services - - services/status - verbs: - - get - - list - - watch - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-namespaced-admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-serving -rules: - - apiGroups: ["serving.knative.dev"] - resources: ["*"] - verbs: ["*"] - - apiGroups: ["networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] - resources: ["*"] - verbs: ["get", "list", "watch"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-namespaced-edit - labels: - rbac.authorization.k8s.io/aggregate-to-edit: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-serving -rules: - - apiGroups: ["serving.knative.dev"] - resources: ["*"] - verbs: ["create", "update", "patch", "delete"] - - apiGroups: ["networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] - resources: ["*"] - verbs: ["get", "list", "watch"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-namespaced-view - labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-serving -rules: - - apiGroups: ["serving.knative.dev", "networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] - resources: ["*"] - verbs: ["get", "list", "watch"] - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-core - labels: - serving.knative.dev/controller: "true" - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-serving -rules: - - apiGroups: [""] - resources: ["pods", "namespaces", "secrets", "configmaps", "endpoints", "services", "events", "serviceaccounts"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: [""] - resources: ["endpoints/restricted"] # Permission for RestrictedEndpointsAdmission - verbs: ["create"] - - apiGroups: [""] - resources: ["namespaces/finalizers"] # finalizers are needed for the owner reference of the webhook - verbs: ["update"] - - apiGroups: ["apps"] - resources: ["deployments", "deployments/finalizers"] # finalizers are needed for the owner reference of the webhook - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions", "customresourcedefinitions/status"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["autoscaling"] - resources: ["horizontalpodautoscalers"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["serving.knative.dev", "autoscaling.internal.knative.dev", "networking.internal.knative.dev"] - resources: ["*", "*/status", "*/finalizers"] - verbs: ["get", "list", "create", "update", "delete", "deletecollection", "patch", "watch"] - - apiGroups: ["caching.internal.knative.dev"] - resources: ["images"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-podspecable-binding - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-serving - # Labeled to facilitate aggregated cluster roles that act on PodSpecables. - duck.knative.dev/podspecable: "true" -# Do not use this role directly. These rules will be added to the "podspecable-binder" role. -rules: - - apiGroups: - - serving.knative.dev - resources: - - configurations - - services - verbs: - - list - - watch - - patch - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: controller - namespace: knative-serving - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-admin - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" -aggregationRule: - clusterRoleSelectors: - - matchLabels: - serving.knative.dev/controller: "true" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-serving-controller-admin - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" -subjects: - - kind: ServiceAccount - name: controller - namespace: knative-serving -roleRef: - kind: ClusterRole - name: knative-serving-admin - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-serving-controller-addressable-resolver - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" -subjects: - - kind: ServiceAccount - name: controller - namespace: knative-serving -roleRef: - kind: ClusterRole - name: knative-serving-aggregated-addressable-resolver - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: images.caching.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" - knative.dev/crd-install: "true" -spec: - group: caching.internal.knative.dev - names: - kind: Image - plural: images - singular: image - categories: - - knative-internal - - caching - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Image is a Knative abstraction that encapsulates the interface by which Knative components express a desire to have a particular image cached. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Image (from the client). - type: object - required: - - image - properties: - image: - description: Image is the name of the container image url to cache across the cluster. - type: string - imagePullSecrets: - description: ImagePullSecrets contains the names of the Kubernetes Secrets containing login information used by the Pods which will run this container. - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - serviceAccountName: - description: 'ServiceAccountName is the name of the Kubernetes ServiceAccount as which the Pods will run this container. This is potentially used to authenticate the image pull if the service account has attached pull secrets. For more information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account' - type: string - status: - description: Status communicates the observed state of the Image (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: Image - type: string - jsonPath: .spec.image - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: certificates.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.1" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Certificate is responsible for provisioning a SSL certificate for the given hosts. It is a Knative abstraction for various SSL certificate provisioning solutions (such as cert-manager or self-signed SSL certificate). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the Certificate. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - dnsNames - - secretName - properties: - dnsNames: - description: DNSNames is a list of DNS names the Certificate could support. The wildcard format of DNSNames (e.g. *.default.example.com) is supported. - type: array - items: - type: string - domain: - description: Domain is the top level domain of the values for DNSNames. - type: string - secretName: - description: SecretName is the name of the secret resource to store the SSL certificate in. - type: string - status: - description: 'Status is the current state of the Certificate. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - http01Challenges: - description: HTTP01Challenges is a list of HTTP01 challenges that need to be fulfilled in order to get the TLS certificate.. - type: array - items: - description: HTTP01Challenge defines the status of a HTTP01 challenge that a certificate needs to fulfill. - type: object - properties: - serviceName: - description: ServiceName is the name of the service to serve HTTP01 challenge requests. - type: string - serviceNamespace: - description: ServiceNamespace is the namespace of the service to serve HTTP01 challenge requests. - type: string - servicePort: - description: ServicePort is the port of the service to serve HTTP01 challenge requests. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - url: - description: URL is the URL that the HTTP01 challenge is expected to serve on. - type: string - notAfter: - description: The expiration time of the TLS certificate stored in the secret named by this resource in spec.secretName. - type: string - format: date-time - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Certificate - plural: certificates - singular: certificate - categories: - - knative-internal - - networking - shortNames: - - kcert - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: configurations.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" - knative.dev/crd-install: "true" - duck.knative.dev/podspecable: "true" -spec: - group: serving.knative.dev - names: - kind: Configuration - plural: configurations - singular: configuration - categories: - - all - - knative - - serving - shortNames: - - config - - cfg - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: LatestCreated - type: string - jsonPath: .status.latestCreatedRevisionName - - name: LatestReady - type: string - jsonPath: .status.latestReadyRevisionName - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'Configuration represents the "floating HEAD" of a linear history of Revisions. Users create new Revisions by updating the Configuration''s spec. The "latest created" revision''s name is available under status, as is the "latest ready" revision''s name. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#configuration' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConfigurationSpec holds the desired state of the Configuration (from the client). - type: object - properties: - template: - description: Template holds the latest specification for the Revision to be stamped out. - type: object - properties: - metadata: - type: object - properties: - annotations: - type: object - additionalProperties: - type: string - finalizers: - type: array - items: - type: string - labels: - type: object - additionalProperties: - type: string - name: - type: string - namespace: - type: string - x-kubernetes-preserve-unknown-fields: true - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - status: - description: ConfigurationStatus communicates the observed state of the Configuration (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - latestCreatedRevisionName: - description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. - type: string - latestReadyRevisionName: - description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterdomainclaims.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.1" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: ClusterDomainClaim is a cluster-wide reservation for a particular domain name. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the ClusterDomainClaim. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - namespace - properties: - namespace: - description: Namespace is the namespace which is allowed to create a DomainMapping using this ClusterDomainClaim's name. - type: string - names: - kind: ClusterDomainClaim - plural: clusterdomainclaims - singular: clusterdomainclaim - categories: - - knative-internal - - networking - shortNames: - - cdc - scope: Cluster - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: domainmappings.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" - knative.dev/crd-install: "true" -spec: - group: serving.knative.dev - versions: - - name: v1beta1 - served: true - storage: false - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - "schema": - "openAPIV3Schema": - description: DomainMapping is a mapping from a custom hostname to an Addressable. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - ref - properties: - ref: - description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." - type: object - required: - - kind - - name - properties: - address: - description: Address points to a specific Address Name. - type: string - apiVersion: - description: API version of the referent. - type: string - group: - description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - tls: - description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. - type: object - required: - - secretName - properties: - secretName: - description: SecretName is the name of the existing secret used to terminate TLS traffic. - type: string - status: - description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - address: - description: Address holds the information needed for a DomainMapping to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - url: - description: URL is the URL of this DomainMapping. - type: string - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: DomainMapping is a mapping from a custom hostname to an Addressable. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - ref - properties: - ref: - description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." - type: object - required: - - kind - - name - properties: - address: - description: Address points to a specific Address Name. - type: string - apiVersion: - description: API version of the referent. - type: string - group: - description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - tls: - description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. - type: object - required: - - secretName - properties: - secretName: - description: SecretName is the name of the existing secret used to terminate TLS traffic. - type: string - status: - description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - address: - description: Address holds the information needed for a DomainMapping to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - url: - description: URL is the URL of this DomainMapping. - type: string - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: DomainMapping - plural: domainmappings - singular: domainmapping - categories: - - all - - knative - - serving - shortNames: - - dm - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ingresses.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.1" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: "Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable URLs, load balance traffic, offer name based virtual hosting, etc. \n This is heavily based on K8s Ingress https://godoc.org/k8s.io/api/networking/v1beta1#Ingress which some highlighted modifications." - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the Ingress. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - httpOption: - description: 'HTTPOption is the option of HTTP. It has the following two values: `HTTPOptionEnabled`, `HTTPOptionRedirected`' - type: string - rules: - description: A list of host rules used to configure the Ingress. - type: array - items: - description: IngressRule represents the rules mapping the paths under a specified host to the related backend services. Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching IngressRuleValue. - type: object - properties: - hosts: - description: 'Host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the "host" part of the URI as defined in the RFC: 1. IPs are not allowed. Currently a rule value can only apply to the IP in the Spec of the parent . 2. The `:` delimiter is not respected because ports are not allowed. Currently the port of an Ingress is implicitly :80 for http and :443 for https. Both these may change in the future. If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue. If multiple matching Hosts were provided, the first rule will take precedent.' - type: array - items: - type: string - http: - description: HTTP represents a rule to apply against incoming requests. If the rule is satisfied, the request is routed to the specified backend. - type: object - required: - - paths - properties: - paths: - description: "A collection of paths that map requests to backends. \n If they are multiple matching paths, the first match takes precedence." - type: array - items: - description: HTTPIngressPath associates a path regex with a backend. Incoming URLs matching the path are forwarded to the backend. - type: object - required: - - splits - properties: - appendHeaders: - description: "AppendHeaders allow specifying additional HTTP headers to add before forwarding a request to the destination service. \n NOTE: This differs from K8s Ingress which doesn't allow header appending." - type: object - additionalProperties: - type: string - headers: - description: Headers defines header matching rules which is a map from a header name to HeaderMatch which specify a matching condition. When a request matched with all the header matching rules, the request is routed by the corresponding ingress rule. If it is empty, the headers are not used for matching - type: object - additionalProperties: - description: HeaderMatch represents a matching value of Headers in HTTPIngressPath. Currently, only the exact matching is supported. - type: object - required: - - exact - properties: - exact: - type: string - path: - description: Path represents a literal prefix to which this rule should apply. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/'. If unspecified, the path defaults to a catch all sending traffic to the backend. - type: string - rewriteHost: - description: "RewriteHost rewrites the incoming request's host header. \n This field is currently experimental and not supported by all Ingress implementations." - type: string - splits: - description: Splits defines the referenced service endpoints to which the traffic will be forwarded to. - type: array - items: - description: IngressBackendSplit describes all endpoints for a given service and port. - type: object - required: - - serviceName - - serviceNamespace - - servicePort - properties: - appendHeaders: - description: "AppendHeaders allow specifying additional HTTP headers to add before forwarding a request to the destination service. \n NOTE: This differs from K8s Ingress which doesn't allow header appending." - type: object - additionalProperties: - type: string - percent: - description: "Specifies the split percentage, a number between 0 and 100. If only one split is specified, we default to 100. \n NOTE: This differs from K8s Ingress to allow percentage split." - type: integer - serviceName: - description: Specifies the name of the referenced service. - type: string - serviceNamespace: - description: "Specifies the namespace of the referenced service. \n NOTE: This differs from K8s Ingress to allow routing to different namespaces." - type: string - servicePort: - description: Specifies the port of the referenced service. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - visibility: - description: Visibility signifies whether this rule should `ClusterLocal`. If it's not specified then it defaults to `ExternalIP`. - type: string - tls: - description: 'TLS configuration. Currently Ingress only supports a single TLS port: 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI.' - type: array - items: - description: IngressTLS describes the transport layer security associated with an Ingress. - type: object - properties: - hosts: - description: Hosts is a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified. - type: array - items: - type: string - secretName: - description: SecretName is the name of the secret used to terminate SSL traffic. - type: string - secretNamespace: - description: SecretNamespace is the namespace of the secret used to terminate SSL traffic. If not set the namespace should be assumed to be the same as the Ingress. If set the secret should have the same namespace as the Ingress otherwise the behaviour is undefined and not supported. - type: string - status: - description: 'Status is the current state of the Ingress. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - privateLoadBalancer: - description: PrivateLoadBalancer contains the current status of the load-balancer. - type: object - properties: - ingress: - description: Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points. - type: array - items: - description: 'LoadBalancerIngressStatus represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.' - type: object - properties: - domain: - description: Domain is set for load-balancer ingress points that are DNS based (typically AWS load-balancers) - type: string - domainInternal: - description: "DomainInternal is set if there is a cluster-local DNS name to access the Ingress. \n NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local DNS name to allow routing in case of not having a mesh." - type: string - ip: - description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers) - type: string - meshOnly: - description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. - type: boolean - publicLoadBalancer: - description: PublicLoadBalancer contains the current status of the load-balancer. - type: object - properties: - ingress: - description: Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points. - type: array - items: - description: 'LoadBalancerIngressStatus represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.' - type: object - properties: - domain: - description: Domain is set for load-balancer ingress points that are DNS based (typically AWS load-balancers) - type: string - domainInternal: - description: "DomainInternal is set if there is a cluster-local DNS name to access the Ingress. \n NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local DNS name to allow routing in case of not having a mesh." - type: string - ip: - description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers) - type: string - meshOnly: - description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. - type: boolean - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: Ingress - plural: ingresses - singular: ingress - categories: - - knative-internal - - networking - shortNames: - - kingress - - king - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: metrics.autoscaling.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" - knative.dev/crd-install: "true" -spec: - group: autoscaling.internal.knative.dev - names: - kind: Metric - plural: metrics - singular: metric - categories: - - knative-internal - - autoscaling - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: Metric represents a resource to configure the metric collector with. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Metric (from the client). - type: object - required: - - panicWindow - - scrapeTarget - - stableWindow - properties: - panicWindow: - description: PanicWindow is the aggregation window for metrics where quick reactions are needed. - type: integer - format: int64 - scrapeTarget: - description: ScrapeTarget is the K8s service that publishes the metric endpoint. - type: string - stableWindow: - description: StableWindow is the aggregation window for metrics in a stable state. - type: integer - format: int64 - status: - description: Status communicates the observed state of the Metric (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: podautoscalers.autoscaling.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" - knative.dev/crd-install: "true" -spec: - group: autoscaling.internal.knative.dev - names: - kind: PodAutoscaler - plural: podautoscalers - singular: podautoscaler - categories: - - knative-internal - - autoscaling - shortNames: - - kpa - - pa - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: DesiredScale - type: integer - jsonPath: ".status.desiredScale" - - name: ActualScale - type: integer - jsonPath: ".status.actualScale" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'PodAutoscaler is a Knative abstraction that encapsulates the interface by which Knative components instantiate autoscalers. This definition is an abstraction that may be backed by multiple definitions. For more information, see the Knative Pluggability presentation: https://docs.google.com/presentation/d/19vW9HFZ6Puxt31biNZF3uLRejDmu82rxJIk1cWmxF7w/edit' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the PodAutoscaler (from the client). - type: object - required: - - protocolType - - scaleTargetRef - properties: - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means unlimited concurrency. - type: integer - format: int64 - protocolType: - description: The application-layer protocol. Matches `ProtocolType` inferred from the revision spec. - type: string - reachability: - description: Reachability specifies whether or not the `ScaleTargetRef` can be reached (ie. has a route). Defaults to `ReachabilityUnknown` - type: string - scaleTargetRef: - description: ScaleTargetRef defines the /scale-able resource that this PodAutoscaler is responsible for quickly right-sizing. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - x-kubernetes-map-type: atomic - status: - description: Status communicates the observed state of the PodAutoscaler (from the controller). - type: object - required: - - metricsServiceName - - serviceName - properties: - actualScale: - description: ActualScale shows the actual number of replicas for the revision. - type: integer - format: int32 - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - desiredScale: - description: DesiredScale shows the current desired number of replicas for the revision. - type: integer - format: int32 - metricsServiceName: - description: MetricsServiceName is the K8s Service name that provides revision metrics. The service is managed by the PA object. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - serviceName: - description: ServiceName is the K8s Service name that serves the revision, scaled by this PA. The service is created and owned by the ServerlessService object owned by this PA. - type: string - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: revisions.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" - knative.dev/crd-install: "true" -spec: - group: serving.knative.dev - names: - kind: Revision - plural: revisions - singular: revision - categories: - - all - - knative - - serving - shortNames: - - rev - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Config Name - type: string - jsonPath: ".metadata.labels['serving\\.knative\\.dev/configuration']" - - name: K8s Service Name - type: string - jsonPath: ".status.serviceName" - - name: Generation - type: string # int in string form :( - jsonPath: ".metadata.labels['serving\\.knative\\.dev/configurationGeneration']" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - name: Actual Replicas - type: integer - jsonPath: ".status.actualReplicas" - - name: Desired Replicas - type: integer - jsonPath: ".status.desiredReplicas" - schema: - openAPIV3Schema: - description: "Revision is an immutable snapshot of code and configuration. A revision references a container image. Revisions are created by updates to a Configuration. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#revision" - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - status: - description: RevisionStatus communicates the observed state of the Revision (from the controller). - type: object - properties: - actualReplicas: - description: ActualReplicas reflects the amount of ready pods running this revision. - type: integer - format: int32 - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - containerStatuses: - description: 'ContainerStatuses is a slice of images present in .Spec.Container[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' - type: array - items: - description: ContainerStatus holds the information of container name and image digest value - type: object - properties: - imageDigest: - type: string - name: - type: string - desiredReplicas: - description: DesiredReplicas reflects the desired amount of pods running this revision. - type: integer - format: int32 - initContainerStatuses: - description: 'InitContainerStatuses is a slice of images present in .Spec.InitContainer[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' - type: array - items: - description: ContainerStatus holds the information of container name and image digest value - type: object - properties: - imageDigest: - type: string - name: - type: string - logUrl: - description: LogURL specifies the generated logging url for this particular revision based on the revision url template specified in the controller's config. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: routes.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" -spec: - group: serving.knative.dev - names: - kind: Route - plural: routes - singular: route - categories: - - all - - knative - - serving - shortNames: - - rt - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'Route is responsible for configuring ingress over a collection of Revisions. Some of the Revisions a Route distributes traffic over may be specified by referencing the Configuration responsible for creating them; in these cases the Route is additionally responsible for monitoring the Configuration for "latest ready revision" changes, and smoothly rolling out latest revisions. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#route' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Route (from the client). - type: object - properties: - traffic: - description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - status: - description: Status communicates the observed state of the Route (from the controller). - type: object - properties: - address: - description: Address holds the information needed for a Route to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - traffic: - description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - url: - description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} - type: string - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: serverlessservices.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.1" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'ServerlessService is a proxy for the K8s service objects containing the endpoints for the revision, whether those are endpoints of the activator or revision pods. See: https://knative.page.link/naxz for details.' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the ServerlessService. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - objectRef - - protocolType - properties: - mode: - description: Mode describes the mode of operation of the ServerlessService. - type: string - numActivators: - description: NumActivators contains number of Activators that this revision should be assigned. O means — assign all. - type: integer - format: int32 - objectRef: - description: ObjectRef defines the resource that this ServerlessService is responsible for making "serverless". - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - x-kubernetes-map-type: atomic - protocolType: - description: The application-layer protocol. Matches `RevisionProtocolType` set on the owning pa/revision. serving imports networking, so just use string. - type: string - status: - description: 'Status is the current state of the ServerlessService. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - privateServiceName: - description: PrivateServiceName holds the name of a core K8s Service resource that load balances over the user service pods backing this Revision. - type: string - serviceName: - description: ServiceName holds the name of a core K8s Service resource that load balances over the pods backing this Revision (activator or revision). - type: string - additionalPrinterColumns: - - name: Mode - type: string - jsonPath: ".spec.mode" - - name: Activators - type: integer - jsonPath: ".spec.numActivators" - - name: ServiceName - type: string - jsonPath: ".status.serviceName" - - name: PrivateServiceName - type: string - jsonPath: ".status.privateServiceName" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: ServerlessService - plural: serverlessservices - singular: serverlessservice - categories: - - knative-internal - - networking - shortNames: - - sks - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: services.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - duck.knative.dev/podspecable: "true" -spec: - group: serving.knative.dev - names: - kind: Service - plural: services - singular: service - categories: - - all - - knative - - serving - shortNames: - - kservice - - ksvc - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: LatestCreated - type: string - jsonPath: .status.latestCreatedRevisionName - - name: LatestReady - type: string - jsonPath: .status.latestReadyRevisionName - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: "Service acts as a top-level container that manages a Route and Configuration which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership. Service acts only as an orchestrator of the underlying Routes and Configurations (much as a kubernetes Deployment orchestrates ReplicaSets), and its usage is optional but recommended. \n The Service's controller will track the statuses of its owned Configuration and Route, reflecting their statuses and conditions as its own. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#service" - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ServiceSpec represents the configuration for the Service object. A Service's specification is the union of the specifications for a Route and Configuration. The Service restricts what can be expressed in these fields, e.g. the Route must reference the provided Configuration; however, these limitations also enable friendlier defaulting, e.g. Route never needs a Configuration name, and may be defaulted to the appropriate "run latest" spec. - type: object - properties: - template: - description: Template holds the latest specification for the Revision to be stamped out. - type: object - properties: - metadata: - type: object - properties: - annotations: - type: object - additionalProperties: - type: string - finalizers: - type: array - items: - type: string - labels: - type: object - additionalProperties: - type: string - name: - type: string - namespace: - type: string - x-kubernetes-preserve-unknown-fields: true - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - traffic: - description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - status: - description: ServiceStatus represents the Status stanza of the Service resource. - type: object - properties: - address: - description: Address holds the information needed for a Route to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - latestCreatedRevisionName: - description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. - type: string - latestReadyRevisionName: - description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - traffic: - description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - url: - description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} - type: string - ---- -# Copyright 2022 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - # Do not drop -ctrl-ca suffix as control-protocol requires it. - # https://github.com/knative-sandbox/control-protocol/blob/main/pkg/certificates/reconciler/controller.go - name: serving-certs-ctrl-ca - namespace: knative-serving - labels: - serving-certs-ctrl: "data-plane" - networking.internal.knative.dev/certificate-uid: "serving-certs" - -# The data is populated when internal-encryption is enabled. ---- -apiVersion: v1 -kind: Secret -metadata: - name: knative-serving-certs - namespace: knative-serving - labels: - serving-certs-ctrl: "data-plane" - networking.internal.knative.dev/certificate-uid: "serving-certs" - -# The data is populated when internal-encryption is enabled. ---- -apiVersion: v1 -kind: Secret -metadata: - name: control-serving-certs - namespace: knative-serving - labels: - serving-certs-ctrl: "control-plane" - networking.internal.knative.dev/certificate-uid: "serving-certs" - -# The data is populated when internal-encryption is enabled. ---- -apiVersion: v1 -kind: Secret -metadata: - name: routing-serving-certs - namespace: knative-serving - labels: - serving-certs-ctrl: "data-plane-routing" - routing-id: "0" - networking.internal.knative.dev/certificate-uid: "serving-certs" -# The data is populated when internal-encryption is enabled. - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: caching.internal.knative.dev/v1alpha1 -kind: Image -metadata: - name: queue-proxy - namespace: knative-serving - labels: - app.kubernetes.io/component: queue-proxy - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" -spec: - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:65c427aaab3be9cea1afea32cdef26d5855c69403077d2dc3439f75c26a1e83f - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-autoscaler - namespace: knative-serving - labels: - app.kubernetes.io/component: autoscaler - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" - annotations: - knative.dev/example-checksum: "47c2487f" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # The Revision ContainerConcurrency field specifies the maximum number - # of requests the Container can handle at once. Container concurrency - # target percentage is how much of that maximum to use in a stable - # state. E.g. if a Revision specifies ContainerConcurrency of 10, then - # the Autoscaler will try to maintain 7 concurrent connections per pod - # on average. - # Note: this limit will be applied to container concurrency set at every - # level (ConfigMap, Revision Spec or Annotation). - # For legacy and backwards compatibility reasons, this value also accepts - # fractional values in (0, 1] interval (i.e. 0.7 ⇒ 70%). - # Thus minimal percentage value must be greater than 1.0, or it will be - # treated as a fraction. - # NOTE: that this value does not affect actual number of concurrent requests - # the user container may receive, but only the average number of requests - # that the revision pods will receive. - container-concurrency-target-percentage: "70" - - # The container concurrency target default is what the Autoscaler will - # try to maintain when concurrency is used as the scaling metric for the - # Revision and the Revision specifies unlimited concurrency. - # When revision explicitly specifies container concurrency, that value - # will be used as a scaling target for autoscaler. - # When specifying unlimited concurrency, the autoscaler will - # horizontally scale the application based on this target concurrency. - # This is what we call "soft limit" in the documentation, i.e. it only - # affects number of pods and does not affect the number of requests - # individual pod processes. - # The value must be a positive number such that the value multiplied - # by container-concurrency-target-percentage is greater than 0.01. - # NOTE: that this value will be adjusted by application of - # container-concurrency-target-percentage, i.e. by default - # the system will target on average 70 concurrent requests - # per revision pod. - # NOTE: Only one metric can be used for autoscaling a Revision. - container-concurrency-target-default: "100" - - # The requests per second (RPS) target default is what the Autoscaler will - # try to maintain when RPS is used as the scaling metric for a Revision and - # the Revision specifies unlimited RPS. Even when specifying unlimited RPS, - # the autoscaler will horizontally scale the application based on this - # target RPS. - # Must be greater than 1.0. - # NOTE: Only one metric can be used for autoscaling a Revision. - requests-per-second-target-default: "200" - - # The target burst capacity specifies the size of burst in concurrent - # requests that the system operator expects the system will receive. - # Autoscaler will try to protect the system from queueing by introducing - # Activator in the request path if the current spare capacity of the - # service is less than this setting. - # If this setting is 0, then Activator will be in the request path only - # when the revision is scaled to 0. - # If this setting is > 0 and container-concurrency-target-percentage is - # 100% or 1.0, then activator will always be in the request path. - # -1 denotes unlimited target-burst-capacity and activator will always - # be in the request path. - # Other negative values are invalid. - target-burst-capacity: "211" - - # When operating in a stable mode, the autoscaler operates on the - # average concurrency over the stable window. - # Stable window must be in whole seconds. - stable-window: "60s" - - # When observed average concurrency during the panic window reaches - # panic-threshold-percentage the target concurrency, the autoscaler - # enters panic mode. When operating in panic mode, the autoscaler - # scales on the average concurrency over the panic window which is - # panic-window-percentage of the stable-window. - # Must be in the [1, 100] range. - # When computing the panic window it will be rounded to the closest - # whole second, at least 1s. - panic-window-percentage: "10.0" - - # The percentage of the container concurrency target at which to - # enter panic mode when reached within the panic window. - panic-threshold-percentage: "200.0" - - # Max scale up rate limits the rate at which the autoscaler will - # increase pod count. It is the maximum ratio of desired pods versus - # observed pods. - # Cannot be less or equal to 1. - # I.e with value of 2.0 the number of pods can at most go N to 2N - # over single Autoscaler period (2s), but at least N to - # N+1, if Autoscaler needs to scale up. - max-scale-up-rate: "1000.0" - - # Max scale down rate limits the rate at which the autoscaler will - # decrease pod count. It is the maximum ratio of observed pods versus - # desired pods. - # Cannot be less or equal to 1. - # I.e. with value of 2.0 the number of pods can at most go N to N/2 - # over single Autoscaler evaluation period (2s), but at - # least N to N-1, if Autoscaler needs to scale down. - max-scale-down-rate: "2.0" - - # Scale to zero feature flag. - enable-scale-to-zero: "true" - - # Scale to zero grace period is the time an inactive revision is left - # running before it is scaled to zero (must be positive, but recommended - # at least a few seconds if running with mesh networking). - # This is the upper limit and is provided not to enforce timeout after - # the revision stopped receiving requests for stable window, but to - # ensure network reprogramming to put activator in the path has completed. - # If the system determines that a shorter period is satisfactory, - # then the system will only wait that amount of time before scaling to 0. - # NOTE: this period might actually be 0, if activator has been - # in the request path sufficiently long. - # If there is necessity for the last pod to linger longer use - # scale-to-zero-pod-retention-period flag. - scale-to-zero-grace-period: "30s" - - # Scale to zero pod retention period defines the minimum amount - # of time the last pod will remain after Autoscaler has decided to - # scale to zero. - # This flag is for the situations where the pod startup is very expensive - # and the traffic is bursty (requiring smaller windows for fast action), - # but patchy. - # The larger of this flag and `scale-to-zero-grace-period` will effectively - # determine how the last pod will hang around. - scale-to-zero-pod-retention-period: "0s" - - # pod-autoscaler-class specifies the default pod autoscaler class - # that should be used if none is specified. If omitted, - # the Knative Pod Autoscaler (KPA) is used by default. - pod-autoscaler-class: "kpa.autoscaling.knative.dev" - - # The capacity of a single activator task. - # The `unit` is one concurrent request proxied by the activator. - # activator-capacity must be at least 1. - # This value is used for computation of the Activator subset size. - # See the algorithm here: http://bit.ly/38XiCZ3. - # TODO(vagababov): tune after actual benchmarking. - activator-capacity: "100.0" - - # initial-scale is the cluster-wide default value for the initial target - # scale of a revision after creation, unless overridden by the - # "autoscaling.knative.dev/initialScale" annotation. - # This value must be greater than 0 unless allow-zero-initial-scale is true. - initial-scale: "1" - - # allow-zero-initial-scale controls whether either the cluster-wide initial-scale flag, - # or the "autoscaling.knative.dev/initialScale" annotation, can be set to 0. - allow-zero-initial-scale: "false" - - # min-scale is the cluster-wide default value for the min scale of a revision, - # unless overridden by the "autoscaling.knative.dev/minScale" annotation. - min-scale: "0" - - # max-scale is the cluster-wide default value for the max scale of a revision, - # unless overridden by the "autoscaling.knative.dev/maxScale" annotation. - # If set to 0, the revision has no maximum scale. - max-scale: "0" - - # scale-down-delay is the amount of time that must pass at reduced - # concurrency before a scale down decision is applied. This can be useful, - # for example, to maintain replica count and avoid a cold start penalty if - # more requests come in within the scale down delay period. - # The default, 0s, imposes no delay at all. - scale-down-delay: "0s" - - # max-scale-limit sets the maximum permitted value for the max scale of a revision. - # When this is set to a positive value, a revision with a maxScale above that value - # (including a maxScale of "0" = unlimited) is disallowed. - # A value of zero (the default) allows any limit, including unlimited. - max-scale-limit: "0" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-defaults - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.1" - annotations: - knative.dev/example-checksum: "e7973912" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # revision-timeout-seconds contains the default number of - # seconds to use for the revision's per-request timeout, if - # none is specified. - revision-timeout-seconds: "300" # 5 minutes - - # max-revision-timeout-seconds contains the maximum number of - # seconds that can be used for revision-timeout-seconds. - # This value must be greater than or equal to revision-timeout-seconds. - # If omitted, the system default is used (600 seconds). - # - # If this value is increased, the activator's terminationGraceTimeSeconds - # should also be increased to prevent in-flight requests being disrupted. - max-revision-timeout-seconds: "600" # 10 minutes - - # revision-response-start-timeout-seconds contains the default number of - # seconds a request will be allowed to stay open while waiting to - # receive any bytes from the user's application, if none is specified. - # - # This defaults to 'revision-timeout-seconds' - revision-response-start-timeout-seconds: "300" - - # revision-idle-timeout-seconds contains the default number of - # seconds a request will be allowed to stay open while not receiving any - # bytes from the user's application, if none is specified. - revision-idle-timeout-seconds: "0" # infinite - - # revision-cpu-request contains the cpu allocation to assign - # to revisions by default. If omitted, no value is specified - # and the system default is used. - # Below is an example of setting revision-cpu-request. - # By default, it is not set by Knative. - revision-cpu-request: "400m" # 0.4 of a CPU (aka 400 milli-CPU) - - # revision-memory-request contains the memory allocation to assign - # to revisions by default. If omitted, no value is specified - # and the system default is used. - # Below is an example of setting revision-memory-request. - # By default, it is not set by Knative. - revision-memory-request: "100M" # 100 megabytes of memory - - # revision-ephemeral-storage-request contains the ephemeral storage - # allocation to assign to revisions by default. If omitted, no value is - # specified and the system default is used. - revision-ephemeral-storage-request: "500M" # 500 megabytes of storage - - # revision-cpu-limit contains the cpu allocation to limit - # revisions to by default. If omitted, no value is specified - # and the system default is used. - # Below is an example of setting revision-cpu-limit. - # By default, it is not set by Knative. - revision-cpu-limit: "1000m" # 1 CPU (aka 1000 milli-CPU) - - # revision-memory-limit contains the memory allocation to limit - # revisions to by default. If omitted, no value is specified - # and the system default is used. - # Below is an example of setting revision-memory-limit. - # By default, it is not set by Knative. - revision-memory-limit: "200M" # 200 megabytes of memory - - # revision-ephemeral-storage-limit contains the ephemeral storage - # allocation to limit revisions to by default. If omitted, no value is - # specified and the system default is used. - revision-ephemeral-storage-limit: "750M" # 750 megabytes of storage - - # container-name-template contains a template for the default - # container name, if none is specified. This field supports - # Go templating and is supplied with the ObjectMeta of the - # enclosing Service or Configuration, so values such as - # {{.Name}} are also valid. - container-name-template: "user-container" - - # init-container-name-template contains a template for the default - # init container name, if none is specified. This field supports - # Go templating and is supplied with the ObjectMeta of the - # enclosing Service or Configuration, so values such as - # {{.Name}} are also valid. - init-container-name-template: "init-container" - - # container-concurrency specifies the maximum number - # of requests the Container can handle at once, and requests - # above this threshold are queued. Setting a value of zero - # disables this throttling and lets through as many requests as - # the pod receives. - container-concurrency: "0" - - # The container concurrency max limit is an operator setting ensuring that - # the individual revisions cannot have arbitrary large concurrency - # values, or autoscaling targets. `container-concurrency` default setting - # must be at or below this value. - # - # Must be greater than 1. - # - # Note: even with this set, a user can choose a containerConcurrency - # of 0 (i.e. unbounded) unless allow-container-concurrency-zero is - # set to "false". - container-concurrency-max-limit: "1000" - - # allow-container-concurrency-zero controls whether users can - # specify 0 (i.e. unbounded) for containerConcurrency. - allow-container-concurrency-zero: "true" - - # enable-service-links specifies the default value used for the - # enableServiceLinks field of the PodSpec, when it is omitted by the user. - # See: https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service - # - # This is a tri-state flag with possible values of (true|false|default). - # - # In environments with large number of services it is suggested - # to set this value to `false`. - # See https://github.com/knative/serving/issues/8498. - enable-service-links: "false" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-deployment - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.1" - annotations: - knative.dev/example-checksum: "410041a0" -data: - # This is the Go import path for the binary that is containerized - # and substituted here. - queue-sidecar-image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:65c427aaab3be9cea1afea32cdef26d5855c69403077d2dc3439f75c26a1e83f - _example: |- - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # List of repositories for which tag to digest resolving should be skipped - registries-skipping-tag-resolving: "kind.local,ko.local,dev.local" - - # Maximum time allowed for an image's digests to be resolved. - digest-resolution-timeout: "10s" - - # Duration we wait for the deployment to be ready before considering it failed. - progress-deadline: "600s" - - # Sets the queue proxy's CPU request. - # If omitted, a default value (currently "25m"), is used. - queue-sidecar-cpu-request: "25m" - - # Sets the queue proxy's CPU limit. - # If omitted, no value is specified and the system default is used. - queue-sidecar-cpu-limit: "1000m" - - # Sets the queue proxy's memory request. - # If omitted, no value is specified and the system default is used. - queue-sidecar-memory-request: "400Mi" - - # Sets the queue proxy's memory limit. - # If omitted, no value is specified and the system default is used. - queue-sidecar-memory-limit: "800Mi" - - # Sets the queue proxy's ephemeral storage request. - # If omitted, no value is specified and the system default is used. - queue-sidecar-ephemeral-storage-request: "512Mi" - - # Sets the queue proxy's ephemeral storage limit. - # If omitted, no value is specified and the system default is used. - queue-sidecar-ephemeral-storage-limit: "1024Mi" - - # Sets tokens associated with specific audiences for queue proxy - used by QPOptions - # - # For example, to add the `service-x` audience: - # queue-sidecar-token-audiences: "service-x" - # Also supports a list of audiences, for example: - # queue-sidecar-token-audiences: "service-x,service-y" - # If omitted, or empty, no tokens are created - queue-sidecar-token-audiences: "" - - # Sets rootCA for the queue proxy - used by QPOptions - # If omitted, or empty, no rootCA is added to the golang rootCAs - queue-sidecar-rootca: "" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-domain - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.1" - annotations: - knative.dev/example-checksum: "26c09de5" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # Default value for domain. - # Routes having the cluster domain suffix (by default 'svc.cluster.local') - # will not be exposed through Ingress. You can define your own label - # selector to assign that domain suffix to your Route here, or you can set - # the label - # "networking.knative.dev/visibility=cluster-local" - # to achieve the same effect. This shows how to make routes having - # the label app=secret only exposed to the local cluster. - svc.cluster.local: | - selector: - app: secret - - # These are example settings of domain. - # example.com will be used for all routes, but it is the least-specific rule so it - # will only be used if no other domain matches. - example.com: | - - # example.org will be used for routes having app=nonprofit. - example.org: | - selector: - app: nonprofit - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-features - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.1" - annotations: - knative.dev/example-checksum: "d3565159" -data: - _example: |- - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # Default SecurityContext settings to secure-by-default values - # if unset. - # - # This value will default to "enabled" in a future release, - # probably Knative 1.10 - secure-pod-defaults: "disabled" - - # Indicates whether multi container support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#multi-containers - multi-container: "enabled" - - # Indicates whether Kubernetes affinity support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-node-affinity - kubernetes.podspec-affinity: "disabled" - - # Indicates whether Kubernetes topologySpreadConstraints support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-topology-spread-constraints - kubernetes.podspec-topologyspreadconstraints: "disabled" - - # Indicates whether Kubernetes hostAliases support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-host-aliases - kubernetes.podspec-hostaliases: "disabled" - - # Indicates whether Kubernetes nodeSelector support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-node-selector - kubernetes.podspec-nodeselector: "disabled" - - # Indicates whether Kubernetes tolerations support is enabled - # - # WARNING: Cannot safely be disabled once enabled - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-toleration - kubernetes.podspec-tolerations: "disabled" - - # Indicates whether Kubernetes FieldRef support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-fieldref - kubernetes.podspec-fieldref: "disabled" - - # Indicates whether Kubernetes RuntimeClassName support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-runtime-class - kubernetes.podspec-runtimeclassname: "disabled" - - # Indicates whether Kubernetes DNSPolicy support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-dnspolicy - kubernetes.podspec-dnspolicy: "disabled" - - # Indicates whether Kubernetes DNSConfig support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-dnsconfig - kubernetes.podspec-dnsconfig: "disabled" - - # This feature allows end-users to set a subset of fields on the Pod's SecurityContext - # - # When set to "enabled" or "allowed" it allows the following - # PodSecurityContext properties: - # - FSGroup - # - RunAsGroup - # - RunAsNonRoot - # - SupplementalGroups - # - RunAsUser - # - SeccompProfile - # - # This feature flag should be used with caution as the PodSecurityContext - # properties may have a side-effect on non-user sidecar containers that come - # from Knative or your service mesh - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-security-context - kubernetes.podspec-securitycontext: "disabled" - - # Indicates whether Kubernetes PriorityClassName support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-priority-class-name - kubernetes.podspec-priorityclassname: "disabled" - - # Indicates whether Kubernetes SchedulerName support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-scheduler-name - kubernetes.podspec-schedulername: "disabled" - - # This feature flag allows end-users to add a subset of capabilities on the Pod's SecurityContext. - # - # When set to "enabled" or "allowed" it allows capabilities to be added to the container. - # For a list of possible capabilities, see https://man7.org/linux/man-pages/man7/capabilities.7.html - kubernetes.containerspec-addcapabilities: "disabled" - - # This feature validates PodSpecs from the validating webhook - # against the K8s API Server. - # - # When "enabled", the server will always run the extra validation. - # When "allowed", the server will not run the dry-run validation by default. - # However, clients may enable the behavior on an individual Service by - # attaching the following metadata annotation: "features.knative.dev/podspec-dryrun":"enabled". - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-dry-run - kubernetes.podspec-dryrun: "allowed" - - # Controls whether tag header based routing feature are enabled or not. - # 1. Enabled: enabling tag header based routing - # 2. Disabled: disabling tag header based routing - # See: https://knative.dev/docs/serving/feature-flags/#tag-header-based-routing - tag-header-based-routing: "disabled" - - # Controls whether http2 auto-detection should be enabled or not. - # 1. Enabled: http2 connection will be attempted via upgrade. - # 2. Disabled: http2 connection will only be attempted when port name is set to "h2c". - autodetect-http2: "disabled" - - # Controls whether volume support for EmptyDir is enabled or not. - # 1. Enabled: enabling EmptyDir volume support - # 2. Disabled: disabling EmptyDir volume support - kubernetes.podspec-volumes-emptydir: "enabled" - - # Controls whether init containers support is enabled or not. - # 1. Enabled: enabling init containers support - # 2. Disabled: disabling init containers support - kubernetes.podspec-init-containers: "disabled" - - # Controls whether persistent volume claim support is enabled or not. - # 1. Enabled: enabling persistent volume claim support - # 2. Disabled: disabling persistent volume claim support - kubernetes.podspec-persistent-volume-claim: "disabled" - - # Controls whether write access for persistent volumes is enabled or not. - # 1. Enabled: enabling write access for persistent volumes - # 2. Disabled: disabling write access for persistent volumes - kubernetes.podspec-persistent-volume-write: "disabled" - - # Controls if the queue proxy podInfo feature is enabled, allowed or disabled - # - # This feature should be enabled/allowed when using queue proxy Options (Extensions) - # Enabling will mount a podInfo volume to the queue proxy container. - # The volume will contains an 'annotations' file (from the pod's annotation field). - # The annotations in this file include the Service annotations set by the client creating the service. - # If mounted, the annotations can be accessed by queue proxy extensions at /etc/podinfo/annnotations - # - # 1. "enabled": always mount a podInfo volume - # 2. "disabled": never mount a podInfo volume - # 3. "allowed": by default, do not mount a podInfo volume - # However, a client may mount the podInfo volume on an individual Service by attaching - # the following metadata annotation to the Service: "features.knative.dev/queueproxy-podinfo":"enabled". - # - # NOTE THAT THIS IS AN EXPERIMENTAL / ALPHA FEATURE - queueproxy.mount-podinfo: "disabled" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-gc - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.1" - annotations: - knative.dev/example-checksum: "aa3813a8" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # --------------------------------------- - # Garbage Collector Settings - # --------------------------------------- - # - # Active - # * Revisions which are referenced by a Route are considered active. - # * Individual revisions may be marked with the annotation - # "serving.knative.dev/no-gc":"true" to be permanently considered active. - # * Active revisions are not considered for GC. - # Retention - # * Revisions are retained if they are any of the following: - # 1. Active - # 2. Were created within "retain-since-create-time" - # 3. Were last referenced by a route within - # "retain-since-last-active-time" - # 4. There are fewer than "min-non-active-revisions" - # If none of these conditions are met, or if the count of revisions exceed - # "max-non-active-revisions", they will be deleted by GC. - # The special value "disabled" may be used to turn off these limits. - # - # Example config to immediately collect any inactive revision: - # min-non-active-revisions: "0" - # max-non-active-revisions: "0" - # retain-since-create-time: "disabled" - # retain-since-last-active-time: "disabled" - # - # Example config to always keep around the last ten non-active revisions: - # retain-since-create-time: "disabled" - # retain-since-last-active-time: "disabled" - # max-non-active-revisions: "10" - # - # Example config to disable all garbage collection: - # retain-since-create-time: "disabled" - # retain-since-last-active-time: "disabled" - # max-non-active-revisions: "disabled" - # - # Example config to keep recently deployed or active revisions, - # always maintain the last two in case of rollback, and prevent - # burst activity from exploding the count of old revisions: - # retain-since-create-time: "48h" - # retain-since-last-active-time: "15h" - # min-non-active-revisions: "2" - # max-non-active-revisions: "1000" - - # Duration since creation before considering a revision for GC or "disabled". - retain-since-create-time: "48h" - - # Duration since active before considering a revision for GC or "disabled". - retain-since-last-active-time: "15h" - - # Minimum number of non-active revisions to retain. - min-non-active-revisions: "20" - - # Maximum number of non-active revisions to retain - # or "disabled" to disable any maximum limit. - max-non-active-revisions: "1000" - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-leader-election - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.1" - annotations: - knative.dev/example-checksum: "f4b71f57" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # lease-duration is how long non-leaders will wait to try to acquire the - # lock; 15 seconds is the value used by core kubernetes controllers. - lease-duration: "60s" - - # renew-deadline is how long a leader will try to renew the lease before - # giving up; 10 seconds is the value used by core kubernetes controllers. - renew-deadline: "40s" - - # retry-period is how long the leader election client waits between tries of - # actions; 2 seconds is the value used by core kubernetes controllers. - retry-period: "10s" - - # buckets is the number of buckets used to partition key space of each - # Reconciler. If this number is M and the replica number of the controller - # is N, the N replicas will compete for the M buckets. The owner of a - # bucket will take care of the reconciling for the keys partitioned into - # that bucket. - buckets: "1" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-logging - namespace: knative-serving - labels: - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/component: logging - app.kubernetes.io/name: knative-serving - annotations: - knative.dev/example-checksum: "b0f3c6f2" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # Common configuration for all Knative codebase - zap-logger-config: | - { - "level": "info", - "development": false, - "outputPaths": ["stdout"], - "errorOutputPaths": ["stderr"], - "encoding": "json", - "encoderConfig": { - "timeKey": "timestamp", - "levelKey": "severity", - "nameKey": "logger", - "callerKey": "caller", - "messageKey": "message", - "stacktraceKey": "stacktrace", - "lineEnding": "", - "levelEncoder": "", - "timeEncoder": "iso8601", - "durationEncoder": "", - "callerEncoder": "" - } - } - - # Log level overrides - # For all components except the queue proxy, - # changes are picked up immediately. - # For queue proxy, changes require recreation of the pods. - loglevel.controller: "info" - loglevel.autoscaler: "info" - loglevel.queueproxy: "info" - loglevel.webhook: "info" - loglevel.activator: "info" - loglevel.hpaautoscaler: "info" - loglevel.net-certmanager-controller: "info" - loglevel.net-istio-controller: "info" - loglevel.net-contour-controller: "info" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-network - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.1" - annotations: - knative.dev/example-checksum: "73d96d1b" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # ingress-class specifies the default ingress class - # to use when not dictated by Route annotation. - # - # If not specified, will use the Istio ingress. - # - # Note that changing the Ingress class of an existing Route - # will result in undefined behavior. Therefore it is best to only - # update this value during the setup of Knative, to avoid getting - # undefined behavior. - ingress-class: "istio.ingress.networking.knative.dev" - - # certificate-class specifies the default Certificate class - # to use when not dictated by Route annotation. - # - # If not specified, will use the Cert-Manager Certificate. - # - # Note that changing the Certificate class of an existing Route - # will result in undefined behavior. Therefore it is best to only - # update this value during the setup of Knative, to avoid getting - # undefined behavior. - certificate-class: "cert-manager.certificate.networking.knative.dev" - - # namespace-wildcard-cert-selector specifies a LabelSelector which - # determines which namespaces should have a wildcard certificate - # provisioned. - # - # Use an empty value to disable the feature (this is the default): - # namespace-wildcard-cert-selector: "" - # - # Use an empty object to enable for all namespaces - # namespace-wildcard-cert-selector: {} - # - # Useful labels include the "kubernetes.io/metadata.name" label to - # avoid provisioning a certifcate for the "kube-system" namespaces. - # Use the following selector to match pre-1.0 behavior of using - # "networking.knative.dev/disableWildcardCert" to exclude namespaces: - # - # matchExpressions: - # - key: "networking.knative.dev/disableWildcardCert" - # operator: "NotIn" - # values: ["true"] - namespace-wildcard-cert-selector: "" - - # domain-template specifies the golang text template string to use - # when constructing the Knative service's DNS name. The default - # value is "{{.Name}}.{{.Namespace}}.{{.Domain}}". - # - # Valid variables defined in the template include Name, Namespace, Domain, - # Labels, and Annotations. Name will be the result of the tagTemplate - # below, if a tag is specified for the route. - # - # Changing this value might be necessary when the extra levels in - # the domain name generated is problematic for wildcard certificates - # that only support a single level of domain name added to the - # certificate's domain. In those cases you might consider using a value - # of "{{.Name}}-{{.Namespace}}.{{.Domain}}", or removing the Namespace - # entirely from the template. When choosing a new value be thoughtful - # of the potential for conflicts - for example, when users choose to use - # characters such as `-` in their service, or namespace, names. - # {{.Annotations}} or {{.Labels}} can be used for any customization in the - # go template if needed. - # We strongly recommend keeping namespace part of the template to avoid - # domain name clashes: - # eg. '{{.Name}}-{{.Namespace}}.{{ index .Annotations "sub"}}.{{.Domain}}' - # and you have an annotation {"sub":"foo"}, then the generated template - # would be {Name}-{Namespace}.foo.{Domain} - domain-template: "{{.Name}}.{{.Namespace}}.{{.Domain}}" - - # tagTemplate specifies the golang text template string to use - # when constructing the DNS name for "tags" within the traffic blocks - # of Routes and Configuration. This is used in conjunction with the - # domainTemplate above to determine the full URL for the tag. - tag-template: "{{.Tag}}-{{.Name}}" - - # Controls whether TLS certificates are automatically provisioned and - # installed in the Knative ingress to terminate external TLS connection. - # 1. Enabled: enabling auto-TLS feature. - # 2. Disabled: disabling auto-TLS feature. - auto-tls: "Disabled" - - # Controls the behavior of the HTTP endpoint for the Knative ingress. - # It requires autoTLS to be enabled. - # 1. Enabled: The Knative ingress will be able to serve HTTP connection. - # 2. Redirected: The Knative ingress will send a 301 redirect for all - # http connections, asking the clients to use HTTPS. - # - # "Disabled" option is deprecated. - http-protocol: "Enabled" - - # rollout-duration contains the minimal duration in seconds over which the - # Configuration traffic targets are rolled out to the newest revision. - rollout-duration: "0" - - # autocreate-cluster-domain-claims controls whether ClusterDomainClaims should - # be automatically created (and deleted) as needed when DomainMappings are - # reconciled. - # - # If this is "false" (the default), the cluster administrator is - # responsible for creating ClusterDomainClaims and delegating them to - # namespaces via their spec.Namespace field. This setting should be used in - # multitenant environments which need to control which namespace can use a - # particular domain name in a domain mapping. - # - # If this is "true", users are able to associate arbitrary names with their - # services via the DomainMapping feature. - autocreate-cluster-domain-claims: "false" - - # If true, networking plugins can add additional information to deployed - # applications to make their pods directly accessible via their IPs even if mesh is - # enabled and thus direct-addressability is usually not possible. - # Consumers like Knative Serving can use this setting to adjust their behavior - # accordingly, i.e. to drop fallback solutions for non-pod-addressable systems. - # - # NOTE: This flag is in an alpha state and is mostly here to enable internal testing - # for now. Use with caution. - enable-mesh-pod-addressability: "false" - - # mesh-compatibility-mode indicates whether consumers of network plugins - # should directly contact Pod IPs (most efficient), or should use the - # Cluster IP (less efficient, needed when mesh is enabled unless - # `enable-mesh-pod-addressability`, above, is set). - # Permitted values are: - # - "auto" (default): automatically determine which mesh mode to use by trying Pod IP and falling back to Cluster IP as needed. - # - "enabled": always use Cluster IP and do not attempt to use Pod IPs. - # - "disabled": always use Pod IPs and do not fall back to Cluster IP on failure. - mesh-compatibility-mode: "auto" - - # Defines the scheme used for external URLs if autoTLS is not enabled. - # This can be used for making Knative report all URLs as "HTTPS" for example, if you're - # fronting Knative with an external loadbalancer that deals with TLS termination and - # Knative doesn't know about that otherwise. - default-external-scheme: "http" - - # internal-encryption indicates whether internal traffic is encrypted or not. - # If this is "true", the following traffic are encrypted: - # - ingress to activator - # - ingress to queue-proxy - # - activator to queue-proxy - # - # NOTE: This flag is in an alpha state and is mostly here to enable internal testing - # for now. Use with caution. - internal-encryption: "false" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-observability - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: observability - app.kubernetes.io/version: "1.10.1" - annotations: - knative.dev/example-checksum: "fed4756e" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # logging.enable-var-log-collection defaults to false. - # The fluentd daemon set will be set up to collect /var/log if - # this flag is true. - logging.enable-var-log-collection: "false" - - # logging.revision-url-template provides a template to use for producing the - # logging URL that is injected into the status of each Revision. - logging.revision-url-template: "http://logging.example.com/?revisionUID=${REVISION_UID}" - - # If non-empty, this enables queue proxy writing user request logs to stdout, excluding probe - # requests. - # NB: after 0.18 release logging.enable-request-log must be explicitly set to true - # in order for request logging to be enabled. - # - # The value determines the shape of the request logs and it must be a valid go text/template. - # It is important to keep this as a single line. Multiple lines are parsed as separate entities - # by most collection agents and will split the request logs into multiple records. - # - # The following fields and functions are available to the template: - # - # Request: An http.Request (see https://golang.org/pkg/net/http/#Request) - # representing an HTTP request received by the server. - # - # Response: - # struct { - # Code int // HTTP status code (see https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml) - # Size int // An int representing the size of the response. - # Latency float64 // A float64 representing the latency of the response in seconds. - # } - # - # Revision: - # struct { - # Name string // Knative revision name - # Namespace string // Knative revision namespace - # Service string // Knative service name - # Configuration string // Knative configuration name - # PodName string // Name of the pod hosting the revision - # PodIP string // IP of the pod hosting the revision - # } - # - logging.request-log-template: '{"httpRequest": {"requestMethod": "{{.Request.Method}}", "requestUrl": "{{js .Request.RequestURI}}", "requestSize": "{{.Request.ContentLength}}", "status": {{.Response.Code}}, "responseSize": "{{.Response.Size}}", "userAgent": "{{js .Request.UserAgent}}", "remoteIp": "{{js .Request.RemoteAddr}}", "serverIp": "{{.Revision.PodIP}}", "referer": "{{js .Request.Referer}}", "latency": "{{.Response.Latency}}s", "protocol": "{{.Request.Proto}}"}, "traceId": "{{index .Request.Header "X-B3-Traceid"}}"}' - - # If true, the request logging will be enabled. - # NB: up to and including Knative version 0.18 if logging.request-log-template is non-empty, this value - # will be ignored. - logging.enable-request-log: "false" - - # If true, this enables queue proxy writing request logs for probe requests to stdout. - # It uses the same template for user requests, i.e. logging.request-log-template. - logging.enable-probe-request-log: "false" - - # metrics.backend-destination field specifies the system metrics destination. - # It supports either prometheus (the default) or opencensus. - metrics.backend-destination: prometheus - - # metrics.request-metrics-backend-destination specifies the request metrics - # destination. It enables queue proxy to send request metrics. - # Currently supported values: prometheus (the default), opencensus. - metrics.request-metrics-backend-destination: prometheus - - # profiling.enable indicates whether it is allowed to retrieve runtime profiling data from - # the pods via an HTTP server in the format expected by the pprof visualization tool. When - # enabled, the Knative Serving pods expose the profiling data on an alternate HTTP port 8008. - # The HTTP context root for profiling is then /debug/pprof/. - profiling.enable: "false" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-tracing - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: tracing - app.kubernetes.io/version: "1.10.1" - annotations: - knative.dev/example-checksum: "26614636" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - # - # This may be "zipkin" or "none" (default) - backend: "none" - - # URL to zipkin collector where traces are sent. - # This must be specified when backend is "zipkin" - zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans" - - # Enable zipkin debug mode. This allows all spans to be sent to the server - # bypassing sampling. - debug: "false" - - # Percentage (0-1) of requests to trace - sample-rate: "0.1" - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: activator - namespace: knative-serving - labels: - app.kubernetes.io/component: activator - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" -spec: - minReplicas: 1 - maxReplicas: 20 - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: activator - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - # Percentage of the requested CPU - averageUtilization: 100 ---- -# Activator PDB. Currently we permit unavailability of 20% of tasks at the same time. -# Given the subsetting and that the activators are partially stateful systems, we want -# a slow rollout of the new versions and slow migration during node upgrades. -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: activator-pdb - namespace: knative-serving - labels: - app.kubernetes.io/component: activator - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" -spec: - minAvailable: 80% - selector: - matchLabels: - app: activator - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: activator - namespace: knative-serving - labels: - app.kubernetes.io/component: activator - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-serving -spec: - selector: - matchLabels: - app: activator - role: activator - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - labels: - app: activator - role: activator - app.kubernetes.io/component: activator - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" - spec: - serviceAccountName: controller - containers: - - name: activator - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/activator@sha256:94c5485571765baf653d9632b1cbe6809d49e69fc48af035244ae4f02aa0089a - # The numbers are based on performance test results from - # https://github.com/knative/serving/issues/1625#issuecomment-511930023 - resources: - requests: - cpu: 300m - memory: 60Mi - limits: - cpu: 1000m - memory: 600Mi - env: - # Run Activator with GC collection when newly generated memory is 500%. - - name: GOGC - value: "500" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/internal/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: http1 - containerPort: 8012 - - name: h2c - containerPort: 8013 - readinessProbe: - httpGet: - port: 8012 - httpHeaders: - - name: k-kubelet-probe - value: "activator" - periodSeconds: 5 - failureThreshold: 5 - livenessProbe: - httpGet: - port: 8012 - httpHeaders: - - name: k-kubelet-probe - value: "activator" - periodSeconds: 10 - failureThreshold: 12 - initialDelaySeconds: 15 - # The activator (often) sits on the dataplane, and may proxy long (e.g. - # streaming, websockets) requests. We give a long grace period for the - # activator to "lame duck" and drain outstanding requests before we - # forcibly terminate the pod (and outstanding connections). This value - # should be at least as large as the upper bound on the Revision's - # timeoutSeconds property to avoid servicing events disrupting - # connections. - terminationGracePeriodSeconds: 600 ---- -apiVersion: v1 -kind: Service -metadata: - name: activator-service - namespace: knative-serving - labels: - app: activator - app.kubernetes.io/component: activator - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-serving -spec: - selector: - app: activator - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: http - port: 80 - targetPort: 8012 - - name: http2 - port: 81 - targetPort: 8013 - - name: https - port: 443 - targetPort: 8112 - type: ClusterIP - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: autoscaler - namespace: knative-serving - labels: - app.kubernetes.io/component: autoscaler - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" -spec: - replicas: 1 - selector: - matchLabels: - app: autoscaler - strategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 0 - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - labels: - app: autoscaler - app.kubernetes.io/component: autoscaler - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: autoscaler - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: autoscaler - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler@sha256:7664ca7ba1709e3051413ac86c6724ce08a320682be976dd444ac72e6a18398f - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 1000m - memory: 1000Mi - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: websocket - containerPort: 8080 - readinessProbe: - httpGet: - port: 8080 - httpHeaders: - - name: k-kubelet-probe - value: "autoscaler" - livenessProbe: - httpGet: - port: 8080 - httpHeaders: - - name: k-kubelet-probe - value: "autoscaler" - failureThreshold: 6 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: autoscaler - app.kubernetes.io/component: autoscaler - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" - name: autoscaler - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: http - port: 8080 - targetPort: 8080 - selector: - app: autoscaler - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller - namespace: knative-serving - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" -spec: - selector: - matchLabels: - app: controller - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "true" - labels: - app: controller - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: controller - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: controller - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/controller@sha256:179f6e09b36b986cbfe14203497f493c122aeaa8585f937229c59462edf93f62 - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 1000m - memory: 1000Mi - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/internal/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - livenessProbe: - httpGet: - path: /health - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 6 - readinessProbe: - httpGet: - path: /readiness - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 3 - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: probes - containerPort: 8080 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: controller - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" - name: controller - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - selector: - app: controller - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: domain-mapping - namespace: knative-serving - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" -spec: - selector: - matchLabels: - app: domain-mapping - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "true" - labels: - app: domain-mapping - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: domain-mapping - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: domain-mapping - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping@sha256:f6a587a294102705d9d2275b28fe2f3b75c08bc162bc84af8dbe099cde9ddf91 - resources: - requests: - cpu: 30m - memory: 40Mi - limits: - cpu: 300m - memory: 400Mi - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - livenessProbe: - httpGet: - path: /health - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 6 - readinessProbe: - httpGet: - path: /readiness - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 3 - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: probes - containerPort: 8080 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: domainmapping-webhook - namespace: knative-serving - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" -spec: - selector: - matchLabels: - app: domainmapping-webhook - role: domainmapping-webhook - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - labels: - app: domainmapping-webhook - role: domainmapping-webhook - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: domainmapping-webhook - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: domainmapping-webhook - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping-webhook@sha256:f5a0ce2cc4ffd0181a7a8cd8df7d9ac364bc8813997eb6e68b3a386f53e7be31 - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 500m - memory: 500Mi - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: WEBHOOK_PORT - value: "8443" - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: https-webhook - containerPort: 8443 - readinessProbe: - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - livenessProbe: - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - failureThreshold: 6 - initialDelaySeconds: 20 - # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently - # high value that we respect whatever value it has configured for the lame duck grace period. - terminationGracePeriodSeconds: 300 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - role: domainmapping-webhook - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" - name: domainmapping-webhook - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: https-webhook - port: 443 - targetPort: 8443 - selector: - app: domainmapping-webhook - role: domainmapping-webhook - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: webhook - namespace: knative-serving - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" -spec: - minReplicas: 1 - maxReplicas: 5 - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: webhook - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - # Percentage of the requested CPU - averageUtilization: 100 ---- -# Webhook PDB. -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: webhook-pdb - namespace: knative-serving - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" -spec: - minAvailable: 80% - selector: - matchLabels: - app: webhook - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: webhook - namespace: knative-serving - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-serving -spec: - selector: - matchLabels: - app: webhook - role: webhook - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - labels: - app: webhook - role: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-serving - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: webhook - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: webhook - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/webhook@sha256:ce5f0144cf58b25fcf4027f69b7a0d616c7b72e7ff4e2a133a04a2b3c35fd7da - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 500m - memory: 500Mi - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: WEBHOOK_NAME - value: webhook - - name: WEBHOOK_PORT - value: "8443" - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/internal/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: https-webhook - containerPort: 8443 - readinessProbe: - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - livenessProbe: - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - failureThreshold: 6 - initialDelaySeconds: 20 - # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently - # high value that we respect whatever value it has configured for the lame duck grace period. - terminationGracePeriodSeconds: 300 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - role: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/version: "1.10.1" - app.kubernetes.io/name: knative-serving - name: webhook - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: https-webhook - port: 443 - targetPort: 8443 - selector: - app: webhook - role: webhook - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: config.webhook.serving.knative.dev - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: config.webhook.serving.knative.dev - objectSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: ["knative-serving"] - - key: app.kubernetes.io/component - operator: In - values: ["autoscaler", "controller", "logging", "networking", "observability", "tracing"] - timeoutSeconds: 10 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: webhook.serving.knative.dev - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: webhook.serving.knative.dev - timeoutSeconds: 10 - rules: - - apiGroups: - - autoscaling.internal.knative.dev - - networking.internal.knative.dev - - serving.knative.dev - apiVersions: - - "*" - operations: - - CREATE - - UPDATE - scope: "*" - resources: - - metrics - - podautoscalers - - certificates - - ingresses - - serverlessservices - - configurations - - revisions - - routes - - services - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: webhook.domainmapping.serving.knative.dev - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: domainmapping-webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: webhook.domainmapping.serving.knative.dev - timeoutSeconds: 10 - rules: - - apiGroups: - - serving.knative.dev - apiVersions: - - "*" - operations: - - CREATE - - UPDATE - scope: "*" - resources: - - domainmappings - - domainmappings/status - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: domainmapping-webhook-certs - namespace: knative-serving - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" -# The data is populated at install time. - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validation.webhook.domainmapping.serving.knative.dev - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: domainmapping-webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: validation.webhook.domainmapping.serving.knative.dev - timeoutSeconds: 10 - rules: - - apiGroups: - - serving.knative.dev - apiVersions: - - "*" - operations: - - CREATE - - UPDATE - - DELETE - scope: "*" - resources: - - domainmappings - - domainmappings/status - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validation.webhook.serving.knative.dev - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: validation.webhook.serving.knative.dev - timeoutSeconds: 10 - rules: - - apiGroups: - - autoscaling.internal.knative.dev - - networking.internal.knative.dev - - serving.knative.dev - apiVersions: - - "*" - operations: - - CREATE - - UPDATE - - DELETE - scope: "*" - resources: - - metrics - - podautoscalers - - certificates - - ingresses - - serverlessservices - - configurations - - revisions - - routes - - services - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: webhook-certs - namespace: knative-serving - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" -# The data is populated at install time. - ---- diff --git a/cmd/operator/kodata/knative-serving/1.10.1/3-serving-hpa.yaml b/cmd/operator/kodata/knative-serving/1.10.1/3-serving-hpa.yaml deleted file mode 100644 index 86ff720e20..0000000000 --- a/cmd/operator/kodata/knative-serving/1.10.1/3-serving-hpa.yaml +++ /dev/null @@ -1,128 +0,0 @@ -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: autoscaler-hpa - namespace: knative-serving - labels: - autoscaling.knative.dev/autoscaler-provider: hpa - app.kubernetes.io/component: autoscaler-hpa - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" -spec: - selector: - matchLabels: - app: autoscaler-hpa - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "true" - labels: - app: autoscaler-hpa - app.kubernetes.io/component: autoscaler-hpa - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: autoscaler-hpa - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: autoscaler-hpa - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler-hpa@sha256:7a676b90da7b699f789c6f14e823779f244a6aa5e7002dfc00db63a2af3c21dd - resources: - requests: - cpu: 30m - memory: 40Mi - limits: - cpu: 300m - memory: 400Mi - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - livenessProbe: - httpGet: - path: /health - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 5 - readinessProbe: - httpGet: - path: /readiness - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 5 - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: probes - containerPort: 8080 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: autoscaler-hpa - autoscaling.knative.dev/autoscaler-provider: hpa - app.kubernetes.io/component: autoscaler-hpa - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.1" - name: autoscaler-hpa - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - selector: - app: autoscaler-hpa - ---- diff --git a/cmd/operator/kodata/knative-serving/1.10.1/4-serving-post-install-jobs.yaml b/cmd/operator/kodata/knative-serving/1.10.1/4-serving-post-install-jobs.yaml deleted file mode 100644 index cee6c1fa3c..0000000000 --- a/cmd/operator/kodata/knative-serving/1.10.1/4-serving-post-install-jobs.yaml +++ /dev/null @@ -1,70 +0,0 @@ - ---- -# /tmp/knative.S9rYBnJi/tmp.WR2RWVfZnE/serving-storage-version-migration.yaml -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: batch/v1 -kind: Job -metadata: - generateName: storage-version-migration-serving- - namespace: knative-serving - labels: - app: storage-version-migration-serving - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: storage-version-migration-job - app.kubernetes.io/version: "1.10.1" -spec: - ttlSecondsAfterFinished: 600 - backoffLimit: 10 - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - labels: - app: storage-version-migration-serving - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: storage-version-migration-job - app.kubernetes.io/version: "1.10.1" - spec: - serviceAccountName: controller - restartPolicy: OnFailure - containers: - - name: migrate - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:bc91e1fdaf3b67876ca33de1ce15b1268ed0ca8da203102b7699286fae97cf58 - args: - - "services.serving.knative.dev" - - "configurations.serving.knative.dev" - - "revisions.serving.knative.dev" - - "routes.serving.knative.dev" - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 1000m - memory: 1000Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ---- diff --git a/cmd/operator/kodata/knative-serving/1.10.2/1-serving-crds.yaml b/cmd/operator/kodata/knative-serving/1.10.2/1-serving-crds.yaml deleted file mode 100644 index 24cec2af2d..0000000000 --- a/cmd/operator/kodata/knative-serving/1.10.2/1-serving-crds.yaml +++ /dev/null @@ -1,4260 +0,0 @@ -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: certificates.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.2" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Certificate is responsible for provisioning a SSL certificate for the given hosts. It is a Knative abstraction for various SSL certificate provisioning solutions (such as cert-manager or self-signed SSL certificate). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the Certificate. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - dnsNames - - secretName - properties: - dnsNames: - description: DNSNames is a list of DNS names the Certificate could support. The wildcard format of DNSNames (e.g. *.default.example.com) is supported. - type: array - items: - type: string - domain: - description: Domain is the top level domain of the values for DNSNames. - type: string - secretName: - description: SecretName is the name of the secret resource to store the SSL certificate in. - type: string - status: - description: 'Status is the current state of the Certificate. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - http01Challenges: - description: HTTP01Challenges is a list of HTTP01 challenges that need to be fulfilled in order to get the TLS certificate.. - type: array - items: - description: HTTP01Challenge defines the status of a HTTP01 challenge that a certificate needs to fulfill. - type: object - properties: - serviceName: - description: ServiceName is the name of the service to serve HTTP01 challenge requests. - type: string - serviceNamespace: - description: ServiceNamespace is the namespace of the service to serve HTTP01 challenge requests. - type: string - servicePort: - description: ServicePort is the port of the service to serve HTTP01 challenge requests. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - url: - description: URL is the URL that the HTTP01 challenge is expected to serve on. - type: string - notAfter: - description: The expiration time of the TLS certificate stored in the secret named by this resource in spec.secretName. - type: string - format: date-time - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Certificate - plural: certificates - singular: certificate - categories: - - knative-internal - - networking - shortNames: - - kcert - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: configurations.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" - knative.dev/crd-install: "true" - duck.knative.dev/podspecable: "true" -spec: - group: serving.knative.dev - names: - kind: Configuration - plural: configurations - singular: configuration - categories: - - all - - knative - - serving - shortNames: - - config - - cfg - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: LatestCreated - type: string - jsonPath: .status.latestCreatedRevisionName - - name: LatestReady - type: string - jsonPath: .status.latestReadyRevisionName - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'Configuration represents the "floating HEAD" of a linear history of Revisions. Users create new Revisions by updating the Configuration''s spec. The "latest created" revision''s name is available under status, as is the "latest ready" revision''s name. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#configuration' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConfigurationSpec holds the desired state of the Configuration (from the client). - type: object - properties: - template: - description: Template holds the latest specification for the Revision to be stamped out. - type: object - properties: - metadata: - type: object - properties: - annotations: - type: object - additionalProperties: - type: string - finalizers: - type: array - items: - type: string - labels: - type: object - additionalProperties: - type: string - name: - type: string - namespace: - type: string - x-kubernetes-preserve-unknown-fields: true - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - status: - description: ConfigurationStatus communicates the observed state of the Configuration (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - latestCreatedRevisionName: - description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. - type: string - latestReadyRevisionName: - description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterdomainclaims.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.2" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: ClusterDomainClaim is a cluster-wide reservation for a particular domain name. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the ClusterDomainClaim. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - namespace - properties: - namespace: - description: Namespace is the namespace which is allowed to create a DomainMapping using this ClusterDomainClaim's name. - type: string - names: - kind: ClusterDomainClaim - plural: clusterdomainclaims - singular: clusterdomainclaim - categories: - - knative-internal - - networking - shortNames: - - cdc - scope: Cluster - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: domainmappings.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" - knative.dev/crd-install: "true" -spec: - group: serving.knative.dev - versions: - - name: v1beta1 - served: true - storage: false - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - "schema": - "openAPIV3Schema": - description: DomainMapping is a mapping from a custom hostname to an Addressable. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - ref - properties: - ref: - description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." - type: object - required: - - kind - - name - properties: - address: - description: Address points to a specific Address Name. - type: string - apiVersion: - description: API version of the referent. - type: string - group: - description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - tls: - description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. - type: object - required: - - secretName - properties: - secretName: - description: SecretName is the name of the existing secret used to terminate TLS traffic. - type: string - status: - description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - address: - description: Address holds the information needed for a DomainMapping to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - url: - description: URL is the URL of this DomainMapping. - type: string - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: DomainMapping is a mapping from a custom hostname to an Addressable. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - ref - properties: - ref: - description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." - type: object - required: - - kind - - name - properties: - address: - description: Address points to a specific Address Name. - type: string - apiVersion: - description: API version of the referent. - type: string - group: - description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - tls: - description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. - type: object - required: - - secretName - properties: - secretName: - description: SecretName is the name of the existing secret used to terminate TLS traffic. - type: string - status: - description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - address: - description: Address holds the information needed for a DomainMapping to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - url: - description: URL is the URL of this DomainMapping. - type: string - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: DomainMapping - plural: domainmappings - singular: domainmapping - categories: - - all - - knative - - serving - shortNames: - - dm - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ingresses.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.2" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: "Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable URLs, load balance traffic, offer name based virtual hosting, etc. \n This is heavily based on K8s Ingress https://godoc.org/k8s.io/api/networking/v1beta1#Ingress which some highlighted modifications." - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the Ingress. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - httpOption: - description: 'HTTPOption is the option of HTTP. It has the following two values: `HTTPOptionEnabled`, `HTTPOptionRedirected`' - type: string - rules: - description: A list of host rules used to configure the Ingress. - type: array - items: - description: IngressRule represents the rules mapping the paths under a specified host to the related backend services. Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching IngressRuleValue. - type: object - properties: - hosts: - description: 'Host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the "host" part of the URI as defined in the RFC: 1. IPs are not allowed. Currently a rule value can only apply to the IP in the Spec of the parent . 2. The `:` delimiter is not respected because ports are not allowed. Currently the port of an Ingress is implicitly :80 for http and :443 for https. Both these may change in the future. If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue. If multiple matching Hosts were provided, the first rule will take precedent.' - type: array - items: - type: string - http: - description: HTTP represents a rule to apply against incoming requests. If the rule is satisfied, the request is routed to the specified backend. - type: object - required: - - paths - properties: - paths: - description: "A collection of paths that map requests to backends. \n If they are multiple matching paths, the first match takes precedence." - type: array - items: - description: HTTPIngressPath associates a path regex with a backend. Incoming URLs matching the path are forwarded to the backend. - type: object - required: - - splits - properties: - appendHeaders: - description: "AppendHeaders allow specifying additional HTTP headers to add before forwarding a request to the destination service. \n NOTE: This differs from K8s Ingress which doesn't allow header appending." - type: object - additionalProperties: - type: string - headers: - description: Headers defines header matching rules which is a map from a header name to HeaderMatch which specify a matching condition. When a request matched with all the header matching rules, the request is routed by the corresponding ingress rule. If it is empty, the headers are not used for matching - type: object - additionalProperties: - description: HeaderMatch represents a matching value of Headers in HTTPIngressPath. Currently, only the exact matching is supported. - type: object - required: - - exact - properties: - exact: - type: string - path: - description: Path represents a literal prefix to which this rule should apply. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/'. If unspecified, the path defaults to a catch all sending traffic to the backend. - type: string - rewriteHost: - description: "RewriteHost rewrites the incoming request's host header. \n This field is currently experimental and not supported by all Ingress implementations." - type: string - splits: - description: Splits defines the referenced service endpoints to which the traffic will be forwarded to. - type: array - items: - description: IngressBackendSplit describes all endpoints for a given service and port. - type: object - required: - - serviceName - - serviceNamespace - - servicePort - properties: - appendHeaders: - description: "AppendHeaders allow specifying additional HTTP headers to add before forwarding a request to the destination service. \n NOTE: This differs from K8s Ingress which doesn't allow header appending." - type: object - additionalProperties: - type: string - percent: - description: "Specifies the split percentage, a number between 0 and 100. If only one split is specified, we default to 100. \n NOTE: This differs from K8s Ingress to allow percentage split." - type: integer - serviceName: - description: Specifies the name of the referenced service. - type: string - serviceNamespace: - description: "Specifies the namespace of the referenced service. \n NOTE: This differs from K8s Ingress to allow routing to different namespaces." - type: string - servicePort: - description: Specifies the port of the referenced service. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - visibility: - description: Visibility signifies whether this rule should `ClusterLocal`. If it's not specified then it defaults to `ExternalIP`. - type: string - tls: - description: 'TLS configuration. Currently Ingress only supports a single TLS port: 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI.' - type: array - items: - description: IngressTLS describes the transport layer security associated with an Ingress. - type: object - properties: - hosts: - description: Hosts is a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified. - type: array - items: - type: string - secretName: - description: SecretName is the name of the secret used to terminate SSL traffic. - type: string - secretNamespace: - description: SecretNamespace is the namespace of the secret used to terminate SSL traffic. If not set the namespace should be assumed to be the same as the Ingress. If set the secret should have the same namespace as the Ingress otherwise the behaviour is undefined and not supported. - type: string - status: - description: 'Status is the current state of the Ingress. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - privateLoadBalancer: - description: PrivateLoadBalancer contains the current status of the load-balancer. - type: object - properties: - ingress: - description: Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points. - type: array - items: - description: 'LoadBalancerIngressStatus represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.' - type: object - properties: - domain: - description: Domain is set for load-balancer ingress points that are DNS based (typically AWS load-balancers) - type: string - domainInternal: - description: "DomainInternal is set if there is a cluster-local DNS name to access the Ingress. \n NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local DNS name to allow routing in case of not having a mesh." - type: string - ip: - description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers) - type: string - meshOnly: - description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. - type: boolean - publicLoadBalancer: - description: PublicLoadBalancer contains the current status of the load-balancer. - type: object - properties: - ingress: - description: Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points. - type: array - items: - description: 'LoadBalancerIngressStatus represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.' - type: object - properties: - domain: - description: Domain is set for load-balancer ingress points that are DNS based (typically AWS load-balancers) - type: string - domainInternal: - description: "DomainInternal is set if there is a cluster-local DNS name to access the Ingress. \n NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local DNS name to allow routing in case of not having a mesh." - type: string - ip: - description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers) - type: string - meshOnly: - description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. - type: boolean - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: Ingress - plural: ingresses - singular: ingress - categories: - - knative-internal - - networking - shortNames: - - kingress - - king - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: metrics.autoscaling.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" - knative.dev/crd-install: "true" -spec: - group: autoscaling.internal.knative.dev - names: - kind: Metric - plural: metrics - singular: metric - categories: - - knative-internal - - autoscaling - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: Metric represents a resource to configure the metric collector with. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Metric (from the client). - type: object - required: - - panicWindow - - scrapeTarget - - stableWindow - properties: - panicWindow: - description: PanicWindow is the aggregation window for metrics where quick reactions are needed. - type: integer - format: int64 - scrapeTarget: - description: ScrapeTarget is the K8s service that publishes the metric endpoint. - type: string - stableWindow: - description: StableWindow is the aggregation window for metrics in a stable state. - type: integer - format: int64 - status: - description: Status communicates the observed state of the Metric (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: podautoscalers.autoscaling.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" - knative.dev/crd-install: "true" -spec: - group: autoscaling.internal.knative.dev - names: - kind: PodAutoscaler - plural: podautoscalers - singular: podautoscaler - categories: - - knative-internal - - autoscaling - shortNames: - - kpa - - pa - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: DesiredScale - type: integer - jsonPath: ".status.desiredScale" - - name: ActualScale - type: integer - jsonPath: ".status.actualScale" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'PodAutoscaler is a Knative abstraction that encapsulates the interface by which Knative components instantiate autoscalers. This definition is an abstraction that may be backed by multiple definitions. For more information, see the Knative Pluggability presentation: https://docs.google.com/presentation/d/19vW9HFZ6Puxt31biNZF3uLRejDmu82rxJIk1cWmxF7w/edit' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the PodAutoscaler (from the client). - type: object - required: - - protocolType - - scaleTargetRef - properties: - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means unlimited concurrency. - type: integer - format: int64 - protocolType: - description: The application-layer protocol. Matches `ProtocolType` inferred from the revision spec. - type: string - reachability: - description: Reachability specifies whether or not the `ScaleTargetRef` can be reached (ie. has a route). Defaults to `ReachabilityUnknown` - type: string - scaleTargetRef: - description: ScaleTargetRef defines the /scale-able resource that this PodAutoscaler is responsible for quickly right-sizing. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - x-kubernetes-map-type: atomic - status: - description: Status communicates the observed state of the PodAutoscaler (from the controller). - type: object - required: - - metricsServiceName - - serviceName - properties: - actualScale: - description: ActualScale shows the actual number of replicas for the revision. - type: integer - format: int32 - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - desiredScale: - description: DesiredScale shows the current desired number of replicas for the revision. - type: integer - format: int32 - metricsServiceName: - description: MetricsServiceName is the K8s Service name that provides revision metrics. The service is managed by the PA object. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - serviceName: - description: ServiceName is the K8s Service name that serves the revision, scaled by this PA. The service is created and owned by the ServerlessService object owned by this PA. - type: string - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: revisions.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" - knative.dev/crd-install: "true" -spec: - group: serving.knative.dev - names: - kind: Revision - plural: revisions - singular: revision - categories: - - all - - knative - - serving - shortNames: - - rev - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Config Name - type: string - jsonPath: ".metadata.labels['serving\\.knative\\.dev/configuration']" - - name: K8s Service Name - type: string - jsonPath: ".status.serviceName" - - name: Generation - type: string # int in string form :( - jsonPath: ".metadata.labels['serving\\.knative\\.dev/configurationGeneration']" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - name: Actual Replicas - type: integer - jsonPath: ".status.actualReplicas" - - name: Desired Replicas - type: integer - jsonPath: ".status.desiredReplicas" - schema: - openAPIV3Schema: - description: "Revision is an immutable snapshot of code and configuration. A revision references a container image. Revisions are created by updates to a Configuration. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#revision" - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - status: - description: RevisionStatus communicates the observed state of the Revision (from the controller). - type: object - properties: - actualReplicas: - description: ActualReplicas reflects the amount of ready pods running this revision. - type: integer - format: int32 - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - containerStatuses: - description: 'ContainerStatuses is a slice of images present in .Spec.Container[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' - type: array - items: - description: ContainerStatus holds the information of container name and image digest value - type: object - properties: - imageDigest: - type: string - name: - type: string - desiredReplicas: - description: DesiredReplicas reflects the desired amount of pods running this revision. - type: integer - format: int32 - initContainerStatuses: - description: 'InitContainerStatuses is a slice of images present in .Spec.InitContainer[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' - type: array - items: - description: ContainerStatus holds the information of container name and image digest value - type: object - properties: - imageDigest: - type: string - name: - type: string - logUrl: - description: LogURL specifies the generated logging url for this particular revision based on the revision url template specified in the controller's config. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: routes.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" -spec: - group: serving.knative.dev - names: - kind: Route - plural: routes - singular: route - categories: - - all - - knative - - serving - shortNames: - - rt - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'Route is responsible for configuring ingress over a collection of Revisions. Some of the Revisions a Route distributes traffic over may be specified by referencing the Configuration responsible for creating them; in these cases the Route is additionally responsible for monitoring the Configuration for "latest ready revision" changes, and smoothly rolling out latest revisions. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#route' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Route (from the client). - type: object - properties: - traffic: - description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - status: - description: Status communicates the observed state of the Route (from the controller). - type: object - properties: - address: - description: Address holds the information needed for a Route to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - traffic: - description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - url: - description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} - type: string - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: serverlessservices.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.2" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'ServerlessService is a proxy for the K8s service objects containing the endpoints for the revision, whether those are endpoints of the activator or revision pods. See: https://knative.page.link/naxz for details.' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the ServerlessService. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - objectRef - - protocolType - properties: - mode: - description: Mode describes the mode of operation of the ServerlessService. - type: string - numActivators: - description: NumActivators contains number of Activators that this revision should be assigned. O means — assign all. - type: integer - format: int32 - objectRef: - description: ObjectRef defines the resource that this ServerlessService is responsible for making "serverless". - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - x-kubernetes-map-type: atomic - protocolType: - description: The application-layer protocol. Matches `RevisionProtocolType` set on the owning pa/revision. serving imports networking, so just use string. - type: string - status: - description: 'Status is the current state of the ServerlessService. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - privateServiceName: - description: PrivateServiceName holds the name of a core K8s Service resource that load balances over the user service pods backing this Revision. - type: string - serviceName: - description: ServiceName holds the name of a core K8s Service resource that load balances over the pods backing this Revision (activator or revision). - type: string - additionalPrinterColumns: - - name: Mode - type: string - jsonPath: ".spec.mode" - - name: Activators - type: integer - jsonPath: ".spec.numActivators" - - name: ServiceName - type: string - jsonPath: ".status.serviceName" - - name: PrivateServiceName - type: string - jsonPath: ".status.privateServiceName" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: ServerlessService - plural: serverlessservices - singular: serverlessservice - categories: - - knative-internal - - networking - shortNames: - - sks - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: services.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - duck.knative.dev/podspecable: "true" -spec: - group: serving.knative.dev - names: - kind: Service - plural: services - singular: service - categories: - - all - - knative - - serving - shortNames: - - kservice - - ksvc - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: LatestCreated - type: string - jsonPath: .status.latestCreatedRevisionName - - name: LatestReady - type: string - jsonPath: .status.latestReadyRevisionName - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: "Service acts as a top-level container that manages a Route and Configuration which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership. Service acts only as an orchestrator of the underlying Routes and Configurations (much as a kubernetes Deployment orchestrates ReplicaSets), and its usage is optional but recommended. \n The Service's controller will track the statuses of its owned Configuration and Route, reflecting their statuses and conditions as its own. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#service" - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ServiceSpec represents the configuration for the Service object. A Service's specification is the union of the specifications for a Route and Configuration. The Service restricts what can be expressed in these fields, e.g. the Route must reference the provided Configuration; however, these limitations also enable friendlier defaulting, e.g. Route never needs a Configuration name, and may be defaulted to the appropriate "run latest" spec. - type: object - properties: - template: - description: Template holds the latest specification for the Revision to be stamped out. - type: object - properties: - metadata: - type: object - properties: - annotations: - type: object - additionalProperties: - type: string - finalizers: - type: array - items: - type: string - labels: - type: object - additionalProperties: - type: string - name: - type: string - namespace: - type: string - x-kubernetes-preserve-unknown-fields: true - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - traffic: - description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - status: - description: ServiceStatus represents the Status stanza of the Service resource. - type: object - properties: - address: - description: Address holds the information needed for a Route to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - latestCreatedRevisionName: - description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. - type: string - latestReadyRevisionName: - description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - traffic: - description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - url: - description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} - type: string - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: images.caching.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" - knative.dev/crd-install: "true" -spec: - group: caching.internal.knative.dev - names: - kind: Image - plural: images - singular: image - categories: - - knative-internal - - caching - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Image is a Knative abstraction that encapsulates the interface by which Knative components express a desire to have a particular image cached. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Image (from the client). - type: object - required: - - image - properties: - image: - description: Image is the name of the container image url to cache across the cluster. - type: string - imagePullSecrets: - description: ImagePullSecrets contains the names of the Kubernetes Secrets containing login information used by the Pods which will run this container. - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - serviceAccountName: - description: 'ServiceAccountName is the name of the Kubernetes ServiceAccount as which the Pods will run this container. This is potentially used to authenticate the image pull if the service account has attached pull secrets. For more information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account' - type: string - status: - description: Status communicates the observed state of the Image (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: Image - type: string - jsonPath: .spec.image - ---- diff --git a/cmd/operator/kodata/knative-serving/1.10.2/2-serving-core.yaml b/cmd/operator/kodata/knative-serving/1.10.2/2-serving-core.yaml deleted file mode 100644 index f1e8e3ff21..0000000000 --- a/cmd/operator/kodata/knative-serving/1.10.2/2-serving-core.yaml +++ /dev/null @@ -1,7191 +0,0 @@ -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Namespace -metadata: - name: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Use this aggregated ClusterRole when you need readonly access to "Addressables" -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - # Named like this to avoid clashing with eventing's existing `addressable-resolver` role - # (which should be identical, but isn't guaranteed to be installed alongside serving). - name: knative-serving-aggregated-addressable-resolver - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-serving -aggregationRule: - clusterRoleSelectors: - - matchLabels: - duck.knative.dev/addressable: "true" ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-addressable-resolver - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-serving - # Labeled to facilitate aggregated cluster roles that act on Addressables. - duck.knative.dev/addressable: "true" -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - serving.knative.dev - resources: - - routes - - routes/status - - services - - services/status - verbs: - - get - - list - - watch - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-namespaced-admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-serving -rules: - - apiGroups: ["serving.knative.dev"] - resources: ["*"] - verbs: ["*"] - - apiGroups: ["networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] - resources: ["*"] - verbs: ["get", "list", "watch"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-namespaced-edit - labels: - rbac.authorization.k8s.io/aggregate-to-edit: "true" - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-serving -rules: - - apiGroups: ["serving.knative.dev"] - resources: ["*"] - verbs: ["create", "update", "patch", "delete"] - - apiGroups: ["networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] - resources: ["*"] - verbs: ["get", "list", "watch"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-namespaced-view - labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-serving -rules: - - apiGroups: ["serving.knative.dev", "networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] - resources: ["*"] - verbs: ["get", "list", "watch"] - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-core - labels: - serving.knative.dev/controller: "true" - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-serving -rules: - - apiGroups: [""] - resources: ["pods", "namespaces", "secrets", "configmaps", "endpoints", "services", "events", "serviceaccounts"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: [""] - resources: ["endpoints/restricted"] # Permission for RestrictedEndpointsAdmission - verbs: ["create"] - - apiGroups: [""] - resources: ["namespaces/finalizers"] # finalizers are needed for the owner reference of the webhook - verbs: ["update"] - - apiGroups: ["apps"] - resources: ["deployments", "deployments/finalizers"] # finalizers are needed for the owner reference of the webhook - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions", "customresourcedefinitions/status"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["autoscaling"] - resources: ["horizontalpodautoscalers"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["serving.knative.dev", "autoscaling.internal.knative.dev", "networking.internal.knative.dev"] - resources: ["*", "*/status", "*/finalizers"] - verbs: ["get", "list", "create", "update", "delete", "deletecollection", "patch", "watch"] - - apiGroups: ["caching.internal.knative.dev"] - resources: ["images"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-podspecable-binding - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-serving - # Labeled to facilitate aggregated cluster roles that act on PodSpecables. - duck.knative.dev/podspecable: "true" -# Do not use this role directly. These rules will be added to the "podspecable-binder" role. -rules: - - apiGroups: - - serving.knative.dev - resources: - - configurations - - services - verbs: - - list - - watch - - patch - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: controller - namespace: knative-serving - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-admin - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" -aggregationRule: - clusterRoleSelectors: - - matchLabels: - serving.knative.dev/controller: "true" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-serving-controller-admin - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" -subjects: - - kind: ServiceAccount - name: controller - namespace: knative-serving -roleRef: - kind: ClusterRole - name: knative-serving-admin - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-serving-controller-addressable-resolver - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" -subjects: - - kind: ServiceAccount - name: controller - namespace: knative-serving -roleRef: - kind: ClusterRole - name: knative-serving-aggregated-addressable-resolver - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: images.caching.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" - knative.dev/crd-install: "true" -spec: - group: caching.internal.knative.dev - names: - kind: Image - plural: images - singular: image - categories: - - knative-internal - - caching - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Image is a Knative abstraction that encapsulates the interface by which Knative components express a desire to have a particular image cached. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Image (from the client). - type: object - required: - - image - properties: - image: - description: Image is the name of the container image url to cache across the cluster. - type: string - imagePullSecrets: - description: ImagePullSecrets contains the names of the Kubernetes Secrets containing login information used by the Pods which will run this container. - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - serviceAccountName: - description: 'ServiceAccountName is the name of the Kubernetes ServiceAccount as which the Pods will run this container. This is potentially used to authenticate the image pull if the service account has attached pull secrets. For more information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account' - type: string - status: - description: Status communicates the observed state of the Image (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: Image - type: string - jsonPath: .spec.image - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: certificates.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.2" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Certificate is responsible for provisioning a SSL certificate for the given hosts. It is a Knative abstraction for various SSL certificate provisioning solutions (such as cert-manager or self-signed SSL certificate). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the Certificate. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - dnsNames - - secretName - properties: - dnsNames: - description: DNSNames is a list of DNS names the Certificate could support. The wildcard format of DNSNames (e.g. *.default.example.com) is supported. - type: array - items: - type: string - domain: - description: Domain is the top level domain of the values for DNSNames. - type: string - secretName: - description: SecretName is the name of the secret resource to store the SSL certificate in. - type: string - status: - description: 'Status is the current state of the Certificate. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - http01Challenges: - description: HTTP01Challenges is a list of HTTP01 challenges that need to be fulfilled in order to get the TLS certificate.. - type: array - items: - description: HTTP01Challenge defines the status of a HTTP01 challenge that a certificate needs to fulfill. - type: object - properties: - serviceName: - description: ServiceName is the name of the service to serve HTTP01 challenge requests. - type: string - serviceNamespace: - description: ServiceNamespace is the namespace of the service to serve HTTP01 challenge requests. - type: string - servicePort: - description: ServicePort is the port of the service to serve HTTP01 challenge requests. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - url: - description: URL is the URL that the HTTP01 challenge is expected to serve on. - type: string - notAfter: - description: The expiration time of the TLS certificate stored in the secret named by this resource in spec.secretName. - type: string - format: date-time - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Certificate - plural: certificates - singular: certificate - categories: - - knative-internal - - networking - shortNames: - - kcert - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: configurations.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" - knative.dev/crd-install: "true" - duck.knative.dev/podspecable: "true" -spec: - group: serving.knative.dev - names: - kind: Configuration - plural: configurations - singular: configuration - categories: - - all - - knative - - serving - shortNames: - - config - - cfg - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: LatestCreated - type: string - jsonPath: .status.latestCreatedRevisionName - - name: LatestReady - type: string - jsonPath: .status.latestReadyRevisionName - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'Configuration represents the "floating HEAD" of a linear history of Revisions. Users create new Revisions by updating the Configuration''s spec. The "latest created" revision''s name is available under status, as is the "latest ready" revision''s name. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#configuration' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConfigurationSpec holds the desired state of the Configuration (from the client). - type: object - properties: - template: - description: Template holds the latest specification for the Revision to be stamped out. - type: object - properties: - metadata: - type: object - properties: - annotations: - type: object - additionalProperties: - type: string - finalizers: - type: array - items: - type: string - labels: - type: object - additionalProperties: - type: string - name: - type: string - namespace: - type: string - x-kubernetes-preserve-unknown-fields: true - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - status: - description: ConfigurationStatus communicates the observed state of the Configuration (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - latestCreatedRevisionName: - description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. - type: string - latestReadyRevisionName: - description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterdomainclaims.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.2" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: ClusterDomainClaim is a cluster-wide reservation for a particular domain name. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the ClusterDomainClaim. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - namespace - properties: - namespace: - description: Namespace is the namespace which is allowed to create a DomainMapping using this ClusterDomainClaim's name. - type: string - names: - kind: ClusterDomainClaim - plural: clusterdomainclaims - singular: clusterdomainclaim - categories: - - knative-internal - - networking - shortNames: - - cdc - scope: Cluster - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: domainmappings.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" - knative.dev/crd-install: "true" -spec: - group: serving.knative.dev - versions: - - name: v1beta1 - served: true - storage: false - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - "schema": - "openAPIV3Schema": - description: DomainMapping is a mapping from a custom hostname to an Addressable. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - ref - properties: - ref: - description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." - type: object - required: - - kind - - name - properties: - address: - description: Address points to a specific Address Name. - type: string - apiVersion: - description: API version of the referent. - type: string - group: - description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - tls: - description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. - type: object - required: - - secretName - properties: - secretName: - description: SecretName is the name of the existing secret used to terminate TLS traffic. - type: string - status: - description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - address: - description: Address holds the information needed for a DomainMapping to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - url: - description: URL is the URL of this DomainMapping. - type: string - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: DomainMapping is a mapping from a custom hostname to an Addressable. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - ref - properties: - ref: - description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." - type: object - required: - - kind - - name - properties: - address: - description: Address points to a specific Address Name. - type: string - apiVersion: - description: API version of the referent. - type: string - group: - description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - tls: - description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. - type: object - required: - - secretName - properties: - secretName: - description: SecretName is the name of the existing secret used to terminate TLS traffic. - type: string - status: - description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - address: - description: Address holds the information needed for a DomainMapping to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - url: - description: URL is the URL of this DomainMapping. - type: string - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: DomainMapping - plural: domainmappings - singular: domainmapping - categories: - - all - - knative - - serving - shortNames: - - dm - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ingresses.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.2" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: "Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable URLs, load balance traffic, offer name based virtual hosting, etc. \n This is heavily based on K8s Ingress https://godoc.org/k8s.io/api/networking/v1beta1#Ingress which some highlighted modifications." - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the Ingress. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - httpOption: - description: 'HTTPOption is the option of HTTP. It has the following two values: `HTTPOptionEnabled`, `HTTPOptionRedirected`' - type: string - rules: - description: A list of host rules used to configure the Ingress. - type: array - items: - description: IngressRule represents the rules mapping the paths under a specified host to the related backend services. Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching IngressRuleValue. - type: object - properties: - hosts: - description: 'Host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the "host" part of the URI as defined in the RFC: 1. IPs are not allowed. Currently a rule value can only apply to the IP in the Spec of the parent . 2. The `:` delimiter is not respected because ports are not allowed. Currently the port of an Ingress is implicitly :80 for http and :443 for https. Both these may change in the future. If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue. If multiple matching Hosts were provided, the first rule will take precedent.' - type: array - items: - type: string - http: - description: HTTP represents a rule to apply against incoming requests. If the rule is satisfied, the request is routed to the specified backend. - type: object - required: - - paths - properties: - paths: - description: "A collection of paths that map requests to backends. \n If they are multiple matching paths, the first match takes precedence." - type: array - items: - description: HTTPIngressPath associates a path regex with a backend. Incoming URLs matching the path are forwarded to the backend. - type: object - required: - - splits - properties: - appendHeaders: - description: "AppendHeaders allow specifying additional HTTP headers to add before forwarding a request to the destination service. \n NOTE: This differs from K8s Ingress which doesn't allow header appending." - type: object - additionalProperties: - type: string - headers: - description: Headers defines header matching rules which is a map from a header name to HeaderMatch which specify a matching condition. When a request matched with all the header matching rules, the request is routed by the corresponding ingress rule. If it is empty, the headers are not used for matching - type: object - additionalProperties: - description: HeaderMatch represents a matching value of Headers in HTTPIngressPath. Currently, only the exact matching is supported. - type: object - required: - - exact - properties: - exact: - type: string - path: - description: Path represents a literal prefix to which this rule should apply. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/'. If unspecified, the path defaults to a catch all sending traffic to the backend. - type: string - rewriteHost: - description: "RewriteHost rewrites the incoming request's host header. \n This field is currently experimental and not supported by all Ingress implementations." - type: string - splits: - description: Splits defines the referenced service endpoints to which the traffic will be forwarded to. - type: array - items: - description: IngressBackendSplit describes all endpoints for a given service and port. - type: object - required: - - serviceName - - serviceNamespace - - servicePort - properties: - appendHeaders: - description: "AppendHeaders allow specifying additional HTTP headers to add before forwarding a request to the destination service. \n NOTE: This differs from K8s Ingress which doesn't allow header appending." - type: object - additionalProperties: - type: string - percent: - description: "Specifies the split percentage, a number between 0 and 100. If only one split is specified, we default to 100. \n NOTE: This differs from K8s Ingress to allow percentage split." - type: integer - serviceName: - description: Specifies the name of the referenced service. - type: string - serviceNamespace: - description: "Specifies the namespace of the referenced service. \n NOTE: This differs from K8s Ingress to allow routing to different namespaces." - type: string - servicePort: - description: Specifies the port of the referenced service. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - visibility: - description: Visibility signifies whether this rule should `ClusterLocal`. If it's not specified then it defaults to `ExternalIP`. - type: string - tls: - description: 'TLS configuration. Currently Ingress only supports a single TLS port: 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI.' - type: array - items: - description: IngressTLS describes the transport layer security associated with an Ingress. - type: object - properties: - hosts: - description: Hosts is a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified. - type: array - items: - type: string - secretName: - description: SecretName is the name of the secret used to terminate SSL traffic. - type: string - secretNamespace: - description: SecretNamespace is the namespace of the secret used to terminate SSL traffic. If not set the namespace should be assumed to be the same as the Ingress. If set the secret should have the same namespace as the Ingress otherwise the behaviour is undefined and not supported. - type: string - status: - description: 'Status is the current state of the Ingress. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - privateLoadBalancer: - description: PrivateLoadBalancer contains the current status of the load-balancer. - type: object - properties: - ingress: - description: Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points. - type: array - items: - description: 'LoadBalancerIngressStatus represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.' - type: object - properties: - domain: - description: Domain is set for load-balancer ingress points that are DNS based (typically AWS load-balancers) - type: string - domainInternal: - description: "DomainInternal is set if there is a cluster-local DNS name to access the Ingress. \n NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local DNS name to allow routing in case of not having a mesh." - type: string - ip: - description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers) - type: string - meshOnly: - description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. - type: boolean - publicLoadBalancer: - description: PublicLoadBalancer contains the current status of the load-balancer. - type: object - properties: - ingress: - description: Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points. - type: array - items: - description: 'LoadBalancerIngressStatus represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.' - type: object - properties: - domain: - description: Domain is set for load-balancer ingress points that are DNS based (typically AWS load-balancers) - type: string - domainInternal: - description: "DomainInternal is set if there is a cluster-local DNS name to access the Ingress. \n NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local DNS name to allow routing in case of not having a mesh." - type: string - ip: - description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers) - type: string - meshOnly: - description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. - type: boolean - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: Ingress - plural: ingresses - singular: ingress - categories: - - knative-internal - - networking - shortNames: - - kingress - - king - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: metrics.autoscaling.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" - knative.dev/crd-install: "true" -spec: - group: autoscaling.internal.knative.dev - names: - kind: Metric - plural: metrics - singular: metric - categories: - - knative-internal - - autoscaling - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: Metric represents a resource to configure the metric collector with. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Metric (from the client). - type: object - required: - - panicWindow - - scrapeTarget - - stableWindow - properties: - panicWindow: - description: PanicWindow is the aggregation window for metrics where quick reactions are needed. - type: integer - format: int64 - scrapeTarget: - description: ScrapeTarget is the K8s service that publishes the metric endpoint. - type: string - stableWindow: - description: StableWindow is the aggregation window for metrics in a stable state. - type: integer - format: int64 - status: - description: Status communicates the observed state of the Metric (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: podautoscalers.autoscaling.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" - knative.dev/crd-install: "true" -spec: - group: autoscaling.internal.knative.dev - names: - kind: PodAutoscaler - plural: podautoscalers - singular: podautoscaler - categories: - - knative-internal - - autoscaling - shortNames: - - kpa - - pa - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: DesiredScale - type: integer - jsonPath: ".status.desiredScale" - - name: ActualScale - type: integer - jsonPath: ".status.actualScale" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'PodAutoscaler is a Knative abstraction that encapsulates the interface by which Knative components instantiate autoscalers. This definition is an abstraction that may be backed by multiple definitions. For more information, see the Knative Pluggability presentation: https://docs.google.com/presentation/d/19vW9HFZ6Puxt31biNZF3uLRejDmu82rxJIk1cWmxF7w/edit' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the PodAutoscaler (from the client). - type: object - required: - - protocolType - - scaleTargetRef - properties: - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means unlimited concurrency. - type: integer - format: int64 - protocolType: - description: The application-layer protocol. Matches `ProtocolType` inferred from the revision spec. - type: string - reachability: - description: Reachability specifies whether or not the `ScaleTargetRef` can be reached (ie. has a route). Defaults to `ReachabilityUnknown` - type: string - scaleTargetRef: - description: ScaleTargetRef defines the /scale-able resource that this PodAutoscaler is responsible for quickly right-sizing. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - x-kubernetes-map-type: atomic - status: - description: Status communicates the observed state of the PodAutoscaler (from the controller). - type: object - required: - - metricsServiceName - - serviceName - properties: - actualScale: - description: ActualScale shows the actual number of replicas for the revision. - type: integer - format: int32 - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - desiredScale: - description: DesiredScale shows the current desired number of replicas for the revision. - type: integer - format: int32 - metricsServiceName: - description: MetricsServiceName is the K8s Service name that provides revision metrics. The service is managed by the PA object. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - serviceName: - description: ServiceName is the K8s Service name that serves the revision, scaled by this PA. The service is created and owned by the ServerlessService object owned by this PA. - type: string - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: revisions.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" - knative.dev/crd-install: "true" -spec: - group: serving.knative.dev - names: - kind: Revision - plural: revisions - singular: revision - categories: - - all - - knative - - serving - shortNames: - - rev - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Config Name - type: string - jsonPath: ".metadata.labels['serving\\.knative\\.dev/configuration']" - - name: K8s Service Name - type: string - jsonPath: ".status.serviceName" - - name: Generation - type: string # int in string form :( - jsonPath: ".metadata.labels['serving\\.knative\\.dev/configurationGeneration']" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - name: Actual Replicas - type: integer - jsonPath: ".status.actualReplicas" - - name: Desired Replicas - type: integer - jsonPath: ".status.desiredReplicas" - schema: - openAPIV3Schema: - description: "Revision is an immutable snapshot of code and configuration. A revision references a container image. Revisions are created by updates to a Configuration. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#revision" - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - status: - description: RevisionStatus communicates the observed state of the Revision (from the controller). - type: object - properties: - actualReplicas: - description: ActualReplicas reflects the amount of ready pods running this revision. - type: integer - format: int32 - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - containerStatuses: - description: 'ContainerStatuses is a slice of images present in .Spec.Container[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' - type: array - items: - description: ContainerStatus holds the information of container name and image digest value - type: object - properties: - imageDigest: - type: string - name: - type: string - desiredReplicas: - description: DesiredReplicas reflects the desired amount of pods running this revision. - type: integer - format: int32 - initContainerStatuses: - description: 'InitContainerStatuses is a slice of images present in .Spec.InitContainer[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' - type: array - items: - description: ContainerStatus holds the information of container name and image digest value - type: object - properties: - imageDigest: - type: string - name: - type: string - logUrl: - description: LogURL specifies the generated logging url for this particular revision based on the revision url template specified in the controller's config. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: routes.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" -spec: - group: serving.knative.dev - names: - kind: Route - plural: routes - singular: route - categories: - - all - - knative - - serving - shortNames: - - rt - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'Route is responsible for configuring ingress over a collection of Revisions. Some of the Revisions a Route distributes traffic over may be specified by referencing the Configuration responsible for creating them; in these cases the Route is additionally responsible for monitoring the Configuration for "latest ready revision" changes, and smoothly rolling out latest revisions. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#route' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Route (from the client). - type: object - properties: - traffic: - description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - status: - description: Status communicates the observed state of the Route (from the controller). - type: object - properties: - address: - description: Address holds the information needed for a Route to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - traffic: - description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - url: - description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} - type: string - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: serverlessservices.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.2" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'ServerlessService is a proxy for the K8s service objects containing the endpoints for the revision, whether those are endpoints of the activator or revision pods. See: https://knative.page.link/naxz for details.' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the ServerlessService. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - objectRef - - protocolType - properties: - mode: - description: Mode describes the mode of operation of the ServerlessService. - type: string - numActivators: - description: NumActivators contains number of Activators that this revision should be assigned. O means — assign all. - type: integer - format: int32 - objectRef: - description: ObjectRef defines the resource that this ServerlessService is responsible for making "serverless". - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - x-kubernetes-map-type: atomic - protocolType: - description: The application-layer protocol. Matches `RevisionProtocolType` set on the owning pa/revision. serving imports networking, so just use string. - type: string - status: - description: 'Status is the current state of the ServerlessService. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - privateServiceName: - description: PrivateServiceName holds the name of a core K8s Service resource that load balances over the user service pods backing this Revision. - type: string - serviceName: - description: ServiceName holds the name of a core K8s Service resource that load balances over the pods backing this Revision (activator or revision). - type: string - additionalPrinterColumns: - - name: Mode - type: string - jsonPath: ".spec.mode" - - name: Activators - type: integer - jsonPath: ".spec.numActivators" - - name: ServiceName - type: string - jsonPath: ".status.serviceName" - - name: PrivateServiceName - type: string - jsonPath: ".status.privateServiceName" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: ServerlessService - plural: serverlessservices - singular: serverlessservice - categories: - - knative-internal - - networking - shortNames: - - sks - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: services.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - duck.knative.dev/podspecable: "true" -spec: - group: serving.knative.dev - names: - kind: Service - plural: services - singular: service - categories: - - all - - knative - - serving - shortNames: - - kservice - - ksvc - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: LatestCreated - type: string - jsonPath: .status.latestCreatedRevisionName - - name: LatestReady - type: string - jsonPath: .status.latestReadyRevisionName - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: "Service acts as a top-level container that manages a Route and Configuration which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership. Service acts only as an orchestrator of the underlying Routes and Configurations (much as a kubernetes Deployment orchestrates ReplicaSets), and its usage is optional but recommended. \n The Service's controller will track the statuses of its owned Configuration and Route, reflecting their statuses and conditions as its own. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#service" - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ServiceSpec represents the configuration for the Service object. A Service's specification is the union of the specifications for a Route and Configuration. The Service restricts what can be expressed in these fields, e.g. the Route must reference the provided Configuration; however, these limitations also enable friendlier defaulting, e.g. Route never needs a Configuration name, and may be defaulted to the appropriate "run latest" spec. - type: object - properties: - template: - description: Template holds the latest specification for the Revision to be stamped out. - type: object - properties: - metadata: - type: object - properties: - annotations: - type: object - additionalProperties: - type: string - finalizers: - type: array - items: - type: string - labels: - type: object - additionalProperties: - type: string - name: - type: string - namespace: - type: string - x-kubernetes-preserve-unknown-fields: true - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - traffic: - description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - status: - description: ServiceStatus represents the Status stanza of the Service resource. - type: object - properties: - address: - description: Address holds the information needed for a Route to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - latestCreatedRevisionName: - description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. - type: string - latestReadyRevisionName: - description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - traffic: - description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - url: - description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} - type: string - ---- -# Copyright 2022 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - # Do not drop -ctrl-ca suffix as control-protocol requires it. - # https://github.com/knative-sandbox/control-protocol/blob/main/pkg/certificates/reconciler/controller.go - name: serving-certs-ctrl-ca - namespace: knative-serving - labels: - serving-certs-ctrl: "data-plane" - networking.internal.knative.dev/certificate-uid: "serving-certs" - -# The data is populated when internal-encryption is enabled. ---- -apiVersion: v1 -kind: Secret -metadata: - name: knative-serving-certs - namespace: knative-serving - labels: - serving-certs-ctrl: "data-plane" - networking.internal.knative.dev/certificate-uid: "serving-certs" - -# The data is populated when internal-encryption is enabled. ---- -apiVersion: v1 -kind: Secret -metadata: - name: control-serving-certs - namespace: knative-serving - labels: - serving-certs-ctrl: "control-plane" - networking.internal.knative.dev/certificate-uid: "serving-certs" - -# The data is populated when internal-encryption is enabled. ---- -apiVersion: v1 -kind: Secret -metadata: - name: routing-serving-certs - namespace: knative-serving - labels: - serving-certs-ctrl: "data-plane-routing" - routing-id: "0" - networking.internal.knative.dev/certificate-uid: "serving-certs" -# The data is populated when internal-encryption is enabled. - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: caching.internal.knative.dev/v1alpha1 -kind: Image -metadata: - name: queue-proxy - namespace: knative-serving - labels: - app.kubernetes.io/component: queue-proxy - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" -spec: - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:dabaecec38860ca4c972e6821d5dc825549faf50c6feb8feb4c04802f2338b8a - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-autoscaler - namespace: knative-serving - labels: - app.kubernetes.io/component: autoscaler - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" - annotations: - knative.dev/example-checksum: "47c2487f" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # The Revision ContainerConcurrency field specifies the maximum number - # of requests the Container can handle at once. Container concurrency - # target percentage is how much of that maximum to use in a stable - # state. E.g. if a Revision specifies ContainerConcurrency of 10, then - # the Autoscaler will try to maintain 7 concurrent connections per pod - # on average. - # Note: this limit will be applied to container concurrency set at every - # level (ConfigMap, Revision Spec or Annotation). - # For legacy and backwards compatibility reasons, this value also accepts - # fractional values in (0, 1] interval (i.e. 0.7 ⇒ 70%). - # Thus minimal percentage value must be greater than 1.0, or it will be - # treated as a fraction. - # NOTE: that this value does not affect actual number of concurrent requests - # the user container may receive, but only the average number of requests - # that the revision pods will receive. - container-concurrency-target-percentage: "70" - - # The container concurrency target default is what the Autoscaler will - # try to maintain when concurrency is used as the scaling metric for the - # Revision and the Revision specifies unlimited concurrency. - # When revision explicitly specifies container concurrency, that value - # will be used as a scaling target for autoscaler. - # When specifying unlimited concurrency, the autoscaler will - # horizontally scale the application based on this target concurrency. - # This is what we call "soft limit" in the documentation, i.e. it only - # affects number of pods and does not affect the number of requests - # individual pod processes. - # The value must be a positive number such that the value multiplied - # by container-concurrency-target-percentage is greater than 0.01. - # NOTE: that this value will be adjusted by application of - # container-concurrency-target-percentage, i.e. by default - # the system will target on average 70 concurrent requests - # per revision pod. - # NOTE: Only one metric can be used for autoscaling a Revision. - container-concurrency-target-default: "100" - - # The requests per second (RPS) target default is what the Autoscaler will - # try to maintain when RPS is used as the scaling metric for a Revision and - # the Revision specifies unlimited RPS. Even when specifying unlimited RPS, - # the autoscaler will horizontally scale the application based on this - # target RPS. - # Must be greater than 1.0. - # NOTE: Only one metric can be used for autoscaling a Revision. - requests-per-second-target-default: "200" - - # The target burst capacity specifies the size of burst in concurrent - # requests that the system operator expects the system will receive. - # Autoscaler will try to protect the system from queueing by introducing - # Activator in the request path if the current spare capacity of the - # service is less than this setting. - # If this setting is 0, then Activator will be in the request path only - # when the revision is scaled to 0. - # If this setting is > 0 and container-concurrency-target-percentage is - # 100% or 1.0, then activator will always be in the request path. - # -1 denotes unlimited target-burst-capacity and activator will always - # be in the request path. - # Other negative values are invalid. - target-burst-capacity: "211" - - # When operating in a stable mode, the autoscaler operates on the - # average concurrency over the stable window. - # Stable window must be in whole seconds. - stable-window: "60s" - - # When observed average concurrency during the panic window reaches - # panic-threshold-percentage the target concurrency, the autoscaler - # enters panic mode. When operating in panic mode, the autoscaler - # scales on the average concurrency over the panic window which is - # panic-window-percentage of the stable-window. - # Must be in the [1, 100] range. - # When computing the panic window it will be rounded to the closest - # whole second, at least 1s. - panic-window-percentage: "10.0" - - # The percentage of the container concurrency target at which to - # enter panic mode when reached within the panic window. - panic-threshold-percentage: "200.0" - - # Max scale up rate limits the rate at which the autoscaler will - # increase pod count. It is the maximum ratio of desired pods versus - # observed pods. - # Cannot be less or equal to 1. - # I.e with value of 2.0 the number of pods can at most go N to 2N - # over single Autoscaler period (2s), but at least N to - # N+1, if Autoscaler needs to scale up. - max-scale-up-rate: "1000.0" - - # Max scale down rate limits the rate at which the autoscaler will - # decrease pod count. It is the maximum ratio of observed pods versus - # desired pods. - # Cannot be less or equal to 1. - # I.e. with value of 2.0 the number of pods can at most go N to N/2 - # over single Autoscaler evaluation period (2s), but at - # least N to N-1, if Autoscaler needs to scale down. - max-scale-down-rate: "2.0" - - # Scale to zero feature flag. - enable-scale-to-zero: "true" - - # Scale to zero grace period is the time an inactive revision is left - # running before it is scaled to zero (must be positive, but recommended - # at least a few seconds if running with mesh networking). - # This is the upper limit and is provided not to enforce timeout after - # the revision stopped receiving requests for stable window, but to - # ensure network reprogramming to put activator in the path has completed. - # If the system determines that a shorter period is satisfactory, - # then the system will only wait that amount of time before scaling to 0. - # NOTE: this period might actually be 0, if activator has been - # in the request path sufficiently long. - # If there is necessity for the last pod to linger longer use - # scale-to-zero-pod-retention-period flag. - scale-to-zero-grace-period: "30s" - - # Scale to zero pod retention period defines the minimum amount - # of time the last pod will remain after Autoscaler has decided to - # scale to zero. - # This flag is for the situations where the pod startup is very expensive - # and the traffic is bursty (requiring smaller windows for fast action), - # but patchy. - # The larger of this flag and `scale-to-zero-grace-period` will effectively - # determine how the last pod will hang around. - scale-to-zero-pod-retention-period: "0s" - - # pod-autoscaler-class specifies the default pod autoscaler class - # that should be used if none is specified. If omitted, - # the Knative Pod Autoscaler (KPA) is used by default. - pod-autoscaler-class: "kpa.autoscaling.knative.dev" - - # The capacity of a single activator task. - # The `unit` is one concurrent request proxied by the activator. - # activator-capacity must be at least 1. - # This value is used for computation of the Activator subset size. - # See the algorithm here: http://bit.ly/38XiCZ3. - # TODO(vagababov): tune after actual benchmarking. - activator-capacity: "100.0" - - # initial-scale is the cluster-wide default value for the initial target - # scale of a revision after creation, unless overridden by the - # "autoscaling.knative.dev/initialScale" annotation. - # This value must be greater than 0 unless allow-zero-initial-scale is true. - initial-scale: "1" - - # allow-zero-initial-scale controls whether either the cluster-wide initial-scale flag, - # or the "autoscaling.knative.dev/initialScale" annotation, can be set to 0. - allow-zero-initial-scale: "false" - - # min-scale is the cluster-wide default value for the min scale of a revision, - # unless overridden by the "autoscaling.knative.dev/minScale" annotation. - min-scale: "0" - - # max-scale is the cluster-wide default value for the max scale of a revision, - # unless overridden by the "autoscaling.knative.dev/maxScale" annotation. - # If set to 0, the revision has no maximum scale. - max-scale: "0" - - # scale-down-delay is the amount of time that must pass at reduced - # concurrency before a scale down decision is applied. This can be useful, - # for example, to maintain replica count and avoid a cold start penalty if - # more requests come in within the scale down delay period. - # The default, 0s, imposes no delay at all. - scale-down-delay: "0s" - - # max-scale-limit sets the maximum permitted value for the max scale of a revision. - # When this is set to a positive value, a revision with a maxScale above that value - # (including a maxScale of "0" = unlimited) is disallowed. - # A value of zero (the default) allows any limit, including unlimited. - max-scale-limit: "0" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-defaults - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.2" - annotations: - knative.dev/example-checksum: "e7973912" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # revision-timeout-seconds contains the default number of - # seconds to use for the revision's per-request timeout, if - # none is specified. - revision-timeout-seconds: "300" # 5 minutes - - # max-revision-timeout-seconds contains the maximum number of - # seconds that can be used for revision-timeout-seconds. - # This value must be greater than or equal to revision-timeout-seconds. - # If omitted, the system default is used (600 seconds). - # - # If this value is increased, the activator's terminationGraceTimeSeconds - # should also be increased to prevent in-flight requests being disrupted. - max-revision-timeout-seconds: "600" # 10 minutes - - # revision-response-start-timeout-seconds contains the default number of - # seconds a request will be allowed to stay open while waiting to - # receive any bytes from the user's application, if none is specified. - # - # This defaults to 'revision-timeout-seconds' - revision-response-start-timeout-seconds: "300" - - # revision-idle-timeout-seconds contains the default number of - # seconds a request will be allowed to stay open while not receiving any - # bytes from the user's application, if none is specified. - revision-idle-timeout-seconds: "0" # infinite - - # revision-cpu-request contains the cpu allocation to assign - # to revisions by default. If omitted, no value is specified - # and the system default is used. - # Below is an example of setting revision-cpu-request. - # By default, it is not set by Knative. - revision-cpu-request: "400m" # 0.4 of a CPU (aka 400 milli-CPU) - - # revision-memory-request contains the memory allocation to assign - # to revisions by default. If omitted, no value is specified - # and the system default is used. - # Below is an example of setting revision-memory-request. - # By default, it is not set by Knative. - revision-memory-request: "100M" # 100 megabytes of memory - - # revision-ephemeral-storage-request contains the ephemeral storage - # allocation to assign to revisions by default. If omitted, no value is - # specified and the system default is used. - revision-ephemeral-storage-request: "500M" # 500 megabytes of storage - - # revision-cpu-limit contains the cpu allocation to limit - # revisions to by default. If omitted, no value is specified - # and the system default is used. - # Below is an example of setting revision-cpu-limit. - # By default, it is not set by Knative. - revision-cpu-limit: "1000m" # 1 CPU (aka 1000 milli-CPU) - - # revision-memory-limit contains the memory allocation to limit - # revisions to by default. If omitted, no value is specified - # and the system default is used. - # Below is an example of setting revision-memory-limit. - # By default, it is not set by Knative. - revision-memory-limit: "200M" # 200 megabytes of memory - - # revision-ephemeral-storage-limit contains the ephemeral storage - # allocation to limit revisions to by default. If omitted, no value is - # specified and the system default is used. - revision-ephemeral-storage-limit: "750M" # 750 megabytes of storage - - # container-name-template contains a template for the default - # container name, if none is specified. This field supports - # Go templating and is supplied with the ObjectMeta of the - # enclosing Service or Configuration, so values such as - # {{.Name}} are also valid. - container-name-template: "user-container" - - # init-container-name-template contains a template for the default - # init container name, if none is specified. This field supports - # Go templating and is supplied with the ObjectMeta of the - # enclosing Service or Configuration, so values such as - # {{.Name}} are also valid. - init-container-name-template: "init-container" - - # container-concurrency specifies the maximum number - # of requests the Container can handle at once, and requests - # above this threshold are queued. Setting a value of zero - # disables this throttling and lets through as many requests as - # the pod receives. - container-concurrency: "0" - - # The container concurrency max limit is an operator setting ensuring that - # the individual revisions cannot have arbitrary large concurrency - # values, or autoscaling targets. `container-concurrency` default setting - # must be at or below this value. - # - # Must be greater than 1. - # - # Note: even with this set, a user can choose a containerConcurrency - # of 0 (i.e. unbounded) unless allow-container-concurrency-zero is - # set to "false". - container-concurrency-max-limit: "1000" - - # allow-container-concurrency-zero controls whether users can - # specify 0 (i.e. unbounded) for containerConcurrency. - allow-container-concurrency-zero: "true" - - # enable-service-links specifies the default value used for the - # enableServiceLinks field of the PodSpec, when it is omitted by the user. - # See: https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service - # - # This is a tri-state flag with possible values of (true|false|default). - # - # In environments with large number of services it is suggested - # to set this value to `false`. - # See https://github.com/knative/serving/issues/8498. - enable-service-links: "false" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-deployment - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.2" - annotations: - knative.dev/example-checksum: "410041a0" -data: - # This is the Go import path for the binary that is containerized - # and substituted here. - queue-sidecar-image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:dabaecec38860ca4c972e6821d5dc825549faf50c6feb8feb4c04802f2338b8a - _example: |- - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # List of repositories for which tag to digest resolving should be skipped - registries-skipping-tag-resolving: "kind.local,ko.local,dev.local" - - # Maximum time allowed for an image's digests to be resolved. - digest-resolution-timeout: "10s" - - # Duration we wait for the deployment to be ready before considering it failed. - progress-deadline: "600s" - - # Sets the queue proxy's CPU request. - # If omitted, a default value (currently "25m"), is used. - queue-sidecar-cpu-request: "25m" - - # Sets the queue proxy's CPU limit. - # If omitted, no value is specified and the system default is used. - queue-sidecar-cpu-limit: "1000m" - - # Sets the queue proxy's memory request. - # If omitted, no value is specified and the system default is used. - queue-sidecar-memory-request: "400Mi" - - # Sets the queue proxy's memory limit. - # If omitted, no value is specified and the system default is used. - queue-sidecar-memory-limit: "800Mi" - - # Sets the queue proxy's ephemeral storage request. - # If omitted, no value is specified and the system default is used. - queue-sidecar-ephemeral-storage-request: "512Mi" - - # Sets the queue proxy's ephemeral storage limit. - # If omitted, no value is specified and the system default is used. - queue-sidecar-ephemeral-storage-limit: "1024Mi" - - # Sets tokens associated with specific audiences for queue proxy - used by QPOptions - # - # For example, to add the `service-x` audience: - # queue-sidecar-token-audiences: "service-x" - # Also supports a list of audiences, for example: - # queue-sidecar-token-audiences: "service-x,service-y" - # If omitted, or empty, no tokens are created - queue-sidecar-token-audiences: "" - - # Sets rootCA for the queue proxy - used by QPOptions - # If omitted, or empty, no rootCA is added to the golang rootCAs - queue-sidecar-rootca: "" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-domain - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.2" - annotations: - knative.dev/example-checksum: "26c09de5" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # Default value for domain. - # Routes having the cluster domain suffix (by default 'svc.cluster.local') - # will not be exposed through Ingress. You can define your own label - # selector to assign that domain suffix to your Route here, or you can set - # the label - # "networking.knative.dev/visibility=cluster-local" - # to achieve the same effect. This shows how to make routes having - # the label app=secret only exposed to the local cluster. - svc.cluster.local: | - selector: - app: secret - - # These are example settings of domain. - # example.com will be used for all routes, but it is the least-specific rule so it - # will only be used if no other domain matches. - example.com: | - - # example.org will be used for routes having app=nonprofit. - example.org: | - selector: - app: nonprofit - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-features - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.2" - annotations: - knative.dev/example-checksum: "d3565159" -data: - _example: |- - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # Default SecurityContext settings to secure-by-default values - # if unset. - # - # This value will default to "enabled" in a future release, - # probably Knative 1.10 - secure-pod-defaults: "disabled" - - # Indicates whether multi container support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#multi-containers - multi-container: "enabled" - - # Indicates whether Kubernetes affinity support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-node-affinity - kubernetes.podspec-affinity: "disabled" - - # Indicates whether Kubernetes topologySpreadConstraints support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-topology-spread-constraints - kubernetes.podspec-topologyspreadconstraints: "disabled" - - # Indicates whether Kubernetes hostAliases support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-host-aliases - kubernetes.podspec-hostaliases: "disabled" - - # Indicates whether Kubernetes nodeSelector support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-node-selector - kubernetes.podspec-nodeselector: "disabled" - - # Indicates whether Kubernetes tolerations support is enabled - # - # WARNING: Cannot safely be disabled once enabled - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-toleration - kubernetes.podspec-tolerations: "disabled" - - # Indicates whether Kubernetes FieldRef support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-fieldref - kubernetes.podspec-fieldref: "disabled" - - # Indicates whether Kubernetes RuntimeClassName support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-runtime-class - kubernetes.podspec-runtimeclassname: "disabled" - - # Indicates whether Kubernetes DNSPolicy support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-dnspolicy - kubernetes.podspec-dnspolicy: "disabled" - - # Indicates whether Kubernetes DNSConfig support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-dnsconfig - kubernetes.podspec-dnsconfig: "disabled" - - # This feature allows end-users to set a subset of fields on the Pod's SecurityContext - # - # When set to "enabled" or "allowed" it allows the following - # PodSecurityContext properties: - # - FSGroup - # - RunAsGroup - # - RunAsNonRoot - # - SupplementalGroups - # - RunAsUser - # - SeccompProfile - # - # This feature flag should be used with caution as the PodSecurityContext - # properties may have a side-effect on non-user sidecar containers that come - # from Knative or your service mesh - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-security-context - kubernetes.podspec-securitycontext: "disabled" - - # Indicates whether Kubernetes PriorityClassName support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-priority-class-name - kubernetes.podspec-priorityclassname: "disabled" - - # Indicates whether Kubernetes SchedulerName support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-scheduler-name - kubernetes.podspec-schedulername: "disabled" - - # This feature flag allows end-users to add a subset of capabilities on the Pod's SecurityContext. - # - # When set to "enabled" or "allowed" it allows capabilities to be added to the container. - # For a list of possible capabilities, see https://man7.org/linux/man-pages/man7/capabilities.7.html - kubernetes.containerspec-addcapabilities: "disabled" - - # This feature validates PodSpecs from the validating webhook - # against the K8s API Server. - # - # When "enabled", the server will always run the extra validation. - # When "allowed", the server will not run the dry-run validation by default. - # However, clients may enable the behavior on an individual Service by - # attaching the following metadata annotation: "features.knative.dev/podspec-dryrun":"enabled". - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-dry-run - kubernetes.podspec-dryrun: "allowed" - - # Controls whether tag header based routing feature are enabled or not. - # 1. Enabled: enabling tag header based routing - # 2. Disabled: disabling tag header based routing - # See: https://knative.dev/docs/serving/feature-flags/#tag-header-based-routing - tag-header-based-routing: "disabled" - - # Controls whether http2 auto-detection should be enabled or not. - # 1. Enabled: http2 connection will be attempted via upgrade. - # 2. Disabled: http2 connection will only be attempted when port name is set to "h2c". - autodetect-http2: "disabled" - - # Controls whether volume support for EmptyDir is enabled or not. - # 1. Enabled: enabling EmptyDir volume support - # 2. Disabled: disabling EmptyDir volume support - kubernetes.podspec-volumes-emptydir: "enabled" - - # Controls whether init containers support is enabled or not. - # 1. Enabled: enabling init containers support - # 2. Disabled: disabling init containers support - kubernetes.podspec-init-containers: "disabled" - - # Controls whether persistent volume claim support is enabled or not. - # 1. Enabled: enabling persistent volume claim support - # 2. Disabled: disabling persistent volume claim support - kubernetes.podspec-persistent-volume-claim: "disabled" - - # Controls whether write access for persistent volumes is enabled or not. - # 1. Enabled: enabling write access for persistent volumes - # 2. Disabled: disabling write access for persistent volumes - kubernetes.podspec-persistent-volume-write: "disabled" - - # Controls if the queue proxy podInfo feature is enabled, allowed or disabled - # - # This feature should be enabled/allowed when using queue proxy Options (Extensions) - # Enabling will mount a podInfo volume to the queue proxy container. - # The volume will contains an 'annotations' file (from the pod's annotation field). - # The annotations in this file include the Service annotations set by the client creating the service. - # If mounted, the annotations can be accessed by queue proxy extensions at /etc/podinfo/annnotations - # - # 1. "enabled": always mount a podInfo volume - # 2. "disabled": never mount a podInfo volume - # 3. "allowed": by default, do not mount a podInfo volume - # However, a client may mount the podInfo volume on an individual Service by attaching - # the following metadata annotation to the Service: "features.knative.dev/queueproxy-podinfo":"enabled". - # - # NOTE THAT THIS IS AN EXPERIMENTAL / ALPHA FEATURE - queueproxy.mount-podinfo: "disabled" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-gc - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.2" - annotations: - knative.dev/example-checksum: "aa3813a8" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # --------------------------------------- - # Garbage Collector Settings - # --------------------------------------- - # - # Active - # * Revisions which are referenced by a Route are considered active. - # * Individual revisions may be marked with the annotation - # "serving.knative.dev/no-gc":"true" to be permanently considered active. - # * Active revisions are not considered for GC. - # Retention - # * Revisions are retained if they are any of the following: - # 1. Active - # 2. Were created within "retain-since-create-time" - # 3. Were last referenced by a route within - # "retain-since-last-active-time" - # 4. There are fewer than "min-non-active-revisions" - # If none of these conditions are met, or if the count of revisions exceed - # "max-non-active-revisions", they will be deleted by GC. - # The special value "disabled" may be used to turn off these limits. - # - # Example config to immediately collect any inactive revision: - # min-non-active-revisions: "0" - # max-non-active-revisions: "0" - # retain-since-create-time: "disabled" - # retain-since-last-active-time: "disabled" - # - # Example config to always keep around the last ten non-active revisions: - # retain-since-create-time: "disabled" - # retain-since-last-active-time: "disabled" - # max-non-active-revisions: "10" - # - # Example config to disable all garbage collection: - # retain-since-create-time: "disabled" - # retain-since-last-active-time: "disabled" - # max-non-active-revisions: "disabled" - # - # Example config to keep recently deployed or active revisions, - # always maintain the last two in case of rollback, and prevent - # burst activity from exploding the count of old revisions: - # retain-since-create-time: "48h" - # retain-since-last-active-time: "15h" - # min-non-active-revisions: "2" - # max-non-active-revisions: "1000" - - # Duration since creation before considering a revision for GC or "disabled". - retain-since-create-time: "48h" - - # Duration since active before considering a revision for GC or "disabled". - retain-since-last-active-time: "15h" - - # Minimum number of non-active revisions to retain. - min-non-active-revisions: "20" - - # Maximum number of non-active revisions to retain - # or "disabled" to disable any maximum limit. - max-non-active-revisions: "1000" - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-leader-election - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.2" - annotations: - knative.dev/example-checksum: "f4b71f57" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # lease-duration is how long non-leaders will wait to try to acquire the - # lock; 15 seconds is the value used by core kubernetes controllers. - lease-duration: "60s" - - # renew-deadline is how long a leader will try to renew the lease before - # giving up; 10 seconds is the value used by core kubernetes controllers. - renew-deadline: "40s" - - # retry-period is how long the leader election client waits between tries of - # actions; 2 seconds is the value used by core kubernetes controllers. - retry-period: "10s" - - # buckets is the number of buckets used to partition key space of each - # Reconciler. If this number is M and the replica number of the controller - # is N, the N replicas will compete for the M buckets. The owner of a - # bucket will take care of the reconciling for the keys partitioned into - # that bucket. - buckets: "1" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-logging - namespace: knative-serving - labels: - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/component: logging - app.kubernetes.io/name: knative-serving - annotations: - knative.dev/example-checksum: "b0f3c6f2" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # Common configuration for all Knative codebase - zap-logger-config: | - { - "level": "info", - "development": false, - "outputPaths": ["stdout"], - "errorOutputPaths": ["stderr"], - "encoding": "json", - "encoderConfig": { - "timeKey": "timestamp", - "levelKey": "severity", - "nameKey": "logger", - "callerKey": "caller", - "messageKey": "message", - "stacktraceKey": "stacktrace", - "lineEnding": "", - "levelEncoder": "", - "timeEncoder": "iso8601", - "durationEncoder": "", - "callerEncoder": "" - } - } - - # Log level overrides - # For all components except the queue proxy, - # changes are picked up immediately. - # For queue proxy, changes require recreation of the pods. - loglevel.controller: "info" - loglevel.autoscaler: "info" - loglevel.queueproxy: "info" - loglevel.webhook: "info" - loglevel.activator: "info" - loglevel.hpaautoscaler: "info" - loglevel.net-certmanager-controller: "info" - loglevel.net-istio-controller: "info" - loglevel.net-contour-controller: "info" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-network - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.2" - annotations: - knative.dev/example-checksum: "73d96d1b" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # ingress-class specifies the default ingress class - # to use when not dictated by Route annotation. - # - # If not specified, will use the Istio ingress. - # - # Note that changing the Ingress class of an existing Route - # will result in undefined behavior. Therefore it is best to only - # update this value during the setup of Knative, to avoid getting - # undefined behavior. - ingress-class: "istio.ingress.networking.knative.dev" - - # certificate-class specifies the default Certificate class - # to use when not dictated by Route annotation. - # - # If not specified, will use the Cert-Manager Certificate. - # - # Note that changing the Certificate class of an existing Route - # will result in undefined behavior. Therefore it is best to only - # update this value during the setup of Knative, to avoid getting - # undefined behavior. - certificate-class: "cert-manager.certificate.networking.knative.dev" - - # namespace-wildcard-cert-selector specifies a LabelSelector which - # determines which namespaces should have a wildcard certificate - # provisioned. - # - # Use an empty value to disable the feature (this is the default): - # namespace-wildcard-cert-selector: "" - # - # Use an empty object to enable for all namespaces - # namespace-wildcard-cert-selector: {} - # - # Useful labels include the "kubernetes.io/metadata.name" label to - # avoid provisioning a certifcate for the "kube-system" namespaces. - # Use the following selector to match pre-1.0 behavior of using - # "networking.knative.dev/disableWildcardCert" to exclude namespaces: - # - # matchExpressions: - # - key: "networking.knative.dev/disableWildcardCert" - # operator: "NotIn" - # values: ["true"] - namespace-wildcard-cert-selector: "" - - # domain-template specifies the golang text template string to use - # when constructing the Knative service's DNS name. The default - # value is "{{.Name}}.{{.Namespace}}.{{.Domain}}". - # - # Valid variables defined in the template include Name, Namespace, Domain, - # Labels, and Annotations. Name will be the result of the tagTemplate - # below, if a tag is specified for the route. - # - # Changing this value might be necessary when the extra levels in - # the domain name generated is problematic for wildcard certificates - # that only support a single level of domain name added to the - # certificate's domain. In those cases you might consider using a value - # of "{{.Name}}-{{.Namespace}}.{{.Domain}}", or removing the Namespace - # entirely from the template. When choosing a new value be thoughtful - # of the potential for conflicts - for example, when users choose to use - # characters such as `-` in their service, or namespace, names. - # {{.Annotations}} or {{.Labels}} can be used for any customization in the - # go template if needed. - # We strongly recommend keeping namespace part of the template to avoid - # domain name clashes: - # eg. '{{.Name}}-{{.Namespace}}.{{ index .Annotations "sub"}}.{{.Domain}}' - # and you have an annotation {"sub":"foo"}, then the generated template - # would be {Name}-{Namespace}.foo.{Domain} - domain-template: "{{.Name}}.{{.Namespace}}.{{.Domain}}" - - # tagTemplate specifies the golang text template string to use - # when constructing the DNS name for "tags" within the traffic blocks - # of Routes and Configuration. This is used in conjunction with the - # domainTemplate above to determine the full URL for the tag. - tag-template: "{{.Tag}}-{{.Name}}" - - # Controls whether TLS certificates are automatically provisioned and - # installed in the Knative ingress to terminate external TLS connection. - # 1. Enabled: enabling auto-TLS feature. - # 2. Disabled: disabling auto-TLS feature. - auto-tls: "Disabled" - - # Controls the behavior of the HTTP endpoint for the Knative ingress. - # It requires autoTLS to be enabled. - # 1. Enabled: The Knative ingress will be able to serve HTTP connection. - # 2. Redirected: The Knative ingress will send a 301 redirect for all - # http connections, asking the clients to use HTTPS. - # - # "Disabled" option is deprecated. - http-protocol: "Enabled" - - # rollout-duration contains the minimal duration in seconds over which the - # Configuration traffic targets are rolled out to the newest revision. - rollout-duration: "0" - - # autocreate-cluster-domain-claims controls whether ClusterDomainClaims should - # be automatically created (and deleted) as needed when DomainMappings are - # reconciled. - # - # If this is "false" (the default), the cluster administrator is - # responsible for creating ClusterDomainClaims and delegating them to - # namespaces via their spec.Namespace field. This setting should be used in - # multitenant environments which need to control which namespace can use a - # particular domain name in a domain mapping. - # - # If this is "true", users are able to associate arbitrary names with their - # services via the DomainMapping feature. - autocreate-cluster-domain-claims: "false" - - # If true, networking plugins can add additional information to deployed - # applications to make their pods directly accessible via their IPs even if mesh is - # enabled and thus direct-addressability is usually not possible. - # Consumers like Knative Serving can use this setting to adjust their behavior - # accordingly, i.e. to drop fallback solutions for non-pod-addressable systems. - # - # NOTE: This flag is in an alpha state and is mostly here to enable internal testing - # for now. Use with caution. - enable-mesh-pod-addressability: "false" - - # mesh-compatibility-mode indicates whether consumers of network plugins - # should directly contact Pod IPs (most efficient), or should use the - # Cluster IP (less efficient, needed when mesh is enabled unless - # `enable-mesh-pod-addressability`, above, is set). - # Permitted values are: - # - "auto" (default): automatically determine which mesh mode to use by trying Pod IP and falling back to Cluster IP as needed. - # - "enabled": always use Cluster IP and do not attempt to use Pod IPs. - # - "disabled": always use Pod IPs and do not fall back to Cluster IP on failure. - mesh-compatibility-mode: "auto" - - # Defines the scheme used for external URLs if autoTLS is not enabled. - # This can be used for making Knative report all URLs as "HTTPS" for example, if you're - # fronting Knative with an external loadbalancer that deals with TLS termination and - # Knative doesn't know about that otherwise. - default-external-scheme: "http" - - # internal-encryption indicates whether internal traffic is encrypted or not. - # If this is "true", the following traffic are encrypted: - # - ingress to activator - # - ingress to queue-proxy - # - activator to queue-proxy - # - # NOTE: This flag is in an alpha state and is mostly here to enable internal testing - # for now. Use with caution. - internal-encryption: "false" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-observability - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: observability - app.kubernetes.io/version: "1.10.2" - annotations: - knative.dev/example-checksum: "fed4756e" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # logging.enable-var-log-collection defaults to false. - # The fluentd daemon set will be set up to collect /var/log if - # this flag is true. - logging.enable-var-log-collection: "false" - - # logging.revision-url-template provides a template to use for producing the - # logging URL that is injected into the status of each Revision. - logging.revision-url-template: "http://logging.example.com/?revisionUID=${REVISION_UID}" - - # If non-empty, this enables queue proxy writing user request logs to stdout, excluding probe - # requests. - # NB: after 0.18 release logging.enable-request-log must be explicitly set to true - # in order for request logging to be enabled. - # - # The value determines the shape of the request logs and it must be a valid go text/template. - # It is important to keep this as a single line. Multiple lines are parsed as separate entities - # by most collection agents and will split the request logs into multiple records. - # - # The following fields and functions are available to the template: - # - # Request: An http.Request (see https://golang.org/pkg/net/http/#Request) - # representing an HTTP request received by the server. - # - # Response: - # struct { - # Code int // HTTP status code (see https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml) - # Size int // An int representing the size of the response. - # Latency float64 // A float64 representing the latency of the response in seconds. - # } - # - # Revision: - # struct { - # Name string // Knative revision name - # Namespace string // Knative revision namespace - # Service string // Knative service name - # Configuration string // Knative configuration name - # PodName string // Name of the pod hosting the revision - # PodIP string // IP of the pod hosting the revision - # } - # - logging.request-log-template: '{"httpRequest": {"requestMethod": "{{.Request.Method}}", "requestUrl": "{{js .Request.RequestURI}}", "requestSize": "{{.Request.ContentLength}}", "status": {{.Response.Code}}, "responseSize": "{{.Response.Size}}", "userAgent": "{{js .Request.UserAgent}}", "remoteIp": "{{js .Request.RemoteAddr}}", "serverIp": "{{.Revision.PodIP}}", "referer": "{{js .Request.Referer}}", "latency": "{{.Response.Latency}}s", "protocol": "{{.Request.Proto}}"}, "traceId": "{{index .Request.Header "X-B3-Traceid"}}"}' - - # If true, the request logging will be enabled. - # NB: up to and including Knative version 0.18 if logging.request-log-template is non-empty, this value - # will be ignored. - logging.enable-request-log: "false" - - # If true, this enables queue proxy writing request logs for probe requests to stdout. - # It uses the same template for user requests, i.e. logging.request-log-template. - logging.enable-probe-request-log: "false" - - # metrics.backend-destination field specifies the system metrics destination. - # It supports either prometheus (the default) or opencensus. - metrics.backend-destination: prometheus - - # metrics.request-metrics-backend-destination specifies the request metrics - # destination. It enables queue proxy to send request metrics. - # Currently supported values: prometheus (the default), opencensus. - metrics.request-metrics-backend-destination: prometheus - - # profiling.enable indicates whether it is allowed to retrieve runtime profiling data from - # the pods via an HTTP server in the format expected by the pprof visualization tool. When - # enabled, the Knative Serving pods expose the profiling data on an alternate HTTP port 8008. - # The HTTP context root for profiling is then /debug/pprof/. - profiling.enable: "false" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-tracing - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: tracing - app.kubernetes.io/version: "1.10.2" - annotations: - knative.dev/example-checksum: "26614636" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - # - # This may be "zipkin" or "none" (default) - backend: "none" - - # URL to zipkin collector where traces are sent. - # This must be specified when backend is "zipkin" - zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans" - - # Enable zipkin debug mode. This allows all spans to be sent to the server - # bypassing sampling. - debug: "false" - - # Percentage (0-1) of requests to trace - sample-rate: "0.1" - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: activator - namespace: knative-serving - labels: - app.kubernetes.io/component: activator - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" -spec: - minReplicas: 1 - maxReplicas: 20 - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: activator - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - # Percentage of the requested CPU - averageUtilization: 100 ---- -# Activator PDB. Currently we permit unavailability of 20% of tasks at the same time. -# Given the subsetting and that the activators are partially stateful systems, we want -# a slow rollout of the new versions and slow migration during node upgrades. -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: activator-pdb - namespace: knative-serving - labels: - app.kubernetes.io/component: activator - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" -spec: - minAvailable: 80% - selector: - matchLabels: - app: activator - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: activator - namespace: knative-serving - labels: - app.kubernetes.io/component: activator - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-serving -spec: - selector: - matchLabels: - app: activator - role: activator - template: - metadata: - labels: - app: activator - role: activator - app.kubernetes.io/component: activator - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" - spec: - serviceAccountName: controller - containers: - - name: activator - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/activator@sha256:c2994c2b6c2c7f38ad1b85c71789bf1753cc8979926423c83231e62258837cb9 - # The numbers are based on performance test results from - # https://github.com/knative/serving/issues/1625#issuecomment-511930023 - resources: - requests: - cpu: 300m - memory: 60Mi - limits: - cpu: 1000m - memory: 600Mi - env: - # Run Activator with GC collection when newly generated memory is 500%. - - name: GOGC - value: "500" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/internal/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: http1 - containerPort: 8012 - - name: h2c - containerPort: 8013 - readinessProbe: - httpGet: - port: 8012 - httpHeaders: - - name: k-kubelet-probe - value: "activator" - periodSeconds: 5 - failureThreshold: 5 - livenessProbe: - httpGet: - port: 8012 - httpHeaders: - - name: k-kubelet-probe - value: "activator" - periodSeconds: 10 - failureThreshold: 12 - initialDelaySeconds: 15 - # The activator (often) sits on the dataplane, and may proxy long (e.g. - # streaming, websockets) requests. We give a long grace period for the - # activator to "lame duck" and drain outstanding requests before we - # forcibly terminate the pod (and outstanding connections). This value - # should be at least as large as the upper bound on the Revision's - # timeoutSeconds property to avoid servicing events disrupting - # connections. - terminationGracePeriodSeconds: 600 ---- -apiVersion: v1 -kind: Service -metadata: - name: activator-service - namespace: knative-serving - labels: - app: activator - app.kubernetes.io/component: activator - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-serving -spec: - selector: - app: activator - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: http - port: 80 - targetPort: 8012 - - name: http2 - port: 81 - targetPort: 8013 - - name: https - port: 443 - targetPort: 8112 - type: ClusterIP - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: autoscaler - namespace: knative-serving - labels: - app.kubernetes.io/component: autoscaler - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" -spec: - replicas: 1 - selector: - matchLabels: - app: autoscaler - strategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 0 - template: - metadata: - labels: - app: autoscaler - app.kubernetes.io/component: autoscaler - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: autoscaler - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: autoscaler - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler@sha256:8319aa662b4912e8175018bd7cc90c63838562a27515197b803bdcd5634c7007 - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 1000m - memory: 1000Mi - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: websocket - containerPort: 8080 - readinessProbe: - httpGet: - port: 8080 - httpHeaders: - - name: k-kubelet-probe - value: "autoscaler" - livenessProbe: - httpGet: - port: 8080 - httpHeaders: - - name: k-kubelet-probe - value: "autoscaler" - failureThreshold: 6 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: autoscaler - app.kubernetes.io/component: autoscaler - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" - name: autoscaler - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: http - port: 8080 - targetPort: 8080 - selector: - app: autoscaler - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller - namespace: knative-serving - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" -spec: - selector: - matchLabels: - app: controller - template: - metadata: - labels: - app: controller - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: controller - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: controller - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/controller@sha256:98a2cc7fd62ee95e137116504e7166c32c65efef42c3d1454630780410abf943 - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 1000m - memory: 1000Mi - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/internal/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - livenessProbe: - httpGet: - path: /health - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 6 - readinessProbe: - httpGet: - path: /readiness - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 3 - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: probes - containerPort: 8080 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: controller - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" - name: controller - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - selector: - app: controller - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: domain-mapping - namespace: knative-serving - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" -spec: - selector: - matchLabels: - app: domain-mapping - template: - metadata: - labels: - app: domain-mapping - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: domain-mapping - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: domain-mapping - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping@sha256:f66c41ad7a73f5d4f4bdfec4294d5459c477f09f3ce52934d1a215e32316b59b - resources: - requests: - cpu: 30m - memory: 40Mi - limits: - cpu: 300m - memory: 400Mi - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - livenessProbe: - httpGet: - path: /health - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 6 - readinessProbe: - httpGet: - path: /readiness - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 3 - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: probes - containerPort: 8080 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: domainmapping-webhook - namespace: knative-serving - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" -spec: - selector: - matchLabels: - app: domainmapping-webhook - role: domainmapping-webhook - template: - metadata: - labels: - app: domainmapping-webhook - role: domainmapping-webhook - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: domainmapping-webhook - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: domainmapping-webhook - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping-webhook@sha256:7368aaddf2be8d8784dc7195f5bc272ecfe49d429697f48de0ddc44f278167aa - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 500m - memory: 500Mi - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: WEBHOOK_PORT - value: "8443" - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: https-webhook - containerPort: 8443 - readinessProbe: - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - livenessProbe: - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - failureThreshold: 6 - initialDelaySeconds: 20 - # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently - # high value that we respect whatever value it has configured for the lame duck grace period. - terminationGracePeriodSeconds: 300 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - role: domainmapping-webhook - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" - name: domainmapping-webhook - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: https-webhook - port: 443 - targetPort: 8443 - selector: - app: domainmapping-webhook - role: domainmapping-webhook - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: webhook - namespace: knative-serving - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" -spec: - minReplicas: 1 - maxReplicas: 5 - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: webhook - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - # Percentage of the requested CPU - averageUtilization: 100 ---- -# Webhook PDB. -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: webhook-pdb - namespace: knative-serving - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" -spec: - minAvailable: 80% - selector: - matchLabels: - app: webhook - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: webhook - namespace: knative-serving - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-serving -spec: - selector: - matchLabels: - app: webhook - role: webhook - template: - metadata: - labels: - app: webhook - role: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-serving - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: webhook - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: webhook - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/webhook@sha256:4305209ce498caf783f39c8f3e85dfa635ece6947033bf50b0b627983fd65953 - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 500m - memory: 500Mi - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: WEBHOOK_NAME - value: webhook - - name: WEBHOOK_PORT - value: "8443" - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/internal/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: https-webhook - containerPort: 8443 - readinessProbe: - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - livenessProbe: - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - failureThreshold: 6 - initialDelaySeconds: 20 - # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently - # high value that we respect whatever value it has configured for the lame duck grace period. - terminationGracePeriodSeconds: 300 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - role: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/version: "1.10.2" - app.kubernetes.io/name: knative-serving - name: webhook - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: https-webhook - port: 443 - targetPort: 8443 - selector: - app: webhook - role: webhook - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: config.webhook.serving.knative.dev - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: config.webhook.serving.knative.dev - objectSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: ["knative-serving"] - - key: app.kubernetes.io/component - operator: In - values: ["autoscaler", "controller", "logging", "networking", "observability", "tracing"] - timeoutSeconds: 10 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: webhook.serving.knative.dev - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: webhook.serving.knative.dev - timeoutSeconds: 10 - rules: - - apiGroups: - - autoscaling.internal.knative.dev - - networking.internal.knative.dev - - serving.knative.dev - apiVersions: - - "*" - operations: - - CREATE - - UPDATE - scope: "*" - resources: - - metrics - - podautoscalers - - certificates - - ingresses - - serverlessservices - - configurations - - revisions - - routes - - services - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: webhook.domainmapping.serving.knative.dev - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: domainmapping-webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: webhook.domainmapping.serving.knative.dev - timeoutSeconds: 10 - rules: - - apiGroups: - - serving.knative.dev - apiVersions: - - "*" - operations: - - CREATE - - UPDATE - scope: "*" - resources: - - domainmappings - - domainmappings/status - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: domainmapping-webhook-certs - namespace: knative-serving - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" -# The data is populated at install time. - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validation.webhook.domainmapping.serving.knative.dev - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: domainmapping-webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: validation.webhook.domainmapping.serving.knative.dev - timeoutSeconds: 10 - rules: - - apiGroups: - - serving.knative.dev - apiVersions: - - "*" - operations: - - CREATE - - UPDATE - - DELETE - scope: "*" - resources: - - domainmappings - - domainmappings/status - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validation.webhook.serving.knative.dev - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: validation.webhook.serving.knative.dev - timeoutSeconds: 10 - rules: - - apiGroups: - - autoscaling.internal.knative.dev - - networking.internal.knative.dev - - serving.knative.dev - apiVersions: - - "*" - operations: - - CREATE - - UPDATE - - DELETE - scope: "*" - resources: - - metrics - - podautoscalers - - certificates - - ingresses - - serverlessservices - - configurations - - revisions - - routes - - services - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: webhook-certs - namespace: knative-serving - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" -# The data is populated at install time. - ---- diff --git a/cmd/operator/kodata/knative-serving/1.10.2/3-serving-hpa.yaml b/cmd/operator/kodata/knative-serving/1.10.2/3-serving-hpa.yaml deleted file mode 100644 index 0c22487728..0000000000 --- a/cmd/operator/kodata/knative-serving/1.10.2/3-serving-hpa.yaml +++ /dev/null @@ -1,126 +0,0 @@ -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: autoscaler-hpa - namespace: knative-serving - labels: - autoscaling.knative.dev/autoscaler-provider: hpa - app.kubernetes.io/component: autoscaler-hpa - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" -spec: - selector: - matchLabels: - app: autoscaler-hpa - template: - metadata: - labels: - app: autoscaler-hpa - app.kubernetes.io/component: autoscaler-hpa - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: autoscaler-hpa - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: autoscaler-hpa - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler-hpa@sha256:eb612b929eaa57ef1573a04035a8d06c9ed88fd56e741c56bd909f5f49e4d732 - resources: - requests: - cpu: 30m - memory: 40Mi - limits: - cpu: 300m - memory: 400Mi - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - livenessProbe: - httpGet: - path: /health - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 5 - readinessProbe: - httpGet: - path: /readiness - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 5 - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: probes - containerPort: 8080 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: autoscaler-hpa - autoscaling.knative.dev/autoscaler-provider: hpa - app.kubernetes.io/component: autoscaler-hpa - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.2" - name: autoscaler-hpa - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - selector: - app: autoscaler-hpa - ---- diff --git a/cmd/operator/kodata/knative-serving/1.10.2/4-serving-post-install-jobs.yaml b/cmd/operator/kodata/knative-serving/1.10.2/4-serving-post-install-jobs.yaml deleted file mode 100644 index 0764f9e59e..0000000000 --- a/cmd/operator/kodata/knative-serving/1.10.2/4-serving-post-install-jobs.yaml +++ /dev/null @@ -1,70 +0,0 @@ - ---- -# /tmp/knative.WoFOdcMk/tmp.7RdGDTrwpe/serving-storage-version-migration.yaml -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: batch/v1 -kind: Job -metadata: - generateName: storage-version-migration-serving- - namespace: knative-serving - labels: - app: storage-version-migration-serving - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: storage-version-migration-job - app.kubernetes.io/version: "1.10.2" -spec: - ttlSecondsAfterFinished: 600 - backoffLimit: 10 - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - labels: - app: storage-version-migration-serving - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: storage-version-migration-job - app.kubernetes.io/version: "1.10.2" - spec: - serviceAccountName: controller - restartPolicy: OnFailure - containers: - - name: migrate - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:bc91e1fdaf3b67876ca33de1ce15b1268ed0ca8da203102b7699286fae97cf58 - args: - - "services.serving.knative.dev" - - "configurations.serving.knative.dev" - - "revisions.serving.knative.dev" - - "routes.serving.knative.dev" - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 1000m - memory: 1000Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ---- diff --git a/cmd/operator/kodata/knative-serving/1.10.3/1-serving-crds.yaml b/cmd/operator/kodata/knative-serving/1.10.3/1-serving-crds.yaml deleted file mode 100644 index 2725ddb625..0000000000 --- a/cmd/operator/kodata/knative-serving/1.10.3/1-serving-crds.yaml +++ /dev/null @@ -1,4260 +0,0 @@ -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: certificates.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.3" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Certificate is responsible for provisioning a SSL certificate for the given hosts. It is a Knative abstraction for various SSL certificate provisioning solutions (such as cert-manager or self-signed SSL certificate). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the Certificate. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - dnsNames - - secretName - properties: - dnsNames: - description: DNSNames is a list of DNS names the Certificate could support. The wildcard format of DNSNames (e.g. *.default.example.com) is supported. - type: array - items: - type: string - domain: - description: Domain is the top level domain of the values for DNSNames. - type: string - secretName: - description: SecretName is the name of the secret resource to store the SSL certificate in. - type: string - status: - description: 'Status is the current state of the Certificate. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - http01Challenges: - description: HTTP01Challenges is a list of HTTP01 challenges that need to be fulfilled in order to get the TLS certificate.. - type: array - items: - description: HTTP01Challenge defines the status of a HTTP01 challenge that a certificate needs to fulfill. - type: object - properties: - serviceName: - description: ServiceName is the name of the service to serve HTTP01 challenge requests. - type: string - serviceNamespace: - description: ServiceNamespace is the namespace of the service to serve HTTP01 challenge requests. - type: string - servicePort: - description: ServicePort is the port of the service to serve HTTP01 challenge requests. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - url: - description: URL is the URL that the HTTP01 challenge is expected to serve on. - type: string - notAfter: - description: The expiration time of the TLS certificate stored in the secret named by this resource in spec.secretName. - type: string - format: date-time - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Certificate - plural: certificates - singular: certificate - categories: - - knative-internal - - networking - shortNames: - - kcert - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: configurations.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" - knative.dev/crd-install: "true" - duck.knative.dev/podspecable: "true" -spec: - group: serving.knative.dev - names: - kind: Configuration - plural: configurations - singular: configuration - categories: - - all - - knative - - serving - shortNames: - - config - - cfg - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: LatestCreated - type: string - jsonPath: .status.latestCreatedRevisionName - - name: LatestReady - type: string - jsonPath: .status.latestReadyRevisionName - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'Configuration represents the "floating HEAD" of a linear history of Revisions. Users create new Revisions by updating the Configuration''s spec. The "latest created" revision''s name is available under status, as is the "latest ready" revision''s name. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#configuration' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConfigurationSpec holds the desired state of the Configuration (from the client). - type: object - properties: - template: - description: Template holds the latest specification for the Revision to be stamped out. - type: object - properties: - metadata: - type: object - properties: - annotations: - type: object - additionalProperties: - type: string - finalizers: - type: array - items: - type: string - labels: - type: object - additionalProperties: - type: string - name: - type: string - namespace: - type: string - x-kubernetes-preserve-unknown-fields: true - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - status: - description: ConfigurationStatus communicates the observed state of the Configuration (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - latestCreatedRevisionName: - description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. - type: string - latestReadyRevisionName: - description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterdomainclaims.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.3" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: ClusterDomainClaim is a cluster-wide reservation for a particular domain name. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the ClusterDomainClaim. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - namespace - properties: - namespace: - description: Namespace is the namespace which is allowed to create a DomainMapping using this ClusterDomainClaim's name. - type: string - names: - kind: ClusterDomainClaim - plural: clusterdomainclaims - singular: clusterdomainclaim - categories: - - knative-internal - - networking - shortNames: - - cdc - scope: Cluster - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: domainmappings.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" - knative.dev/crd-install: "true" -spec: - group: serving.knative.dev - versions: - - name: v1beta1 - served: true - storage: false - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - "schema": - "openAPIV3Schema": - description: DomainMapping is a mapping from a custom hostname to an Addressable. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - ref - properties: - ref: - description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." - type: object - required: - - kind - - name - properties: - address: - description: Address points to a specific Address Name. - type: string - apiVersion: - description: API version of the referent. - type: string - group: - description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - tls: - description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. - type: object - required: - - secretName - properties: - secretName: - description: SecretName is the name of the existing secret used to terminate TLS traffic. - type: string - status: - description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - address: - description: Address holds the information needed for a DomainMapping to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - url: - description: URL is the URL of this DomainMapping. - type: string - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: DomainMapping is a mapping from a custom hostname to an Addressable. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - ref - properties: - ref: - description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." - type: object - required: - - kind - - name - properties: - address: - description: Address points to a specific Address Name. - type: string - apiVersion: - description: API version of the referent. - type: string - group: - description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - tls: - description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. - type: object - required: - - secretName - properties: - secretName: - description: SecretName is the name of the existing secret used to terminate TLS traffic. - type: string - status: - description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - address: - description: Address holds the information needed for a DomainMapping to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - url: - description: URL is the URL of this DomainMapping. - type: string - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: DomainMapping - plural: domainmappings - singular: domainmapping - categories: - - all - - knative - - serving - shortNames: - - dm - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ingresses.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.3" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: "Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable URLs, load balance traffic, offer name based virtual hosting, etc. \n This is heavily based on K8s Ingress https://godoc.org/k8s.io/api/networking/v1beta1#Ingress which some highlighted modifications." - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the Ingress. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - httpOption: - description: 'HTTPOption is the option of HTTP. It has the following two values: `HTTPOptionEnabled`, `HTTPOptionRedirected`' - type: string - rules: - description: A list of host rules used to configure the Ingress. - type: array - items: - description: IngressRule represents the rules mapping the paths under a specified host to the related backend services. Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching IngressRuleValue. - type: object - properties: - hosts: - description: 'Host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the "host" part of the URI as defined in the RFC: 1. IPs are not allowed. Currently a rule value can only apply to the IP in the Spec of the parent . 2. The `:` delimiter is not respected because ports are not allowed. Currently the port of an Ingress is implicitly :80 for http and :443 for https. Both these may change in the future. If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue. If multiple matching Hosts were provided, the first rule will take precedent.' - type: array - items: - type: string - http: - description: HTTP represents a rule to apply against incoming requests. If the rule is satisfied, the request is routed to the specified backend. - type: object - required: - - paths - properties: - paths: - description: "A collection of paths that map requests to backends. \n If they are multiple matching paths, the first match takes precedence." - type: array - items: - description: HTTPIngressPath associates a path regex with a backend. Incoming URLs matching the path are forwarded to the backend. - type: object - required: - - splits - properties: - appendHeaders: - description: "AppendHeaders allow specifying additional HTTP headers to add before forwarding a request to the destination service. \n NOTE: This differs from K8s Ingress which doesn't allow header appending." - type: object - additionalProperties: - type: string - headers: - description: Headers defines header matching rules which is a map from a header name to HeaderMatch which specify a matching condition. When a request matched with all the header matching rules, the request is routed by the corresponding ingress rule. If it is empty, the headers are not used for matching - type: object - additionalProperties: - description: HeaderMatch represents a matching value of Headers in HTTPIngressPath. Currently, only the exact matching is supported. - type: object - required: - - exact - properties: - exact: - type: string - path: - description: Path represents a literal prefix to which this rule should apply. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/'. If unspecified, the path defaults to a catch all sending traffic to the backend. - type: string - rewriteHost: - description: "RewriteHost rewrites the incoming request's host header. \n This field is currently experimental and not supported by all Ingress implementations." - type: string - splits: - description: Splits defines the referenced service endpoints to which the traffic will be forwarded to. - type: array - items: - description: IngressBackendSplit describes all endpoints for a given service and port. - type: object - required: - - serviceName - - serviceNamespace - - servicePort - properties: - appendHeaders: - description: "AppendHeaders allow specifying additional HTTP headers to add before forwarding a request to the destination service. \n NOTE: This differs from K8s Ingress which doesn't allow header appending." - type: object - additionalProperties: - type: string - percent: - description: "Specifies the split percentage, a number between 0 and 100. If only one split is specified, we default to 100. \n NOTE: This differs from K8s Ingress to allow percentage split." - type: integer - serviceName: - description: Specifies the name of the referenced service. - type: string - serviceNamespace: - description: "Specifies the namespace of the referenced service. \n NOTE: This differs from K8s Ingress to allow routing to different namespaces." - type: string - servicePort: - description: Specifies the port of the referenced service. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - visibility: - description: Visibility signifies whether this rule should `ClusterLocal`. If it's not specified then it defaults to `ExternalIP`. - type: string - tls: - description: 'TLS configuration. Currently Ingress only supports a single TLS port: 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI.' - type: array - items: - description: IngressTLS describes the transport layer security associated with an Ingress. - type: object - properties: - hosts: - description: Hosts is a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified. - type: array - items: - type: string - secretName: - description: SecretName is the name of the secret used to terminate SSL traffic. - type: string - secretNamespace: - description: SecretNamespace is the namespace of the secret used to terminate SSL traffic. If not set the namespace should be assumed to be the same as the Ingress. If set the secret should have the same namespace as the Ingress otherwise the behaviour is undefined and not supported. - type: string - status: - description: 'Status is the current state of the Ingress. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - privateLoadBalancer: - description: PrivateLoadBalancer contains the current status of the load-balancer. - type: object - properties: - ingress: - description: Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points. - type: array - items: - description: 'LoadBalancerIngressStatus represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.' - type: object - properties: - domain: - description: Domain is set for load-balancer ingress points that are DNS based (typically AWS load-balancers) - type: string - domainInternal: - description: "DomainInternal is set if there is a cluster-local DNS name to access the Ingress. \n NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local DNS name to allow routing in case of not having a mesh." - type: string - ip: - description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers) - type: string - meshOnly: - description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. - type: boolean - publicLoadBalancer: - description: PublicLoadBalancer contains the current status of the load-balancer. - type: object - properties: - ingress: - description: Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points. - type: array - items: - description: 'LoadBalancerIngressStatus represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.' - type: object - properties: - domain: - description: Domain is set for load-balancer ingress points that are DNS based (typically AWS load-balancers) - type: string - domainInternal: - description: "DomainInternal is set if there is a cluster-local DNS name to access the Ingress. \n NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local DNS name to allow routing in case of not having a mesh." - type: string - ip: - description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers) - type: string - meshOnly: - description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. - type: boolean - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: Ingress - plural: ingresses - singular: ingress - categories: - - knative-internal - - networking - shortNames: - - kingress - - king - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: metrics.autoscaling.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" - knative.dev/crd-install: "true" -spec: - group: autoscaling.internal.knative.dev - names: - kind: Metric - plural: metrics - singular: metric - categories: - - knative-internal - - autoscaling - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: Metric represents a resource to configure the metric collector with. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Metric (from the client). - type: object - required: - - panicWindow - - scrapeTarget - - stableWindow - properties: - panicWindow: - description: PanicWindow is the aggregation window for metrics where quick reactions are needed. - type: integer - format: int64 - scrapeTarget: - description: ScrapeTarget is the K8s service that publishes the metric endpoint. - type: string - stableWindow: - description: StableWindow is the aggregation window for metrics in a stable state. - type: integer - format: int64 - status: - description: Status communicates the observed state of the Metric (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: podautoscalers.autoscaling.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" - knative.dev/crd-install: "true" -spec: - group: autoscaling.internal.knative.dev - names: - kind: PodAutoscaler - plural: podautoscalers - singular: podautoscaler - categories: - - knative-internal - - autoscaling - shortNames: - - kpa - - pa - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: DesiredScale - type: integer - jsonPath: ".status.desiredScale" - - name: ActualScale - type: integer - jsonPath: ".status.actualScale" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'PodAutoscaler is a Knative abstraction that encapsulates the interface by which Knative components instantiate autoscalers. This definition is an abstraction that may be backed by multiple definitions. For more information, see the Knative Pluggability presentation: https://docs.google.com/presentation/d/19vW9HFZ6Puxt31biNZF3uLRejDmu82rxJIk1cWmxF7w/edit' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the PodAutoscaler (from the client). - type: object - required: - - protocolType - - scaleTargetRef - properties: - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means unlimited concurrency. - type: integer - format: int64 - protocolType: - description: The application-layer protocol. Matches `ProtocolType` inferred from the revision spec. - type: string - reachability: - description: Reachability specifies whether or not the `ScaleTargetRef` can be reached (ie. has a route). Defaults to `ReachabilityUnknown` - type: string - scaleTargetRef: - description: ScaleTargetRef defines the /scale-able resource that this PodAutoscaler is responsible for quickly right-sizing. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - x-kubernetes-map-type: atomic - status: - description: Status communicates the observed state of the PodAutoscaler (from the controller). - type: object - required: - - metricsServiceName - - serviceName - properties: - actualScale: - description: ActualScale shows the actual number of replicas for the revision. - type: integer - format: int32 - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - desiredScale: - description: DesiredScale shows the current desired number of replicas for the revision. - type: integer - format: int32 - metricsServiceName: - description: MetricsServiceName is the K8s Service name that provides revision metrics. The service is managed by the PA object. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - serviceName: - description: ServiceName is the K8s Service name that serves the revision, scaled by this PA. The service is created and owned by the ServerlessService object owned by this PA. - type: string - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: revisions.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" - knative.dev/crd-install: "true" -spec: - group: serving.knative.dev - names: - kind: Revision - plural: revisions - singular: revision - categories: - - all - - knative - - serving - shortNames: - - rev - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Config Name - type: string - jsonPath: ".metadata.labels['serving\\.knative\\.dev/configuration']" - - name: K8s Service Name - type: string - jsonPath: ".status.serviceName" - - name: Generation - type: string # int in string form :( - jsonPath: ".metadata.labels['serving\\.knative\\.dev/configurationGeneration']" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - name: Actual Replicas - type: integer - jsonPath: ".status.actualReplicas" - - name: Desired Replicas - type: integer - jsonPath: ".status.desiredReplicas" - schema: - openAPIV3Schema: - description: "Revision is an immutable snapshot of code and configuration. A revision references a container image. Revisions are created by updates to a Configuration. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#revision" - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - status: - description: RevisionStatus communicates the observed state of the Revision (from the controller). - type: object - properties: - actualReplicas: - description: ActualReplicas reflects the amount of ready pods running this revision. - type: integer - format: int32 - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - containerStatuses: - description: 'ContainerStatuses is a slice of images present in .Spec.Container[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' - type: array - items: - description: ContainerStatus holds the information of container name and image digest value - type: object - properties: - imageDigest: - type: string - name: - type: string - desiredReplicas: - description: DesiredReplicas reflects the desired amount of pods running this revision. - type: integer - format: int32 - initContainerStatuses: - description: 'InitContainerStatuses is a slice of images present in .Spec.InitContainer[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' - type: array - items: - description: ContainerStatus holds the information of container name and image digest value - type: object - properties: - imageDigest: - type: string - name: - type: string - logUrl: - description: LogURL specifies the generated logging url for this particular revision based on the revision url template specified in the controller's config. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: routes.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" -spec: - group: serving.knative.dev - names: - kind: Route - plural: routes - singular: route - categories: - - all - - knative - - serving - shortNames: - - rt - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'Route is responsible for configuring ingress over a collection of Revisions. Some of the Revisions a Route distributes traffic over may be specified by referencing the Configuration responsible for creating them; in these cases the Route is additionally responsible for monitoring the Configuration for "latest ready revision" changes, and smoothly rolling out latest revisions. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#route' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Route (from the client). - type: object - properties: - traffic: - description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - status: - description: Status communicates the observed state of the Route (from the controller). - type: object - properties: - address: - description: Address holds the information needed for a Route to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - traffic: - description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - url: - description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} - type: string - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: serverlessservices.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.3" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'ServerlessService is a proxy for the K8s service objects containing the endpoints for the revision, whether those are endpoints of the activator or revision pods. See: https://knative.page.link/naxz for details.' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the ServerlessService. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - objectRef - - protocolType - properties: - mode: - description: Mode describes the mode of operation of the ServerlessService. - type: string - numActivators: - description: NumActivators contains number of Activators that this revision should be assigned. O means — assign all. - type: integer - format: int32 - objectRef: - description: ObjectRef defines the resource that this ServerlessService is responsible for making "serverless". - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - x-kubernetes-map-type: atomic - protocolType: - description: The application-layer protocol. Matches `RevisionProtocolType` set on the owning pa/revision. serving imports networking, so just use string. - type: string - status: - description: 'Status is the current state of the ServerlessService. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - privateServiceName: - description: PrivateServiceName holds the name of a core K8s Service resource that load balances over the user service pods backing this Revision. - type: string - serviceName: - description: ServiceName holds the name of a core K8s Service resource that load balances over the pods backing this Revision (activator or revision). - type: string - additionalPrinterColumns: - - name: Mode - type: string - jsonPath: ".spec.mode" - - name: Activators - type: integer - jsonPath: ".spec.numActivators" - - name: ServiceName - type: string - jsonPath: ".status.serviceName" - - name: PrivateServiceName - type: string - jsonPath: ".status.privateServiceName" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: ServerlessService - plural: serverlessservices - singular: serverlessservice - categories: - - knative-internal - - networking - shortNames: - - sks - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: services.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - duck.knative.dev/podspecable: "true" -spec: - group: serving.knative.dev - names: - kind: Service - plural: services - singular: service - categories: - - all - - knative - - serving - shortNames: - - kservice - - ksvc - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: LatestCreated - type: string - jsonPath: .status.latestCreatedRevisionName - - name: LatestReady - type: string - jsonPath: .status.latestReadyRevisionName - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: "Service acts as a top-level container that manages a Route and Configuration which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership. Service acts only as an orchestrator of the underlying Routes and Configurations (much as a kubernetes Deployment orchestrates ReplicaSets), and its usage is optional but recommended. \n The Service's controller will track the statuses of its owned Configuration and Route, reflecting their statuses and conditions as its own. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#service" - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ServiceSpec represents the configuration for the Service object. A Service's specification is the union of the specifications for a Route and Configuration. The Service restricts what can be expressed in these fields, e.g. the Route must reference the provided Configuration; however, these limitations also enable friendlier defaulting, e.g. Route never needs a Configuration name, and may be defaulted to the appropriate "run latest" spec. - type: object - properties: - template: - description: Template holds the latest specification for the Revision to be stamped out. - type: object - properties: - metadata: - type: object - properties: - annotations: - type: object - additionalProperties: - type: string - finalizers: - type: array - items: - type: string - labels: - type: object - additionalProperties: - type: string - name: - type: string - namespace: - type: string - x-kubernetes-preserve-unknown-fields: true - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - traffic: - description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - status: - description: ServiceStatus represents the Status stanza of the Service resource. - type: object - properties: - address: - description: Address holds the information needed for a Route to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - latestCreatedRevisionName: - description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. - type: string - latestReadyRevisionName: - description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - traffic: - description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - url: - description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} - type: string - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: images.caching.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" - knative.dev/crd-install: "true" -spec: - group: caching.internal.knative.dev - names: - kind: Image - plural: images - singular: image - categories: - - knative-internal - - caching - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Image is a Knative abstraction that encapsulates the interface by which Knative components express a desire to have a particular image cached. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Image (from the client). - type: object - required: - - image - properties: - image: - description: Image is the name of the container image url to cache across the cluster. - type: string - imagePullSecrets: - description: ImagePullSecrets contains the names of the Kubernetes Secrets containing login information used by the Pods which will run this container. - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - serviceAccountName: - description: 'ServiceAccountName is the name of the Kubernetes ServiceAccount as which the Pods will run this container. This is potentially used to authenticate the image pull if the service account has attached pull secrets. For more information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account' - type: string - status: - description: Status communicates the observed state of the Image (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: Image - type: string - jsonPath: .spec.image - ---- diff --git a/cmd/operator/kodata/knative-serving/1.10.3/2-serving-core.yaml b/cmd/operator/kodata/knative-serving/1.10.3/2-serving-core.yaml deleted file mode 100644 index fadca903cc..0000000000 --- a/cmd/operator/kodata/knative-serving/1.10.3/2-serving-core.yaml +++ /dev/null @@ -1,7191 +0,0 @@ -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Namespace -metadata: - name: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Use this aggregated ClusterRole when you need readonly access to "Addressables" -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - # Named like this to avoid clashing with eventing's existing `addressable-resolver` role - # (which should be identical, but isn't guaranteed to be installed alongside serving). - name: knative-serving-aggregated-addressable-resolver - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-serving -aggregationRule: - clusterRoleSelectors: - - matchLabels: - duck.knative.dev/addressable: "true" ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-addressable-resolver - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-serving - # Labeled to facilitate aggregated cluster roles that act on Addressables. - duck.knative.dev/addressable: "true" -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - serving.knative.dev - resources: - - routes - - routes/status - - services - - services/status - verbs: - - get - - list - - watch - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-namespaced-admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-serving -rules: - - apiGroups: ["serving.knative.dev"] - resources: ["*"] - verbs: ["*"] - - apiGroups: ["networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] - resources: ["*"] - verbs: ["get", "list", "watch"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-namespaced-edit - labels: - rbac.authorization.k8s.io/aggregate-to-edit: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-serving -rules: - - apiGroups: ["serving.knative.dev"] - resources: ["*"] - verbs: ["create", "update", "patch", "delete"] - - apiGroups: ["networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] - resources: ["*"] - verbs: ["get", "list", "watch"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-namespaced-view - labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-serving -rules: - - apiGroups: ["serving.knative.dev", "networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] - resources: ["*"] - verbs: ["get", "list", "watch"] - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-core - labels: - serving.knative.dev/controller: "true" - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-serving -rules: - - apiGroups: [""] - resources: ["pods", "namespaces", "secrets", "configmaps", "endpoints", "services", "events", "serviceaccounts"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: [""] - resources: ["endpoints/restricted"] # Permission for RestrictedEndpointsAdmission - verbs: ["create"] - - apiGroups: [""] - resources: ["namespaces/finalizers"] # finalizers are needed for the owner reference of the webhook - verbs: ["update"] - - apiGroups: ["apps"] - resources: ["deployments", "deployments/finalizers"] # finalizers are needed for the owner reference of the webhook - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions", "customresourcedefinitions/status"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["autoscaling"] - resources: ["horizontalpodautoscalers"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["serving.knative.dev", "autoscaling.internal.knative.dev", "networking.internal.knative.dev"] - resources: ["*", "*/status", "*/finalizers"] - verbs: ["get", "list", "create", "update", "delete", "deletecollection", "patch", "watch"] - - apiGroups: ["caching.internal.knative.dev"] - resources: ["images"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-podspecable-binding - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-serving - # Labeled to facilitate aggregated cluster roles that act on PodSpecables. - duck.knative.dev/podspecable: "true" -# Do not use this role directly. These rules will be added to the "podspecable-binder" role. -rules: - - apiGroups: - - serving.knative.dev - resources: - - configurations - - services - verbs: - - list - - watch - - patch - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: controller - namespace: knative-serving - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-admin - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" -aggregationRule: - clusterRoleSelectors: - - matchLabels: - serving.knative.dev/controller: "true" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-serving-controller-admin - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" -subjects: - - kind: ServiceAccount - name: controller - namespace: knative-serving -roleRef: - kind: ClusterRole - name: knative-serving-admin - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-serving-controller-addressable-resolver - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" -subjects: - - kind: ServiceAccount - name: controller - namespace: knative-serving -roleRef: - kind: ClusterRole - name: knative-serving-aggregated-addressable-resolver - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: images.caching.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" - knative.dev/crd-install: "true" -spec: - group: caching.internal.knative.dev - names: - kind: Image - plural: images - singular: image - categories: - - knative-internal - - caching - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Image is a Knative abstraction that encapsulates the interface by which Knative components express a desire to have a particular image cached. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Image (from the client). - type: object - required: - - image - properties: - image: - description: Image is the name of the container image url to cache across the cluster. - type: string - imagePullSecrets: - description: ImagePullSecrets contains the names of the Kubernetes Secrets containing login information used by the Pods which will run this container. - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - serviceAccountName: - description: 'ServiceAccountName is the name of the Kubernetes ServiceAccount as which the Pods will run this container. This is potentially used to authenticate the image pull if the service account has attached pull secrets. For more information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account' - type: string - status: - description: Status communicates the observed state of the Image (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: Image - type: string - jsonPath: .spec.image - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: certificates.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.3" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Certificate is responsible for provisioning a SSL certificate for the given hosts. It is a Knative abstraction for various SSL certificate provisioning solutions (such as cert-manager or self-signed SSL certificate). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the Certificate. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - dnsNames - - secretName - properties: - dnsNames: - description: DNSNames is a list of DNS names the Certificate could support. The wildcard format of DNSNames (e.g. *.default.example.com) is supported. - type: array - items: - type: string - domain: - description: Domain is the top level domain of the values for DNSNames. - type: string - secretName: - description: SecretName is the name of the secret resource to store the SSL certificate in. - type: string - status: - description: 'Status is the current state of the Certificate. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - http01Challenges: - description: HTTP01Challenges is a list of HTTP01 challenges that need to be fulfilled in order to get the TLS certificate.. - type: array - items: - description: HTTP01Challenge defines the status of a HTTP01 challenge that a certificate needs to fulfill. - type: object - properties: - serviceName: - description: ServiceName is the name of the service to serve HTTP01 challenge requests. - type: string - serviceNamespace: - description: ServiceNamespace is the namespace of the service to serve HTTP01 challenge requests. - type: string - servicePort: - description: ServicePort is the port of the service to serve HTTP01 challenge requests. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - url: - description: URL is the URL that the HTTP01 challenge is expected to serve on. - type: string - notAfter: - description: The expiration time of the TLS certificate stored in the secret named by this resource in spec.secretName. - type: string - format: date-time - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Certificate - plural: certificates - singular: certificate - categories: - - knative-internal - - networking - shortNames: - - kcert - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: configurations.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" - knative.dev/crd-install: "true" - duck.knative.dev/podspecable: "true" -spec: - group: serving.knative.dev - names: - kind: Configuration - plural: configurations - singular: configuration - categories: - - all - - knative - - serving - shortNames: - - config - - cfg - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: LatestCreated - type: string - jsonPath: .status.latestCreatedRevisionName - - name: LatestReady - type: string - jsonPath: .status.latestReadyRevisionName - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'Configuration represents the "floating HEAD" of a linear history of Revisions. Users create new Revisions by updating the Configuration''s spec. The "latest created" revision''s name is available under status, as is the "latest ready" revision''s name. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#configuration' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConfigurationSpec holds the desired state of the Configuration (from the client). - type: object - properties: - template: - description: Template holds the latest specification for the Revision to be stamped out. - type: object - properties: - metadata: - type: object - properties: - annotations: - type: object - additionalProperties: - type: string - finalizers: - type: array - items: - type: string - labels: - type: object - additionalProperties: - type: string - name: - type: string - namespace: - type: string - x-kubernetes-preserve-unknown-fields: true - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - status: - description: ConfigurationStatus communicates the observed state of the Configuration (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - latestCreatedRevisionName: - description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. - type: string - latestReadyRevisionName: - description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterdomainclaims.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.3" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: ClusterDomainClaim is a cluster-wide reservation for a particular domain name. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the ClusterDomainClaim. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - namespace - properties: - namespace: - description: Namespace is the namespace which is allowed to create a DomainMapping using this ClusterDomainClaim's name. - type: string - names: - kind: ClusterDomainClaim - plural: clusterdomainclaims - singular: clusterdomainclaim - categories: - - knative-internal - - networking - shortNames: - - cdc - scope: Cluster - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: domainmappings.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" - knative.dev/crd-install: "true" -spec: - group: serving.knative.dev - versions: - - name: v1beta1 - served: true - storage: false - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - "schema": - "openAPIV3Schema": - description: DomainMapping is a mapping from a custom hostname to an Addressable. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - ref - properties: - ref: - description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." - type: object - required: - - kind - - name - properties: - address: - description: Address points to a specific Address Name. - type: string - apiVersion: - description: API version of the referent. - type: string - group: - description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - tls: - description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. - type: object - required: - - secretName - properties: - secretName: - description: SecretName is the name of the existing secret used to terminate TLS traffic. - type: string - status: - description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - address: - description: Address holds the information needed for a DomainMapping to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - url: - description: URL is the URL of this DomainMapping. - type: string - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: DomainMapping is a mapping from a custom hostname to an Addressable. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - ref - properties: - ref: - description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." - type: object - required: - - kind - - name - properties: - address: - description: Address points to a specific Address Name. - type: string - apiVersion: - description: API version of the referent. - type: string - group: - description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - tls: - description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. - type: object - required: - - secretName - properties: - secretName: - description: SecretName is the name of the existing secret used to terminate TLS traffic. - type: string - status: - description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - address: - description: Address holds the information needed for a DomainMapping to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - url: - description: URL is the URL of this DomainMapping. - type: string - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: DomainMapping - plural: domainmappings - singular: domainmapping - categories: - - all - - knative - - serving - shortNames: - - dm - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ingresses.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.3" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: "Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable URLs, load balance traffic, offer name based virtual hosting, etc. \n This is heavily based on K8s Ingress https://godoc.org/k8s.io/api/networking/v1beta1#Ingress which some highlighted modifications." - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the Ingress. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - httpOption: - description: 'HTTPOption is the option of HTTP. It has the following two values: `HTTPOptionEnabled`, `HTTPOptionRedirected`' - type: string - rules: - description: A list of host rules used to configure the Ingress. - type: array - items: - description: IngressRule represents the rules mapping the paths under a specified host to the related backend services. Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching IngressRuleValue. - type: object - properties: - hosts: - description: 'Host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the "host" part of the URI as defined in the RFC: 1. IPs are not allowed. Currently a rule value can only apply to the IP in the Spec of the parent . 2. The `:` delimiter is not respected because ports are not allowed. Currently the port of an Ingress is implicitly :80 for http and :443 for https. Both these may change in the future. If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue. If multiple matching Hosts were provided, the first rule will take precedent.' - type: array - items: - type: string - http: - description: HTTP represents a rule to apply against incoming requests. If the rule is satisfied, the request is routed to the specified backend. - type: object - required: - - paths - properties: - paths: - description: "A collection of paths that map requests to backends. \n If they are multiple matching paths, the first match takes precedence." - type: array - items: - description: HTTPIngressPath associates a path regex with a backend. Incoming URLs matching the path are forwarded to the backend. - type: object - required: - - splits - properties: - appendHeaders: - description: "AppendHeaders allow specifying additional HTTP headers to add before forwarding a request to the destination service. \n NOTE: This differs from K8s Ingress which doesn't allow header appending." - type: object - additionalProperties: - type: string - headers: - description: Headers defines header matching rules which is a map from a header name to HeaderMatch which specify a matching condition. When a request matched with all the header matching rules, the request is routed by the corresponding ingress rule. If it is empty, the headers are not used for matching - type: object - additionalProperties: - description: HeaderMatch represents a matching value of Headers in HTTPIngressPath. Currently, only the exact matching is supported. - type: object - required: - - exact - properties: - exact: - type: string - path: - description: Path represents a literal prefix to which this rule should apply. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/'. If unspecified, the path defaults to a catch all sending traffic to the backend. - type: string - rewriteHost: - description: "RewriteHost rewrites the incoming request's host header. \n This field is currently experimental and not supported by all Ingress implementations." - type: string - splits: - description: Splits defines the referenced service endpoints to which the traffic will be forwarded to. - type: array - items: - description: IngressBackendSplit describes all endpoints for a given service and port. - type: object - required: - - serviceName - - serviceNamespace - - servicePort - properties: - appendHeaders: - description: "AppendHeaders allow specifying additional HTTP headers to add before forwarding a request to the destination service. \n NOTE: This differs from K8s Ingress which doesn't allow header appending." - type: object - additionalProperties: - type: string - percent: - description: "Specifies the split percentage, a number between 0 and 100. If only one split is specified, we default to 100. \n NOTE: This differs from K8s Ingress to allow percentage split." - type: integer - serviceName: - description: Specifies the name of the referenced service. - type: string - serviceNamespace: - description: "Specifies the namespace of the referenced service. \n NOTE: This differs from K8s Ingress to allow routing to different namespaces." - type: string - servicePort: - description: Specifies the port of the referenced service. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - visibility: - description: Visibility signifies whether this rule should `ClusterLocal`. If it's not specified then it defaults to `ExternalIP`. - type: string - tls: - description: 'TLS configuration. Currently Ingress only supports a single TLS port: 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI.' - type: array - items: - description: IngressTLS describes the transport layer security associated with an Ingress. - type: object - properties: - hosts: - description: Hosts is a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified. - type: array - items: - type: string - secretName: - description: SecretName is the name of the secret used to terminate SSL traffic. - type: string - secretNamespace: - description: SecretNamespace is the namespace of the secret used to terminate SSL traffic. If not set the namespace should be assumed to be the same as the Ingress. If set the secret should have the same namespace as the Ingress otherwise the behaviour is undefined and not supported. - type: string - status: - description: 'Status is the current state of the Ingress. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - privateLoadBalancer: - description: PrivateLoadBalancer contains the current status of the load-balancer. - type: object - properties: - ingress: - description: Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points. - type: array - items: - description: 'LoadBalancerIngressStatus represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.' - type: object - properties: - domain: - description: Domain is set for load-balancer ingress points that are DNS based (typically AWS load-balancers) - type: string - domainInternal: - description: "DomainInternal is set if there is a cluster-local DNS name to access the Ingress. \n NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local DNS name to allow routing in case of not having a mesh." - type: string - ip: - description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers) - type: string - meshOnly: - description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. - type: boolean - publicLoadBalancer: - description: PublicLoadBalancer contains the current status of the load-balancer. - type: object - properties: - ingress: - description: Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points. - type: array - items: - description: 'LoadBalancerIngressStatus represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.' - type: object - properties: - domain: - description: Domain is set for load-balancer ingress points that are DNS based (typically AWS load-balancers) - type: string - domainInternal: - description: "DomainInternal is set if there is a cluster-local DNS name to access the Ingress. \n NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local DNS name to allow routing in case of not having a mesh." - type: string - ip: - description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers) - type: string - meshOnly: - description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. - type: boolean - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: Ingress - plural: ingresses - singular: ingress - categories: - - knative-internal - - networking - shortNames: - - kingress - - king - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: metrics.autoscaling.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" - knative.dev/crd-install: "true" -spec: - group: autoscaling.internal.knative.dev - names: - kind: Metric - plural: metrics - singular: metric - categories: - - knative-internal - - autoscaling - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: Metric represents a resource to configure the metric collector with. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Metric (from the client). - type: object - required: - - panicWindow - - scrapeTarget - - stableWindow - properties: - panicWindow: - description: PanicWindow is the aggregation window for metrics where quick reactions are needed. - type: integer - format: int64 - scrapeTarget: - description: ScrapeTarget is the K8s service that publishes the metric endpoint. - type: string - stableWindow: - description: StableWindow is the aggregation window for metrics in a stable state. - type: integer - format: int64 - status: - description: Status communicates the observed state of the Metric (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: podautoscalers.autoscaling.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" - knative.dev/crd-install: "true" -spec: - group: autoscaling.internal.knative.dev - names: - kind: PodAutoscaler - plural: podautoscalers - singular: podautoscaler - categories: - - knative-internal - - autoscaling - shortNames: - - kpa - - pa - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: DesiredScale - type: integer - jsonPath: ".status.desiredScale" - - name: ActualScale - type: integer - jsonPath: ".status.actualScale" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'PodAutoscaler is a Knative abstraction that encapsulates the interface by which Knative components instantiate autoscalers. This definition is an abstraction that may be backed by multiple definitions. For more information, see the Knative Pluggability presentation: https://docs.google.com/presentation/d/19vW9HFZ6Puxt31biNZF3uLRejDmu82rxJIk1cWmxF7w/edit' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the PodAutoscaler (from the client). - type: object - required: - - protocolType - - scaleTargetRef - properties: - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means unlimited concurrency. - type: integer - format: int64 - protocolType: - description: The application-layer protocol. Matches `ProtocolType` inferred from the revision spec. - type: string - reachability: - description: Reachability specifies whether or not the `ScaleTargetRef` can be reached (ie. has a route). Defaults to `ReachabilityUnknown` - type: string - scaleTargetRef: - description: ScaleTargetRef defines the /scale-able resource that this PodAutoscaler is responsible for quickly right-sizing. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - x-kubernetes-map-type: atomic - status: - description: Status communicates the observed state of the PodAutoscaler (from the controller). - type: object - required: - - metricsServiceName - - serviceName - properties: - actualScale: - description: ActualScale shows the actual number of replicas for the revision. - type: integer - format: int32 - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - desiredScale: - description: DesiredScale shows the current desired number of replicas for the revision. - type: integer - format: int32 - metricsServiceName: - description: MetricsServiceName is the K8s Service name that provides revision metrics. The service is managed by the PA object. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - serviceName: - description: ServiceName is the K8s Service name that serves the revision, scaled by this PA. The service is created and owned by the ServerlessService object owned by this PA. - type: string - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: revisions.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" - knative.dev/crd-install: "true" -spec: - group: serving.knative.dev - names: - kind: Revision - plural: revisions - singular: revision - categories: - - all - - knative - - serving - shortNames: - - rev - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Config Name - type: string - jsonPath: ".metadata.labels['serving\\.knative\\.dev/configuration']" - - name: K8s Service Name - type: string - jsonPath: ".status.serviceName" - - name: Generation - type: string # int in string form :( - jsonPath: ".metadata.labels['serving\\.knative\\.dev/configurationGeneration']" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - name: Actual Replicas - type: integer - jsonPath: ".status.actualReplicas" - - name: Desired Replicas - type: integer - jsonPath: ".status.desiredReplicas" - schema: - openAPIV3Schema: - description: "Revision is an immutable snapshot of code and configuration. A revision references a container image. Revisions are created by updates to a Configuration. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#revision" - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - status: - description: RevisionStatus communicates the observed state of the Revision (from the controller). - type: object - properties: - actualReplicas: - description: ActualReplicas reflects the amount of ready pods running this revision. - type: integer - format: int32 - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - containerStatuses: - description: 'ContainerStatuses is a slice of images present in .Spec.Container[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' - type: array - items: - description: ContainerStatus holds the information of container name and image digest value - type: object - properties: - imageDigest: - type: string - name: - type: string - desiredReplicas: - description: DesiredReplicas reflects the desired amount of pods running this revision. - type: integer - format: int32 - initContainerStatuses: - description: 'InitContainerStatuses is a slice of images present in .Spec.InitContainer[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' - type: array - items: - description: ContainerStatus holds the information of container name and image digest value - type: object - properties: - imageDigest: - type: string - name: - type: string - logUrl: - description: LogURL specifies the generated logging url for this particular revision based on the revision url template specified in the controller's config. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: routes.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" -spec: - group: serving.knative.dev - names: - kind: Route - plural: routes - singular: route - categories: - - all - - knative - - serving - shortNames: - - rt - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'Route is responsible for configuring ingress over a collection of Revisions. Some of the Revisions a Route distributes traffic over may be specified by referencing the Configuration responsible for creating them; in these cases the Route is additionally responsible for monitoring the Configuration for "latest ready revision" changes, and smoothly rolling out latest revisions. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#route' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Route (from the client). - type: object - properties: - traffic: - description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - status: - description: Status communicates the observed state of the Route (from the controller). - type: object - properties: - address: - description: Address holds the information needed for a Route to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - traffic: - description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - url: - description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} - type: string - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: serverlessservices.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.3" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'ServerlessService is a proxy for the K8s service objects containing the endpoints for the revision, whether those are endpoints of the activator or revision pods. See: https://knative.page.link/naxz for details.' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the ServerlessService. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - objectRef - - protocolType - properties: - mode: - description: Mode describes the mode of operation of the ServerlessService. - type: string - numActivators: - description: NumActivators contains number of Activators that this revision should be assigned. O means — assign all. - type: integer - format: int32 - objectRef: - description: ObjectRef defines the resource that this ServerlessService is responsible for making "serverless". - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - x-kubernetes-map-type: atomic - protocolType: - description: The application-layer protocol. Matches `RevisionProtocolType` set on the owning pa/revision. serving imports networking, so just use string. - type: string - status: - description: 'Status is the current state of the ServerlessService. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - privateServiceName: - description: PrivateServiceName holds the name of a core K8s Service resource that load balances over the user service pods backing this Revision. - type: string - serviceName: - description: ServiceName holds the name of a core K8s Service resource that load balances over the pods backing this Revision (activator or revision). - type: string - additionalPrinterColumns: - - name: Mode - type: string - jsonPath: ".spec.mode" - - name: Activators - type: integer - jsonPath: ".spec.numActivators" - - name: ServiceName - type: string - jsonPath: ".status.serviceName" - - name: PrivateServiceName - type: string - jsonPath: ".status.privateServiceName" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: ServerlessService - plural: serverlessservices - singular: serverlessservice - categories: - - knative-internal - - networking - shortNames: - - sks - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: services.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - duck.knative.dev/podspecable: "true" -spec: - group: serving.knative.dev - names: - kind: Service - plural: services - singular: service - categories: - - all - - knative - - serving - shortNames: - - kservice - - ksvc - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: LatestCreated - type: string - jsonPath: .status.latestCreatedRevisionName - - name: LatestReady - type: string - jsonPath: .status.latestReadyRevisionName - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: "Service acts as a top-level container that manages a Route and Configuration which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership. Service acts only as an orchestrator of the underlying Routes and Configurations (much as a kubernetes Deployment orchestrates ReplicaSets), and its usage is optional but recommended. \n The Service's controller will track the statuses of its owned Configuration and Route, reflecting their statuses and conditions as its own. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#service" - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ServiceSpec represents the configuration for the Service object. A Service's specification is the union of the specifications for a Route and Configuration. The Service restricts what can be expressed in these fields, e.g. the Route must reference the provided Configuration; however, these limitations also enable friendlier defaulting, e.g. Route never needs a Configuration name, and may be defaulted to the appropriate "run latest" spec. - type: object - properties: - template: - description: Template holds the latest specification for the Revision to be stamped out. - type: object - properties: - metadata: - type: object - properties: - annotations: - type: object - additionalProperties: - type: string - finalizers: - type: array - items: - type: string - labels: - type: object - additionalProperties: - type: string - name: - type: string - namespace: - type: string - x-kubernetes-preserve-unknown-fields: true - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - traffic: - description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - status: - description: ServiceStatus represents the Status stanza of the Service resource. - type: object - properties: - address: - description: Address holds the information needed for a Route to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - latestCreatedRevisionName: - description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. - type: string - latestReadyRevisionName: - description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - traffic: - description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - url: - description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} - type: string - ---- -# Copyright 2022 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - # Do not drop -ctrl-ca suffix as control-protocol requires it. - # https://github.com/knative-sandbox/control-protocol/blob/main/pkg/certificates/reconciler/controller.go - name: serving-certs-ctrl-ca - namespace: knative-serving - labels: - serving-certs-ctrl: "data-plane" - networking.internal.knative.dev/certificate-uid: "serving-certs" - -# The data is populated when internal-encryption is enabled. ---- -apiVersion: v1 -kind: Secret -metadata: - name: knative-serving-certs - namespace: knative-serving - labels: - serving-certs-ctrl: "data-plane" - networking.internal.knative.dev/certificate-uid: "serving-certs" - -# The data is populated when internal-encryption is enabled. ---- -apiVersion: v1 -kind: Secret -metadata: - name: control-serving-certs - namespace: knative-serving - labels: - serving-certs-ctrl: "control-plane" - networking.internal.knative.dev/certificate-uid: "serving-certs" - -# The data is populated when internal-encryption is enabled. ---- -apiVersion: v1 -kind: Secret -metadata: - name: routing-serving-certs - namespace: knative-serving - labels: - serving-certs-ctrl: "data-plane-routing" - routing-id: "0" - networking.internal.knative.dev/certificate-uid: "serving-certs" -# The data is populated when internal-encryption is enabled. - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: caching.internal.knative.dev/v1alpha1 -kind: Image -metadata: - name: queue-proxy - namespace: knative-serving - labels: - app.kubernetes.io/component: queue-proxy - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" -spec: - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:5834a2bd1efffa566b31c53e332a8e8a0682ab39057f222c50add15a5a7d2666 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-autoscaler - namespace: knative-serving - labels: - app.kubernetes.io/component: autoscaler - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" - annotations: - knative.dev/example-checksum: "47c2487f" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # The Revision ContainerConcurrency field specifies the maximum number - # of requests the Container can handle at once. Container concurrency - # target percentage is how much of that maximum to use in a stable - # state. E.g. if a Revision specifies ContainerConcurrency of 10, then - # the Autoscaler will try to maintain 7 concurrent connections per pod - # on average. - # Note: this limit will be applied to container concurrency set at every - # level (ConfigMap, Revision Spec or Annotation). - # For legacy and backwards compatibility reasons, this value also accepts - # fractional values in (0, 1] interval (i.e. 0.7 ⇒ 70%). - # Thus minimal percentage value must be greater than 1.0, or it will be - # treated as a fraction. - # NOTE: that this value does not affect actual number of concurrent requests - # the user container may receive, but only the average number of requests - # that the revision pods will receive. - container-concurrency-target-percentage: "70" - - # The container concurrency target default is what the Autoscaler will - # try to maintain when concurrency is used as the scaling metric for the - # Revision and the Revision specifies unlimited concurrency. - # When revision explicitly specifies container concurrency, that value - # will be used as a scaling target for autoscaler. - # When specifying unlimited concurrency, the autoscaler will - # horizontally scale the application based on this target concurrency. - # This is what we call "soft limit" in the documentation, i.e. it only - # affects number of pods and does not affect the number of requests - # individual pod processes. - # The value must be a positive number such that the value multiplied - # by container-concurrency-target-percentage is greater than 0.01. - # NOTE: that this value will be adjusted by application of - # container-concurrency-target-percentage, i.e. by default - # the system will target on average 70 concurrent requests - # per revision pod. - # NOTE: Only one metric can be used for autoscaling a Revision. - container-concurrency-target-default: "100" - - # The requests per second (RPS) target default is what the Autoscaler will - # try to maintain when RPS is used as the scaling metric for a Revision and - # the Revision specifies unlimited RPS. Even when specifying unlimited RPS, - # the autoscaler will horizontally scale the application based on this - # target RPS. - # Must be greater than 1.0. - # NOTE: Only one metric can be used for autoscaling a Revision. - requests-per-second-target-default: "200" - - # The target burst capacity specifies the size of burst in concurrent - # requests that the system operator expects the system will receive. - # Autoscaler will try to protect the system from queueing by introducing - # Activator in the request path if the current spare capacity of the - # service is less than this setting. - # If this setting is 0, then Activator will be in the request path only - # when the revision is scaled to 0. - # If this setting is > 0 and container-concurrency-target-percentage is - # 100% or 1.0, then activator will always be in the request path. - # -1 denotes unlimited target-burst-capacity and activator will always - # be in the request path. - # Other negative values are invalid. - target-burst-capacity: "211" - - # When operating in a stable mode, the autoscaler operates on the - # average concurrency over the stable window. - # Stable window must be in whole seconds. - stable-window: "60s" - - # When observed average concurrency during the panic window reaches - # panic-threshold-percentage the target concurrency, the autoscaler - # enters panic mode. When operating in panic mode, the autoscaler - # scales on the average concurrency over the panic window which is - # panic-window-percentage of the stable-window. - # Must be in the [1, 100] range. - # When computing the panic window it will be rounded to the closest - # whole second, at least 1s. - panic-window-percentage: "10.0" - - # The percentage of the container concurrency target at which to - # enter panic mode when reached within the panic window. - panic-threshold-percentage: "200.0" - - # Max scale up rate limits the rate at which the autoscaler will - # increase pod count. It is the maximum ratio of desired pods versus - # observed pods. - # Cannot be less or equal to 1. - # I.e with value of 2.0 the number of pods can at most go N to 2N - # over single Autoscaler period (2s), but at least N to - # N+1, if Autoscaler needs to scale up. - max-scale-up-rate: "1000.0" - - # Max scale down rate limits the rate at which the autoscaler will - # decrease pod count. It is the maximum ratio of observed pods versus - # desired pods. - # Cannot be less or equal to 1. - # I.e. with value of 2.0 the number of pods can at most go N to N/2 - # over single Autoscaler evaluation period (2s), but at - # least N to N-1, if Autoscaler needs to scale down. - max-scale-down-rate: "2.0" - - # Scale to zero feature flag. - enable-scale-to-zero: "true" - - # Scale to zero grace period is the time an inactive revision is left - # running before it is scaled to zero (must be positive, but recommended - # at least a few seconds if running with mesh networking). - # This is the upper limit and is provided not to enforce timeout after - # the revision stopped receiving requests for stable window, but to - # ensure network reprogramming to put activator in the path has completed. - # If the system determines that a shorter period is satisfactory, - # then the system will only wait that amount of time before scaling to 0. - # NOTE: this period might actually be 0, if activator has been - # in the request path sufficiently long. - # If there is necessity for the last pod to linger longer use - # scale-to-zero-pod-retention-period flag. - scale-to-zero-grace-period: "30s" - - # Scale to zero pod retention period defines the minimum amount - # of time the last pod will remain after Autoscaler has decided to - # scale to zero. - # This flag is for the situations where the pod startup is very expensive - # and the traffic is bursty (requiring smaller windows for fast action), - # but patchy. - # The larger of this flag and `scale-to-zero-grace-period` will effectively - # determine how the last pod will hang around. - scale-to-zero-pod-retention-period: "0s" - - # pod-autoscaler-class specifies the default pod autoscaler class - # that should be used if none is specified. If omitted, - # the Knative Pod Autoscaler (KPA) is used by default. - pod-autoscaler-class: "kpa.autoscaling.knative.dev" - - # The capacity of a single activator task. - # The `unit` is one concurrent request proxied by the activator. - # activator-capacity must be at least 1. - # This value is used for computation of the Activator subset size. - # See the algorithm here: http://bit.ly/38XiCZ3. - # TODO(vagababov): tune after actual benchmarking. - activator-capacity: "100.0" - - # initial-scale is the cluster-wide default value for the initial target - # scale of a revision after creation, unless overridden by the - # "autoscaling.knative.dev/initialScale" annotation. - # This value must be greater than 0 unless allow-zero-initial-scale is true. - initial-scale: "1" - - # allow-zero-initial-scale controls whether either the cluster-wide initial-scale flag, - # or the "autoscaling.knative.dev/initialScale" annotation, can be set to 0. - allow-zero-initial-scale: "false" - - # min-scale is the cluster-wide default value for the min scale of a revision, - # unless overridden by the "autoscaling.knative.dev/minScale" annotation. - min-scale: "0" - - # max-scale is the cluster-wide default value for the max scale of a revision, - # unless overridden by the "autoscaling.knative.dev/maxScale" annotation. - # If set to 0, the revision has no maximum scale. - max-scale: "0" - - # scale-down-delay is the amount of time that must pass at reduced - # concurrency before a scale down decision is applied. This can be useful, - # for example, to maintain replica count and avoid a cold start penalty if - # more requests come in within the scale down delay period. - # The default, 0s, imposes no delay at all. - scale-down-delay: "0s" - - # max-scale-limit sets the maximum permitted value for the max scale of a revision. - # When this is set to a positive value, a revision with a maxScale above that value - # (including a maxScale of "0" = unlimited) is disallowed. - # A value of zero (the default) allows any limit, including unlimited. - max-scale-limit: "0" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-defaults - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.3" - annotations: - knative.dev/example-checksum: "e7973912" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # revision-timeout-seconds contains the default number of - # seconds to use for the revision's per-request timeout, if - # none is specified. - revision-timeout-seconds: "300" # 5 minutes - - # max-revision-timeout-seconds contains the maximum number of - # seconds that can be used for revision-timeout-seconds. - # This value must be greater than or equal to revision-timeout-seconds. - # If omitted, the system default is used (600 seconds). - # - # If this value is increased, the activator's terminationGraceTimeSeconds - # should also be increased to prevent in-flight requests being disrupted. - max-revision-timeout-seconds: "600" # 10 minutes - - # revision-response-start-timeout-seconds contains the default number of - # seconds a request will be allowed to stay open while waiting to - # receive any bytes from the user's application, if none is specified. - # - # This defaults to 'revision-timeout-seconds' - revision-response-start-timeout-seconds: "300" - - # revision-idle-timeout-seconds contains the default number of - # seconds a request will be allowed to stay open while not receiving any - # bytes from the user's application, if none is specified. - revision-idle-timeout-seconds: "0" # infinite - - # revision-cpu-request contains the cpu allocation to assign - # to revisions by default. If omitted, no value is specified - # and the system default is used. - # Below is an example of setting revision-cpu-request. - # By default, it is not set by Knative. - revision-cpu-request: "400m" # 0.4 of a CPU (aka 400 milli-CPU) - - # revision-memory-request contains the memory allocation to assign - # to revisions by default. If omitted, no value is specified - # and the system default is used. - # Below is an example of setting revision-memory-request. - # By default, it is not set by Knative. - revision-memory-request: "100M" # 100 megabytes of memory - - # revision-ephemeral-storage-request contains the ephemeral storage - # allocation to assign to revisions by default. If omitted, no value is - # specified and the system default is used. - revision-ephemeral-storage-request: "500M" # 500 megabytes of storage - - # revision-cpu-limit contains the cpu allocation to limit - # revisions to by default. If omitted, no value is specified - # and the system default is used. - # Below is an example of setting revision-cpu-limit. - # By default, it is not set by Knative. - revision-cpu-limit: "1000m" # 1 CPU (aka 1000 milli-CPU) - - # revision-memory-limit contains the memory allocation to limit - # revisions to by default. If omitted, no value is specified - # and the system default is used. - # Below is an example of setting revision-memory-limit. - # By default, it is not set by Knative. - revision-memory-limit: "200M" # 200 megabytes of memory - - # revision-ephemeral-storage-limit contains the ephemeral storage - # allocation to limit revisions to by default. If omitted, no value is - # specified and the system default is used. - revision-ephemeral-storage-limit: "750M" # 750 megabytes of storage - - # container-name-template contains a template for the default - # container name, if none is specified. This field supports - # Go templating and is supplied with the ObjectMeta of the - # enclosing Service or Configuration, so values such as - # {{.Name}} are also valid. - container-name-template: "user-container" - - # init-container-name-template contains a template for the default - # init container name, if none is specified. This field supports - # Go templating and is supplied with the ObjectMeta of the - # enclosing Service or Configuration, so values such as - # {{.Name}} are also valid. - init-container-name-template: "init-container" - - # container-concurrency specifies the maximum number - # of requests the Container can handle at once, and requests - # above this threshold are queued. Setting a value of zero - # disables this throttling and lets through as many requests as - # the pod receives. - container-concurrency: "0" - - # The container concurrency max limit is an operator setting ensuring that - # the individual revisions cannot have arbitrary large concurrency - # values, or autoscaling targets. `container-concurrency` default setting - # must be at or below this value. - # - # Must be greater than 1. - # - # Note: even with this set, a user can choose a containerConcurrency - # of 0 (i.e. unbounded) unless allow-container-concurrency-zero is - # set to "false". - container-concurrency-max-limit: "1000" - - # allow-container-concurrency-zero controls whether users can - # specify 0 (i.e. unbounded) for containerConcurrency. - allow-container-concurrency-zero: "true" - - # enable-service-links specifies the default value used for the - # enableServiceLinks field of the PodSpec, when it is omitted by the user. - # See: https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service - # - # This is a tri-state flag with possible values of (true|false|default). - # - # In environments with large number of services it is suggested - # to set this value to `false`. - # See https://github.com/knative/serving/issues/8498. - enable-service-links: "false" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-deployment - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.3" - annotations: - knative.dev/example-checksum: "410041a0" -data: - # This is the Go import path for the binary that is containerized - # and substituted here. - queue-sidecar-image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:5834a2bd1efffa566b31c53e332a8e8a0682ab39057f222c50add15a5a7d2666 - _example: |- - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # List of repositories for which tag to digest resolving should be skipped - registries-skipping-tag-resolving: "kind.local,ko.local,dev.local" - - # Maximum time allowed for an image's digests to be resolved. - digest-resolution-timeout: "10s" - - # Duration we wait for the deployment to be ready before considering it failed. - progress-deadline: "600s" - - # Sets the queue proxy's CPU request. - # If omitted, a default value (currently "25m"), is used. - queue-sidecar-cpu-request: "25m" - - # Sets the queue proxy's CPU limit. - # If omitted, no value is specified and the system default is used. - queue-sidecar-cpu-limit: "1000m" - - # Sets the queue proxy's memory request. - # If omitted, no value is specified and the system default is used. - queue-sidecar-memory-request: "400Mi" - - # Sets the queue proxy's memory limit. - # If omitted, no value is specified and the system default is used. - queue-sidecar-memory-limit: "800Mi" - - # Sets the queue proxy's ephemeral storage request. - # If omitted, no value is specified and the system default is used. - queue-sidecar-ephemeral-storage-request: "512Mi" - - # Sets the queue proxy's ephemeral storage limit. - # If omitted, no value is specified and the system default is used. - queue-sidecar-ephemeral-storage-limit: "1024Mi" - - # Sets tokens associated with specific audiences for queue proxy - used by QPOptions - # - # For example, to add the `service-x` audience: - # queue-sidecar-token-audiences: "service-x" - # Also supports a list of audiences, for example: - # queue-sidecar-token-audiences: "service-x,service-y" - # If omitted, or empty, no tokens are created - queue-sidecar-token-audiences: "" - - # Sets rootCA for the queue proxy - used by QPOptions - # If omitted, or empty, no rootCA is added to the golang rootCAs - queue-sidecar-rootca: "" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-domain - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.3" - annotations: - knative.dev/example-checksum: "26c09de5" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # Default value for domain. - # Routes having the cluster domain suffix (by default 'svc.cluster.local') - # will not be exposed through Ingress. You can define your own label - # selector to assign that domain suffix to your Route here, or you can set - # the label - # "networking.knative.dev/visibility=cluster-local" - # to achieve the same effect. This shows how to make routes having - # the label app=secret only exposed to the local cluster. - svc.cluster.local: | - selector: - app: secret - - # These are example settings of domain. - # example.com will be used for all routes, but it is the least-specific rule so it - # will only be used if no other domain matches. - example.com: | - - # example.org will be used for routes having app=nonprofit. - example.org: | - selector: - app: nonprofit - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-features - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.3" - annotations: - knative.dev/example-checksum: "d3565159" -data: - _example: |- - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # Default SecurityContext settings to secure-by-default values - # if unset. - # - # This value will default to "enabled" in a future release, - # probably Knative 1.10 - secure-pod-defaults: "disabled" - - # Indicates whether multi container support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#multi-containers - multi-container: "enabled" - - # Indicates whether Kubernetes affinity support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-node-affinity - kubernetes.podspec-affinity: "disabled" - - # Indicates whether Kubernetes topologySpreadConstraints support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-topology-spread-constraints - kubernetes.podspec-topologyspreadconstraints: "disabled" - - # Indicates whether Kubernetes hostAliases support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-host-aliases - kubernetes.podspec-hostaliases: "disabled" - - # Indicates whether Kubernetes nodeSelector support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-node-selector - kubernetes.podspec-nodeselector: "disabled" - - # Indicates whether Kubernetes tolerations support is enabled - # - # WARNING: Cannot safely be disabled once enabled - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-toleration - kubernetes.podspec-tolerations: "disabled" - - # Indicates whether Kubernetes FieldRef support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-fieldref - kubernetes.podspec-fieldref: "disabled" - - # Indicates whether Kubernetes RuntimeClassName support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-runtime-class - kubernetes.podspec-runtimeclassname: "disabled" - - # Indicates whether Kubernetes DNSPolicy support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-dnspolicy - kubernetes.podspec-dnspolicy: "disabled" - - # Indicates whether Kubernetes DNSConfig support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-dnsconfig - kubernetes.podspec-dnsconfig: "disabled" - - # This feature allows end-users to set a subset of fields on the Pod's SecurityContext - # - # When set to "enabled" or "allowed" it allows the following - # PodSecurityContext properties: - # - FSGroup - # - RunAsGroup - # - RunAsNonRoot - # - SupplementalGroups - # - RunAsUser - # - SeccompProfile - # - # This feature flag should be used with caution as the PodSecurityContext - # properties may have a side-effect on non-user sidecar containers that come - # from Knative or your service mesh - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-security-context - kubernetes.podspec-securitycontext: "disabled" - - # Indicates whether Kubernetes PriorityClassName support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-priority-class-name - kubernetes.podspec-priorityclassname: "disabled" - - # Indicates whether Kubernetes SchedulerName support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-scheduler-name - kubernetes.podspec-schedulername: "disabled" - - # This feature flag allows end-users to add a subset of capabilities on the Pod's SecurityContext. - # - # When set to "enabled" or "allowed" it allows capabilities to be added to the container. - # For a list of possible capabilities, see https://man7.org/linux/man-pages/man7/capabilities.7.html - kubernetes.containerspec-addcapabilities: "disabled" - - # This feature validates PodSpecs from the validating webhook - # against the K8s API Server. - # - # When "enabled", the server will always run the extra validation. - # When "allowed", the server will not run the dry-run validation by default. - # However, clients may enable the behavior on an individual Service by - # attaching the following metadata annotation: "features.knative.dev/podspec-dryrun":"enabled". - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-dry-run - kubernetes.podspec-dryrun: "allowed" - - # Controls whether tag header based routing feature are enabled or not. - # 1. Enabled: enabling tag header based routing - # 2. Disabled: disabling tag header based routing - # See: https://knative.dev/docs/serving/feature-flags/#tag-header-based-routing - tag-header-based-routing: "disabled" - - # Controls whether http2 auto-detection should be enabled or not. - # 1. Enabled: http2 connection will be attempted via upgrade. - # 2. Disabled: http2 connection will only be attempted when port name is set to "h2c". - autodetect-http2: "disabled" - - # Controls whether volume support for EmptyDir is enabled or not. - # 1. Enabled: enabling EmptyDir volume support - # 2. Disabled: disabling EmptyDir volume support - kubernetes.podspec-volumes-emptydir: "enabled" - - # Controls whether init containers support is enabled or not. - # 1. Enabled: enabling init containers support - # 2. Disabled: disabling init containers support - kubernetes.podspec-init-containers: "disabled" - - # Controls whether persistent volume claim support is enabled or not. - # 1. Enabled: enabling persistent volume claim support - # 2. Disabled: disabling persistent volume claim support - kubernetes.podspec-persistent-volume-claim: "disabled" - - # Controls whether write access for persistent volumes is enabled or not. - # 1. Enabled: enabling write access for persistent volumes - # 2. Disabled: disabling write access for persistent volumes - kubernetes.podspec-persistent-volume-write: "disabled" - - # Controls if the queue proxy podInfo feature is enabled, allowed or disabled - # - # This feature should be enabled/allowed when using queue proxy Options (Extensions) - # Enabling will mount a podInfo volume to the queue proxy container. - # The volume will contains an 'annotations' file (from the pod's annotation field). - # The annotations in this file include the Service annotations set by the client creating the service. - # If mounted, the annotations can be accessed by queue proxy extensions at /etc/podinfo/annnotations - # - # 1. "enabled": always mount a podInfo volume - # 2. "disabled": never mount a podInfo volume - # 3. "allowed": by default, do not mount a podInfo volume - # However, a client may mount the podInfo volume on an individual Service by attaching - # the following metadata annotation to the Service: "features.knative.dev/queueproxy-podinfo":"enabled". - # - # NOTE THAT THIS IS AN EXPERIMENTAL / ALPHA FEATURE - queueproxy.mount-podinfo: "disabled" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-gc - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.3" - annotations: - knative.dev/example-checksum: "aa3813a8" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # --------------------------------------- - # Garbage Collector Settings - # --------------------------------------- - # - # Active - # * Revisions which are referenced by a Route are considered active. - # * Individual revisions may be marked with the annotation - # "serving.knative.dev/no-gc":"true" to be permanently considered active. - # * Active revisions are not considered for GC. - # Retention - # * Revisions are retained if they are any of the following: - # 1. Active - # 2. Were created within "retain-since-create-time" - # 3. Were last referenced by a route within - # "retain-since-last-active-time" - # 4. There are fewer than "min-non-active-revisions" - # If none of these conditions are met, or if the count of revisions exceed - # "max-non-active-revisions", they will be deleted by GC. - # The special value "disabled" may be used to turn off these limits. - # - # Example config to immediately collect any inactive revision: - # min-non-active-revisions: "0" - # max-non-active-revisions: "0" - # retain-since-create-time: "disabled" - # retain-since-last-active-time: "disabled" - # - # Example config to always keep around the last ten non-active revisions: - # retain-since-create-time: "disabled" - # retain-since-last-active-time: "disabled" - # max-non-active-revisions: "10" - # - # Example config to disable all garbage collection: - # retain-since-create-time: "disabled" - # retain-since-last-active-time: "disabled" - # max-non-active-revisions: "disabled" - # - # Example config to keep recently deployed or active revisions, - # always maintain the last two in case of rollback, and prevent - # burst activity from exploding the count of old revisions: - # retain-since-create-time: "48h" - # retain-since-last-active-time: "15h" - # min-non-active-revisions: "2" - # max-non-active-revisions: "1000" - - # Duration since creation before considering a revision for GC or "disabled". - retain-since-create-time: "48h" - - # Duration since active before considering a revision for GC or "disabled". - retain-since-last-active-time: "15h" - - # Minimum number of non-active revisions to retain. - min-non-active-revisions: "20" - - # Maximum number of non-active revisions to retain - # or "disabled" to disable any maximum limit. - max-non-active-revisions: "1000" - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-leader-election - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.3" - annotations: - knative.dev/example-checksum: "f4b71f57" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # lease-duration is how long non-leaders will wait to try to acquire the - # lock; 15 seconds is the value used by core kubernetes controllers. - lease-duration: "60s" - - # renew-deadline is how long a leader will try to renew the lease before - # giving up; 10 seconds is the value used by core kubernetes controllers. - renew-deadline: "40s" - - # retry-period is how long the leader election client waits between tries of - # actions; 2 seconds is the value used by core kubernetes controllers. - retry-period: "10s" - - # buckets is the number of buckets used to partition key space of each - # Reconciler. If this number is M and the replica number of the controller - # is N, the N replicas will compete for the M buckets. The owner of a - # bucket will take care of the reconciling for the keys partitioned into - # that bucket. - buckets: "1" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-logging - namespace: knative-serving - labels: - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/component: logging - app.kubernetes.io/name: knative-serving - annotations: - knative.dev/example-checksum: "b0f3c6f2" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # Common configuration for all Knative codebase - zap-logger-config: | - { - "level": "info", - "development": false, - "outputPaths": ["stdout"], - "errorOutputPaths": ["stderr"], - "encoding": "json", - "encoderConfig": { - "timeKey": "timestamp", - "levelKey": "severity", - "nameKey": "logger", - "callerKey": "caller", - "messageKey": "message", - "stacktraceKey": "stacktrace", - "lineEnding": "", - "levelEncoder": "", - "timeEncoder": "iso8601", - "durationEncoder": "", - "callerEncoder": "" - } - } - - # Log level overrides - # For all components except the queue proxy, - # changes are picked up immediately. - # For queue proxy, changes require recreation of the pods. - loglevel.controller: "info" - loglevel.autoscaler: "info" - loglevel.queueproxy: "info" - loglevel.webhook: "info" - loglevel.activator: "info" - loglevel.hpaautoscaler: "info" - loglevel.net-certmanager-controller: "info" - loglevel.net-istio-controller: "info" - loglevel.net-contour-controller: "info" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-network - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.3" - annotations: - knative.dev/example-checksum: "73d96d1b" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # ingress-class specifies the default ingress class - # to use when not dictated by Route annotation. - # - # If not specified, will use the Istio ingress. - # - # Note that changing the Ingress class of an existing Route - # will result in undefined behavior. Therefore it is best to only - # update this value during the setup of Knative, to avoid getting - # undefined behavior. - ingress-class: "istio.ingress.networking.knative.dev" - - # certificate-class specifies the default Certificate class - # to use when not dictated by Route annotation. - # - # If not specified, will use the Cert-Manager Certificate. - # - # Note that changing the Certificate class of an existing Route - # will result in undefined behavior. Therefore it is best to only - # update this value during the setup of Knative, to avoid getting - # undefined behavior. - certificate-class: "cert-manager.certificate.networking.knative.dev" - - # namespace-wildcard-cert-selector specifies a LabelSelector which - # determines which namespaces should have a wildcard certificate - # provisioned. - # - # Use an empty value to disable the feature (this is the default): - # namespace-wildcard-cert-selector: "" - # - # Use an empty object to enable for all namespaces - # namespace-wildcard-cert-selector: {} - # - # Useful labels include the "kubernetes.io/metadata.name" label to - # avoid provisioning a certifcate for the "kube-system" namespaces. - # Use the following selector to match pre-1.0 behavior of using - # "networking.knative.dev/disableWildcardCert" to exclude namespaces: - # - # matchExpressions: - # - key: "networking.knative.dev/disableWildcardCert" - # operator: "NotIn" - # values: ["true"] - namespace-wildcard-cert-selector: "" - - # domain-template specifies the golang text template string to use - # when constructing the Knative service's DNS name. The default - # value is "{{.Name}}.{{.Namespace}}.{{.Domain}}". - # - # Valid variables defined in the template include Name, Namespace, Domain, - # Labels, and Annotations. Name will be the result of the tagTemplate - # below, if a tag is specified for the route. - # - # Changing this value might be necessary when the extra levels in - # the domain name generated is problematic for wildcard certificates - # that only support a single level of domain name added to the - # certificate's domain. In those cases you might consider using a value - # of "{{.Name}}-{{.Namespace}}.{{.Domain}}", or removing the Namespace - # entirely from the template. When choosing a new value be thoughtful - # of the potential for conflicts - for example, when users choose to use - # characters such as `-` in their service, or namespace, names. - # {{.Annotations}} or {{.Labels}} can be used for any customization in the - # go template if needed. - # We strongly recommend keeping namespace part of the template to avoid - # domain name clashes: - # eg. '{{.Name}}-{{.Namespace}}.{{ index .Annotations "sub"}}.{{.Domain}}' - # and you have an annotation {"sub":"foo"}, then the generated template - # would be {Name}-{Namespace}.foo.{Domain} - domain-template: "{{.Name}}.{{.Namespace}}.{{.Domain}}" - - # tagTemplate specifies the golang text template string to use - # when constructing the DNS name for "tags" within the traffic blocks - # of Routes and Configuration. This is used in conjunction with the - # domainTemplate above to determine the full URL for the tag. - tag-template: "{{.Tag}}-{{.Name}}" - - # Controls whether TLS certificates are automatically provisioned and - # installed in the Knative ingress to terminate external TLS connection. - # 1. Enabled: enabling auto-TLS feature. - # 2. Disabled: disabling auto-TLS feature. - auto-tls: "Disabled" - - # Controls the behavior of the HTTP endpoint for the Knative ingress. - # It requires autoTLS to be enabled. - # 1. Enabled: The Knative ingress will be able to serve HTTP connection. - # 2. Redirected: The Knative ingress will send a 301 redirect for all - # http connections, asking the clients to use HTTPS. - # - # "Disabled" option is deprecated. - http-protocol: "Enabled" - - # rollout-duration contains the minimal duration in seconds over which the - # Configuration traffic targets are rolled out to the newest revision. - rollout-duration: "0" - - # autocreate-cluster-domain-claims controls whether ClusterDomainClaims should - # be automatically created (and deleted) as needed when DomainMappings are - # reconciled. - # - # If this is "false" (the default), the cluster administrator is - # responsible for creating ClusterDomainClaims and delegating them to - # namespaces via their spec.Namespace field. This setting should be used in - # multitenant environments which need to control which namespace can use a - # particular domain name in a domain mapping. - # - # If this is "true", users are able to associate arbitrary names with their - # services via the DomainMapping feature. - autocreate-cluster-domain-claims: "false" - - # If true, networking plugins can add additional information to deployed - # applications to make their pods directly accessible via their IPs even if mesh is - # enabled and thus direct-addressability is usually not possible. - # Consumers like Knative Serving can use this setting to adjust their behavior - # accordingly, i.e. to drop fallback solutions for non-pod-addressable systems. - # - # NOTE: This flag is in an alpha state and is mostly here to enable internal testing - # for now. Use with caution. - enable-mesh-pod-addressability: "false" - - # mesh-compatibility-mode indicates whether consumers of network plugins - # should directly contact Pod IPs (most efficient), or should use the - # Cluster IP (less efficient, needed when mesh is enabled unless - # `enable-mesh-pod-addressability`, above, is set). - # Permitted values are: - # - "auto" (default): automatically determine which mesh mode to use by trying Pod IP and falling back to Cluster IP as needed. - # - "enabled": always use Cluster IP and do not attempt to use Pod IPs. - # - "disabled": always use Pod IPs and do not fall back to Cluster IP on failure. - mesh-compatibility-mode: "auto" - - # Defines the scheme used for external URLs if autoTLS is not enabled. - # This can be used for making Knative report all URLs as "HTTPS" for example, if you're - # fronting Knative with an external loadbalancer that deals with TLS termination and - # Knative doesn't know about that otherwise. - default-external-scheme: "http" - - # internal-encryption indicates whether internal traffic is encrypted or not. - # If this is "true", the following traffic are encrypted: - # - ingress to activator - # - ingress to queue-proxy - # - activator to queue-proxy - # - # NOTE: This flag is in an alpha state and is mostly here to enable internal testing - # for now. Use with caution. - internal-encryption: "false" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-observability - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: observability - app.kubernetes.io/version: "1.10.3" - annotations: - knative.dev/example-checksum: "fed4756e" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # logging.enable-var-log-collection defaults to false. - # The fluentd daemon set will be set up to collect /var/log if - # this flag is true. - logging.enable-var-log-collection: "false" - - # logging.revision-url-template provides a template to use for producing the - # logging URL that is injected into the status of each Revision. - logging.revision-url-template: "http://logging.example.com/?revisionUID=${REVISION_UID}" - - # If non-empty, this enables queue proxy writing user request logs to stdout, excluding probe - # requests. - # NB: after 0.18 release logging.enable-request-log must be explicitly set to true - # in order for request logging to be enabled. - # - # The value determines the shape of the request logs and it must be a valid go text/template. - # It is important to keep this as a single line. Multiple lines are parsed as separate entities - # by most collection agents and will split the request logs into multiple records. - # - # The following fields and functions are available to the template: - # - # Request: An http.Request (see https://golang.org/pkg/net/http/#Request) - # representing an HTTP request received by the server. - # - # Response: - # struct { - # Code int // HTTP status code (see https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml) - # Size int // An int representing the size of the response. - # Latency float64 // A float64 representing the latency of the response in seconds. - # } - # - # Revision: - # struct { - # Name string // Knative revision name - # Namespace string // Knative revision namespace - # Service string // Knative service name - # Configuration string // Knative configuration name - # PodName string // Name of the pod hosting the revision - # PodIP string // IP of the pod hosting the revision - # } - # - logging.request-log-template: '{"httpRequest": {"requestMethod": "{{.Request.Method}}", "requestUrl": "{{js .Request.RequestURI}}", "requestSize": "{{.Request.ContentLength}}", "status": {{.Response.Code}}, "responseSize": "{{.Response.Size}}", "userAgent": "{{js .Request.UserAgent}}", "remoteIp": "{{js .Request.RemoteAddr}}", "serverIp": "{{.Revision.PodIP}}", "referer": "{{js .Request.Referer}}", "latency": "{{.Response.Latency}}s", "protocol": "{{.Request.Proto}}"}, "traceId": "{{index .Request.Header "X-B3-Traceid"}}"}' - - # If true, the request logging will be enabled. - # NB: up to and including Knative version 0.18 if logging.request-log-template is non-empty, this value - # will be ignored. - logging.enable-request-log: "false" - - # If true, this enables queue proxy writing request logs for probe requests to stdout. - # It uses the same template for user requests, i.e. logging.request-log-template. - logging.enable-probe-request-log: "false" - - # metrics.backend-destination field specifies the system metrics destination. - # It supports either prometheus (the default) or opencensus. - metrics.backend-destination: prometheus - - # metrics.request-metrics-backend-destination specifies the request metrics - # destination. It enables queue proxy to send request metrics. - # Currently supported values: prometheus (the default), opencensus. - metrics.request-metrics-backend-destination: prometheus - - # profiling.enable indicates whether it is allowed to retrieve runtime profiling data from - # the pods via an HTTP server in the format expected by the pprof visualization tool. When - # enabled, the Knative Serving pods expose the profiling data on an alternate HTTP port 8008. - # The HTTP context root for profiling is then /debug/pprof/. - profiling.enable: "false" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-tracing - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: tracing - app.kubernetes.io/version: "1.10.3" - annotations: - knative.dev/example-checksum: "26614636" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - # - # This may be "zipkin" or "none" (default) - backend: "none" - - # URL to zipkin collector where traces are sent. - # This must be specified when backend is "zipkin" - zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans" - - # Enable zipkin debug mode. This allows all spans to be sent to the server - # bypassing sampling. - debug: "false" - - # Percentage (0-1) of requests to trace - sample-rate: "0.1" - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: activator - namespace: knative-serving - labels: - app.kubernetes.io/component: activator - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" -spec: - minReplicas: 1 - maxReplicas: 20 - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: activator - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - # Percentage of the requested CPU - averageUtilization: 100 ---- -# Activator PDB. Currently we permit unavailability of 20% of tasks at the same time. -# Given the subsetting and that the activators are partially stateful systems, we want -# a slow rollout of the new versions and slow migration during node upgrades. -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: activator-pdb - namespace: knative-serving - labels: - app.kubernetes.io/component: activator - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" -spec: - minAvailable: 80% - selector: - matchLabels: - app: activator - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: activator - namespace: knative-serving - labels: - app.kubernetes.io/component: activator - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-serving -spec: - selector: - matchLabels: - app: activator - role: activator - template: - metadata: - labels: - app: activator - role: activator - app.kubernetes.io/component: activator - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" - spec: - serviceAccountName: controller - containers: - - name: activator - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/activator@sha256:56eb3c91757755661a273fd93c1206f89d85de6bf35433a9ac2549519998c7ff - # The numbers are based on performance test results from - # https://github.com/knative/serving/issues/1625#issuecomment-511930023 - resources: - requests: - cpu: 300m - memory: 60Mi - limits: - cpu: 1000m - memory: 600Mi - env: - # Run Activator with GC collection when newly generated memory is 500%. - - name: GOGC - value: "500" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/internal/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: http1 - containerPort: 8012 - - name: h2c - containerPort: 8013 - readinessProbe: - httpGet: - port: 8012 - httpHeaders: - - name: k-kubelet-probe - value: "activator" - periodSeconds: 5 - failureThreshold: 5 - livenessProbe: - httpGet: - port: 8012 - httpHeaders: - - name: k-kubelet-probe - value: "activator" - periodSeconds: 10 - failureThreshold: 12 - initialDelaySeconds: 15 - # The activator (often) sits on the dataplane, and may proxy long (e.g. - # streaming, websockets) requests. We give a long grace period for the - # activator to "lame duck" and drain outstanding requests before we - # forcibly terminate the pod (and outstanding connections). This value - # should be at least as large as the upper bound on the Revision's - # timeoutSeconds property to avoid servicing events disrupting - # connections. - terminationGracePeriodSeconds: 600 ---- -apiVersion: v1 -kind: Service -metadata: - name: activator-service - namespace: knative-serving - labels: - app: activator - app.kubernetes.io/component: activator - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-serving -spec: - selector: - app: activator - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: http - port: 80 - targetPort: 8012 - - name: http2 - port: 81 - targetPort: 8013 - - name: https - port: 443 - targetPort: 8112 - type: ClusterIP - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: autoscaler - namespace: knative-serving - labels: - app.kubernetes.io/component: autoscaler - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" -spec: - replicas: 1 - selector: - matchLabels: - app: autoscaler - strategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 0 - template: - metadata: - labels: - app: autoscaler - app.kubernetes.io/component: autoscaler - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: autoscaler - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: autoscaler - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler@sha256:940b61ad7eb1c39d132b99b9653fc74f1db9c5c4c670f084cd3eb49fb4f0744f - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 1000m - memory: 1000Mi - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: websocket - containerPort: 8080 - readinessProbe: - httpGet: - port: 8080 - httpHeaders: - - name: k-kubelet-probe - value: "autoscaler" - livenessProbe: - httpGet: - port: 8080 - httpHeaders: - - name: k-kubelet-probe - value: "autoscaler" - failureThreshold: 6 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: autoscaler - app.kubernetes.io/component: autoscaler - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" - name: autoscaler - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: http - port: 8080 - targetPort: 8080 - selector: - app: autoscaler - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller - namespace: knative-serving - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" -spec: - selector: - matchLabels: - app: controller - template: - metadata: - labels: - app: controller - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: controller - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: controller - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/controller@sha256:0c457f019d08815faec70571cbcf2c5be2d4aa88a5a9c57316e21095c55f315d - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 1000m - memory: 1000Mi - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/internal/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - livenessProbe: - httpGet: - path: /health - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 6 - readinessProbe: - httpGet: - path: /readiness - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 3 - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: probes - containerPort: 8080 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: controller - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" - name: controller - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - selector: - app: controller - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: domain-mapping - namespace: knative-serving - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" -spec: - selector: - matchLabels: - app: domain-mapping - template: - metadata: - labels: - app: domain-mapping - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: domain-mapping - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: domain-mapping - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping@sha256:af4b97b8cd5966bc1707b99239062bf65db983e8be8ce03b3c42a781a07d5a58 - resources: - requests: - cpu: 30m - memory: 40Mi - limits: - cpu: 300m - memory: 400Mi - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - livenessProbe: - httpGet: - path: /health - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 6 - readinessProbe: - httpGet: - path: /readiness - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 3 - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: probes - containerPort: 8080 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: domainmapping-webhook - namespace: knative-serving - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" -spec: - selector: - matchLabels: - app: domainmapping-webhook - role: domainmapping-webhook - template: - metadata: - labels: - app: domainmapping-webhook - role: domainmapping-webhook - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: domainmapping-webhook - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: domainmapping-webhook - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping-webhook@sha256:24487db5e99598c12dfc76338d5325807c66cf8b6419e584454caedc010681f5 - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 500m - memory: 500Mi - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: WEBHOOK_PORT - value: "8443" - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: https-webhook - containerPort: 8443 - readinessProbe: - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - livenessProbe: - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - failureThreshold: 6 - initialDelaySeconds: 20 - # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently - # high value that we respect whatever value it has configured for the lame duck grace period. - terminationGracePeriodSeconds: 300 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - role: domainmapping-webhook - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" - name: domainmapping-webhook - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: https-webhook - port: 443 - targetPort: 8443 - selector: - app: domainmapping-webhook - role: domainmapping-webhook - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: webhook - namespace: knative-serving - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" -spec: - minReplicas: 1 - maxReplicas: 5 - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: webhook - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - # Percentage of the requested CPU - averageUtilization: 100 ---- -# Webhook PDB. -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: webhook-pdb - namespace: knative-serving - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" -spec: - minAvailable: 80% - selector: - matchLabels: - app: webhook - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: webhook - namespace: knative-serving - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-serving -spec: - selector: - matchLabels: - app: webhook - role: webhook - template: - metadata: - labels: - app: webhook - role: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-serving - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: webhook - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: webhook - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/webhook@sha256:88909e3318a73dbb14036424c24710f37ed1ff7fd82dbd79ac9ad602296b4fc9 - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 500m - memory: 500Mi - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: WEBHOOK_NAME - value: webhook - - name: WEBHOOK_PORT - value: "8443" - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/internal/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: https-webhook - containerPort: 8443 - readinessProbe: - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - livenessProbe: - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - failureThreshold: 6 - initialDelaySeconds: 20 - # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently - # high value that we respect whatever value it has configured for the lame duck grace period. - terminationGracePeriodSeconds: 300 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - role: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/version: "1.10.3" - app.kubernetes.io/name: knative-serving - name: webhook - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: https-webhook - port: 443 - targetPort: 8443 - selector: - app: webhook - role: webhook - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: config.webhook.serving.knative.dev - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: config.webhook.serving.knative.dev - objectSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: ["knative-serving"] - - key: app.kubernetes.io/component - operator: In - values: ["autoscaler", "controller", "logging", "networking", "observability", "tracing"] - timeoutSeconds: 10 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: webhook.serving.knative.dev - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: webhook.serving.knative.dev - timeoutSeconds: 10 - rules: - - apiGroups: - - autoscaling.internal.knative.dev - - networking.internal.knative.dev - - serving.knative.dev - apiVersions: - - "*" - operations: - - CREATE - - UPDATE - scope: "*" - resources: - - metrics - - podautoscalers - - certificates - - ingresses - - serverlessservices - - configurations - - revisions - - routes - - services - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: webhook.domainmapping.serving.knative.dev - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: domainmapping-webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: webhook.domainmapping.serving.knative.dev - timeoutSeconds: 10 - rules: - - apiGroups: - - serving.knative.dev - apiVersions: - - "*" - operations: - - CREATE - - UPDATE - scope: "*" - resources: - - domainmappings - - domainmappings/status - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: domainmapping-webhook-certs - namespace: knative-serving - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" -# The data is populated at install time. - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validation.webhook.domainmapping.serving.knative.dev - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: domainmapping-webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: validation.webhook.domainmapping.serving.knative.dev - timeoutSeconds: 10 - rules: - - apiGroups: - - serving.knative.dev - apiVersions: - - "*" - operations: - - CREATE - - UPDATE - - DELETE - scope: "*" - resources: - - domainmappings - - domainmappings/status - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validation.webhook.serving.knative.dev - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: validation.webhook.serving.knative.dev - timeoutSeconds: 10 - rules: - - apiGroups: - - autoscaling.internal.knative.dev - - networking.internal.knative.dev - - serving.knative.dev - apiVersions: - - "*" - operations: - - CREATE - - UPDATE - - DELETE - scope: "*" - resources: - - metrics - - podautoscalers - - certificates - - ingresses - - serverlessservices - - configurations - - revisions - - routes - - services - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: webhook-certs - namespace: knative-serving - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" -# The data is populated at install time. - ---- diff --git a/cmd/operator/kodata/knative-serving/1.10.3/3-serving-hpa.yaml b/cmd/operator/kodata/knative-serving/1.10.3/3-serving-hpa.yaml deleted file mode 100644 index fd7ab1a875..0000000000 --- a/cmd/operator/kodata/knative-serving/1.10.3/3-serving-hpa.yaml +++ /dev/null @@ -1,126 +0,0 @@ -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: autoscaler-hpa - namespace: knative-serving - labels: - autoscaling.knative.dev/autoscaler-provider: hpa - app.kubernetes.io/component: autoscaler-hpa - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" -spec: - selector: - matchLabels: - app: autoscaler-hpa - template: - metadata: - labels: - app: autoscaler-hpa - app.kubernetes.io/component: autoscaler-hpa - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: autoscaler-hpa - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: autoscaler-hpa - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler-hpa@sha256:8ceafac5542a75246d3566535a9c6e2b692c7d88d06c806a6f95aa6da9fd25ec - resources: - requests: - cpu: 30m - memory: 40Mi - limits: - cpu: 300m - memory: 400Mi - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - livenessProbe: - httpGet: - path: /health - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 5 - readinessProbe: - httpGet: - path: /readiness - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 5 - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: probes - containerPort: 8080 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: autoscaler-hpa - autoscaling.knative.dev/autoscaler-provider: hpa - app.kubernetes.io/component: autoscaler-hpa - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.3" - name: autoscaler-hpa - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - selector: - app: autoscaler-hpa - ---- diff --git a/cmd/operator/kodata/knative-serving/1.10.4/1-serving-crds.yaml b/cmd/operator/kodata/knative-serving/1.10.4/1-serving-crds.yaml deleted file mode 100644 index ea6ee1f89e..0000000000 --- a/cmd/operator/kodata/knative-serving/1.10.4/1-serving-crds.yaml +++ /dev/null @@ -1,4260 +0,0 @@ -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: certificates.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.4" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Certificate is responsible for provisioning a SSL certificate for the given hosts. It is a Knative abstraction for various SSL certificate provisioning solutions (such as cert-manager or self-signed SSL certificate). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the Certificate. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - dnsNames - - secretName - properties: - dnsNames: - description: DNSNames is a list of DNS names the Certificate could support. The wildcard format of DNSNames (e.g. *.default.example.com) is supported. - type: array - items: - type: string - domain: - description: Domain is the top level domain of the values for DNSNames. - type: string - secretName: - description: SecretName is the name of the secret resource to store the SSL certificate in. - type: string - status: - description: 'Status is the current state of the Certificate. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - http01Challenges: - description: HTTP01Challenges is a list of HTTP01 challenges that need to be fulfilled in order to get the TLS certificate.. - type: array - items: - description: HTTP01Challenge defines the status of a HTTP01 challenge that a certificate needs to fulfill. - type: object - properties: - serviceName: - description: ServiceName is the name of the service to serve HTTP01 challenge requests. - type: string - serviceNamespace: - description: ServiceNamespace is the namespace of the service to serve HTTP01 challenge requests. - type: string - servicePort: - description: ServicePort is the port of the service to serve HTTP01 challenge requests. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - url: - description: URL is the URL that the HTTP01 challenge is expected to serve on. - type: string - notAfter: - description: The expiration time of the TLS certificate stored in the secret named by this resource in spec.secretName. - type: string - format: date-time - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Certificate - plural: certificates - singular: certificate - categories: - - knative-internal - - networking - shortNames: - - kcert - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: configurations.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" - knative.dev/crd-install: "true" - duck.knative.dev/podspecable: "true" -spec: - group: serving.knative.dev - names: - kind: Configuration - plural: configurations - singular: configuration - categories: - - all - - knative - - serving - shortNames: - - config - - cfg - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: LatestCreated - type: string - jsonPath: .status.latestCreatedRevisionName - - name: LatestReady - type: string - jsonPath: .status.latestReadyRevisionName - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'Configuration represents the "floating HEAD" of a linear history of Revisions. Users create new Revisions by updating the Configuration''s spec. The "latest created" revision''s name is available under status, as is the "latest ready" revision''s name. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#configuration' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConfigurationSpec holds the desired state of the Configuration (from the client). - type: object - properties: - template: - description: Template holds the latest specification for the Revision to be stamped out. - type: object - properties: - metadata: - type: object - properties: - annotations: - type: object - additionalProperties: - type: string - finalizers: - type: array - items: - type: string - labels: - type: object - additionalProperties: - type: string - name: - type: string - namespace: - type: string - x-kubernetes-preserve-unknown-fields: true - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - status: - description: ConfigurationStatus communicates the observed state of the Configuration (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - latestCreatedRevisionName: - description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. - type: string - latestReadyRevisionName: - description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterdomainclaims.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.4" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: ClusterDomainClaim is a cluster-wide reservation for a particular domain name. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the ClusterDomainClaim. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - namespace - properties: - namespace: - description: Namespace is the namespace which is allowed to create a DomainMapping using this ClusterDomainClaim's name. - type: string - names: - kind: ClusterDomainClaim - plural: clusterdomainclaims - singular: clusterdomainclaim - categories: - - knative-internal - - networking - shortNames: - - cdc - scope: Cluster - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: domainmappings.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" - knative.dev/crd-install: "true" -spec: - group: serving.knative.dev - versions: - - name: v1beta1 - served: true - storage: false - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - "schema": - "openAPIV3Schema": - description: DomainMapping is a mapping from a custom hostname to an Addressable. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - ref - properties: - ref: - description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." - type: object - required: - - kind - - name - properties: - address: - description: Address points to a specific Address Name. - type: string - apiVersion: - description: API version of the referent. - type: string - group: - description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - tls: - description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. - type: object - required: - - secretName - properties: - secretName: - description: SecretName is the name of the existing secret used to terminate TLS traffic. - type: string - status: - description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - address: - description: Address holds the information needed for a DomainMapping to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - url: - description: URL is the URL of this DomainMapping. - type: string - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: DomainMapping is a mapping from a custom hostname to an Addressable. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - ref - properties: - ref: - description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." - type: object - required: - - kind - - name - properties: - address: - description: Address points to a specific Address Name. - type: string - apiVersion: - description: API version of the referent. - type: string - group: - description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - tls: - description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. - type: object - required: - - secretName - properties: - secretName: - description: SecretName is the name of the existing secret used to terminate TLS traffic. - type: string - status: - description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - address: - description: Address holds the information needed for a DomainMapping to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - url: - description: URL is the URL of this DomainMapping. - type: string - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: DomainMapping - plural: domainmappings - singular: domainmapping - categories: - - all - - knative - - serving - shortNames: - - dm - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ingresses.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.4" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: "Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable URLs, load balance traffic, offer name based virtual hosting, etc. \n This is heavily based on K8s Ingress https://godoc.org/k8s.io/api/networking/v1beta1#Ingress which some highlighted modifications." - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the Ingress. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - httpOption: - description: 'HTTPOption is the option of HTTP. It has the following two values: `HTTPOptionEnabled`, `HTTPOptionRedirected`' - type: string - rules: - description: A list of host rules used to configure the Ingress. - type: array - items: - description: IngressRule represents the rules mapping the paths under a specified host to the related backend services. Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching IngressRuleValue. - type: object - properties: - hosts: - description: 'Host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the "host" part of the URI as defined in the RFC: 1. IPs are not allowed. Currently a rule value can only apply to the IP in the Spec of the parent . 2. The `:` delimiter is not respected because ports are not allowed. Currently the port of an Ingress is implicitly :80 for http and :443 for https. Both these may change in the future. If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue. If multiple matching Hosts were provided, the first rule will take precedent.' - type: array - items: - type: string - http: - description: HTTP represents a rule to apply against incoming requests. If the rule is satisfied, the request is routed to the specified backend. - type: object - required: - - paths - properties: - paths: - description: "A collection of paths that map requests to backends. \n If they are multiple matching paths, the first match takes precedence." - type: array - items: - description: HTTPIngressPath associates a path regex with a backend. Incoming URLs matching the path are forwarded to the backend. - type: object - required: - - splits - properties: - appendHeaders: - description: "AppendHeaders allow specifying additional HTTP headers to add before forwarding a request to the destination service. \n NOTE: This differs from K8s Ingress which doesn't allow header appending." - type: object - additionalProperties: - type: string - headers: - description: Headers defines header matching rules which is a map from a header name to HeaderMatch which specify a matching condition. When a request matched with all the header matching rules, the request is routed by the corresponding ingress rule. If it is empty, the headers are not used for matching - type: object - additionalProperties: - description: HeaderMatch represents a matching value of Headers in HTTPIngressPath. Currently, only the exact matching is supported. - type: object - required: - - exact - properties: - exact: - type: string - path: - description: Path represents a literal prefix to which this rule should apply. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/'. If unspecified, the path defaults to a catch all sending traffic to the backend. - type: string - rewriteHost: - description: "RewriteHost rewrites the incoming request's host header. \n This field is currently experimental and not supported by all Ingress implementations." - type: string - splits: - description: Splits defines the referenced service endpoints to which the traffic will be forwarded to. - type: array - items: - description: IngressBackendSplit describes all endpoints for a given service and port. - type: object - required: - - serviceName - - serviceNamespace - - servicePort - properties: - appendHeaders: - description: "AppendHeaders allow specifying additional HTTP headers to add before forwarding a request to the destination service. \n NOTE: This differs from K8s Ingress which doesn't allow header appending." - type: object - additionalProperties: - type: string - percent: - description: "Specifies the split percentage, a number between 0 and 100. If only one split is specified, we default to 100. \n NOTE: This differs from K8s Ingress to allow percentage split." - type: integer - serviceName: - description: Specifies the name of the referenced service. - type: string - serviceNamespace: - description: "Specifies the namespace of the referenced service. \n NOTE: This differs from K8s Ingress to allow routing to different namespaces." - type: string - servicePort: - description: Specifies the port of the referenced service. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - visibility: - description: Visibility signifies whether this rule should `ClusterLocal`. If it's not specified then it defaults to `ExternalIP`. - type: string - tls: - description: 'TLS configuration. Currently Ingress only supports a single TLS port: 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI.' - type: array - items: - description: IngressTLS describes the transport layer security associated with an Ingress. - type: object - properties: - hosts: - description: Hosts is a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified. - type: array - items: - type: string - secretName: - description: SecretName is the name of the secret used to terminate SSL traffic. - type: string - secretNamespace: - description: SecretNamespace is the namespace of the secret used to terminate SSL traffic. If not set the namespace should be assumed to be the same as the Ingress. If set the secret should have the same namespace as the Ingress otherwise the behaviour is undefined and not supported. - type: string - status: - description: 'Status is the current state of the Ingress. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - privateLoadBalancer: - description: PrivateLoadBalancer contains the current status of the load-balancer. - type: object - properties: - ingress: - description: Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points. - type: array - items: - description: 'LoadBalancerIngressStatus represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.' - type: object - properties: - domain: - description: Domain is set for load-balancer ingress points that are DNS based (typically AWS load-balancers) - type: string - domainInternal: - description: "DomainInternal is set if there is a cluster-local DNS name to access the Ingress. \n NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local DNS name to allow routing in case of not having a mesh." - type: string - ip: - description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers) - type: string - meshOnly: - description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. - type: boolean - publicLoadBalancer: - description: PublicLoadBalancer contains the current status of the load-balancer. - type: object - properties: - ingress: - description: Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points. - type: array - items: - description: 'LoadBalancerIngressStatus represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.' - type: object - properties: - domain: - description: Domain is set for load-balancer ingress points that are DNS based (typically AWS load-balancers) - type: string - domainInternal: - description: "DomainInternal is set if there is a cluster-local DNS name to access the Ingress. \n NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local DNS name to allow routing in case of not having a mesh." - type: string - ip: - description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers) - type: string - meshOnly: - description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. - type: boolean - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: Ingress - plural: ingresses - singular: ingress - categories: - - knative-internal - - networking - shortNames: - - kingress - - king - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: metrics.autoscaling.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" - knative.dev/crd-install: "true" -spec: - group: autoscaling.internal.knative.dev - names: - kind: Metric - plural: metrics - singular: metric - categories: - - knative-internal - - autoscaling - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: Metric represents a resource to configure the metric collector with. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Metric (from the client). - type: object - required: - - panicWindow - - scrapeTarget - - stableWindow - properties: - panicWindow: - description: PanicWindow is the aggregation window for metrics where quick reactions are needed. - type: integer - format: int64 - scrapeTarget: - description: ScrapeTarget is the K8s service that publishes the metric endpoint. - type: string - stableWindow: - description: StableWindow is the aggregation window for metrics in a stable state. - type: integer - format: int64 - status: - description: Status communicates the observed state of the Metric (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: podautoscalers.autoscaling.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" - knative.dev/crd-install: "true" -spec: - group: autoscaling.internal.knative.dev - names: - kind: PodAutoscaler - plural: podautoscalers - singular: podautoscaler - categories: - - knative-internal - - autoscaling - shortNames: - - kpa - - pa - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: DesiredScale - type: integer - jsonPath: ".status.desiredScale" - - name: ActualScale - type: integer - jsonPath: ".status.actualScale" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'PodAutoscaler is a Knative abstraction that encapsulates the interface by which Knative components instantiate autoscalers. This definition is an abstraction that may be backed by multiple definitions. For more information, see the Knative Pluggability presentation: https://docs.google.com/presentation/d/19vW9HFZ6Puxt31biNZF3uLRejDmu82rxJIk1cWmxF7w/edit' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the PodAutoscaler (from the client). - type: object - required: - - protocolType - - scaleTargetRef - properties: - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means unlimited concurrency. - type: integer - format: int64 - protocolType: - description: The application-layer protocol. Matches `ProtocolType` inferred from the revision spec. - type: string - reachability: - description: Reachability specifies whether or not the `ScaleTargetRef` can be reached (ie. has a route). Defaults to `ReachabilityUnknown` - type: string - scaleTargetRef: - description: ScaleTargetRef defines the /scale-able resource that this PodAutoscaler is responsible for quickly right-sizing. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - x-kubernetes-map-type: atomic - status: - description: Status communicates the observed state of the PodAutoscaler (from the controller). - type: object - required: - - metricsServiceName - - serviceName - properties: - actualScale: - description: ActualScale shows the actual number of replicas for the revision. - type: integer - format: int32 - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - desiredScale: - description: DesiredScale shows the current desired number of replicas for the revision. - type: integer - format: int32 - metricsServiceName: - description: MetricsServiceName is the K8s Service name that provides revision metrics. The service is managed by the PA object. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - serviceName: - description: ServiceName is the K8s Service name that serves the revision, scaled by this PA. The service is created and owned by the ServerlessService object owned by this PA. - type: string - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: revisions.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" - knative.dev/crd-install: "true" -spec: - group: serving.knative.dev - names: - kind: Revision - plural: revisions - singular: revision - categories: - - all - - knative - - serving - shortNames: - - rev - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Config Name - type: string - jsonPath: ".metadata.labels['serving\\.knative\\.dev/configuration']" - - name: K8s Service Name - type: string - jsonPath: ".status.serviceName" - - name: Generation - type: string # int in string form :( - jsonPath: ".metadata.labels['serving\\.knative\\.dev/configurationGeneration']" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - name: Actual Replicas - type: integer - jsonPath: ".status.actualReplicas" - - name: Desired Replicas - type: integer - jsonPath: ".status.desiredReplicas" - schema: - openAPIV3Schema: - description: "Revision is an immutable snapshot of code and configuration. A revision references a container image. Revisions are created by updates to a Configuration. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#revision" - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - status: - description: RevisionStatus communicates the observed state of the Revision (from the controller). - type: object - properties: - actualReplicas: - description: ActualReplicas reflects the amount of ready pods running this revision. - type: integer - format: int32 - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - containerStatuses: - description: 'ContainerStatuses is a slice of images present in .Spec.Container[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' - type: array - items: - description: ContainerStatus holds the information of container name and image digest value - type: object - properties: - imageDigest: - type: string - name: - type: string - desiredReplicas: - description: DesiredReplicas reflects the desired amount of pods running this revision. - type: integer - format: int32 - initContainerStatuses: - description: 'InitContainerStatuses is a slice of images present in .Spec.InitContainer[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' - type: array - items: - description: ContainerStatus holds the information of container name and image digest value - type: object - properties: - imageDigest: - type: string - name: - type: string - logUrl: - description: LogURL specifies the generated logging url for this particular revision based on the revision url template specified in the controller's config. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: routes.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" -spec: - group: serving.knative.dev - names: - kind: Route - plural: routes - singular: route - categories: - - all - - knative - - serving - shortNames: - - rt - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'Route is responsible for configuring ingress over a collection of Revisions. Some of the Revisions a Route distributes traffic over may be specified by referencing the Configuration responsible for creating them; in these cases the Route is additionally responsible for monitoring the Configuration for "latest ready revision" changes, and smoothly rolling out latest revisions. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#route' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Route (from the client). - type: object - properties: - traffic: - description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - status: - description: Status communicates the observed state of the Route (from the controller). - type: object - properties: - address: - description: Address holds the information needed for a Route to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - traffic: - description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - url: - description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} - type: string - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: serverlessservices.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.4" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'ServerlessService is a proxy for the K8s service objects containing the endpoints for the revision, whether those are endpoints of the activator or revision pods. See: https://knative.page.link/naxz for details.' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the ServerlessService. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - objectRef - - protocolType - properties: - mode: - description: Mode describes the mode of operation of the ServerlessService. - type: string - numActivators: - description: NumActivators contains number of Activators that this revision should be assigned. O means — assign all. - type: integer - format: int32 - objectRef: - description: ObjectRef defines the resource that this ServerlessService is responsible for making "serverless". - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - x-kubernetes-map-type: atomic - protocolType: - description: The application-layer protocol. Matches `RevisionProtocolType` set on the owning pa/revision. serving imports networking, so just use string. - type: string - status: - description: 'Status is the current state of the ServerlessService. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - privateServiceName: - description: PrivateServiceName holds the name of a core K8s Service resource that load balances over the user service pods backing this Revision. - type: string - serviceName: - description: ServiceName holds the name of a core K8s Service resource that load balances over the pods backing this Revision (activator or revision). - type: string - additionalPrinterColumns: - - name: Mode - type: string - jsonPath: ".spec.mode" - - name: Activators - type: integer - jsonPath: ".spec.numActivators" - - name: ServiceName - type: string - jsonPath: ".status.serviceName" - - name: PrivateServiceName - type: string - jsonPath: ".status.privateServiceName" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: ServerlessService - plural: serverlessservices - singular: serverlessservice - categories: - - knative-internal - - networking - shortNames: - - sks - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: services.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - duck.knative.dev/podspecable: "true" -spec: - group: serving.knative.dev - names: - kind: Service - plural: services - singular: service - categories: - - all - - knative - - serving - shortNames: - - kservice - - ksvc - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: LatestCreated - type: string - jsonPath: .status.latestCreatedRevisionName - - name: LatestReady - type: string - jsonPath: .status.latestReadyRevisionName - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: "Service acts as a top-level container that manages a Route and Configuration which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership. Service acts only as an orchestrator of the underlying Routes and Configurations (much as a kubernetes Deployment orchestrates ReplicaSets), and its usage is optional but recommended. \n The Service's controller will track the statuses of its owned Configuration and Route, reflecting their statuses and conditions as its own. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#service" - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ServiceSpec represents the configuration for the Service object. A Service's specification is the union of the specifications for a Route and Configuration. The Service restricts what can be expressed in these fields, e.g. the Route must reference the provided Configuration; however, these limitations also enable friendlier defaulting, e.g. Route never needs a Configuration name, and may be defaulted to the appropriate "run latest" spec. - type: object - properties: - template: - description: Template holds the latest specification for the Revision to be stamped out. - type: object - properties: - metadata: - type: object - properties: - annotations: - type: object - additionalProperties: - type: string - finalizers: - type: array - items: - type: string - labels: - type: object - additionalProperties: - type: string - name: - type: string - namespace: - type: string - x-kubernetes-preserve-unknown-fields: true - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - traffic: - description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - status: - description: ServiceStatus represents the Status stanza of the Service resource. - type: object - properties: - address: - description: Address holds the information needed for a Route to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - latestCreatedRevisionName: - description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. - type: string - latestReadyRevisionName: - description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - traffic: - description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - url: - description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} - type: string - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: images.caching.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" - knative.dev/crd-install: "true" -spec: - group: caching.internal.knative.dev - names: - kind: Image - plural: images - singular: image - categories: - - knative-internal - - caching - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Image is a Knative abstraction that encapsulates the interface by which Knative components express a desire to have a particular image cached. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Image (from the client). - type: object - required: - - image - properties: - image: - description: Image is the name of the container image url to cache across the cluster. - type: string - imagePullSecrets: - description: ImagePullSecrets contains the names of the Kubernetes Secrets containing login information used by the Pods which will run this container. - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - serviceAccountName: - description: 'ServiceAccountName is the name of the Kubernetes ServiceAccount as which the Pods will run this container. This is potentially used to authenticate the image pull if the service account has attached pull secrets. For more information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account' - type: string - status: - description: Status communicates the observed state of the Image (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: Image - type: string - jsonPath: .spec.image - ---- diff --git a/cmd/operator/kodata/knative-serving/1.10.4/2-serving-core.yaml b/cmd/operator/kodata/knative-serving/1.10.4/2-serving-core.yaml deleted file mode 100644 index 78976c77db..0000000000 --- a/cmd/operator/kodata/knative-serving/1.10.4/2-serving-core.yaml +++ /dev/null @@ -1,7191 +0,0 @@ -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Namespace -metadata: - name: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Use this aggregated ClusterRole when you need readonly access to "Addressables" -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - # Named like this to avoid clashing with eventing's existing `addressable-resolver` role - # (which should be identical, but isn't guaranteed to be installed alongside serving). - name: knative-serving-aggregated-addressable-resolver - labels: - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-serving -aggregationRule: - clusterRoleSelectors: - - matchLabels: - duck.knative.dev/addressable: "true" ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-addressable-resolver - labels: - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-serving - # Labeled to facilitate aggregated cluster roles that act on Addressables. - duck.knative.dev/addressable: "true" -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - serving.knative.dev - resources: - - routes - - routes/status - - services - - services/status - verbs: - - get - - list - - watch - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-namespaced-admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-serving -rules: - - apiGroups: ["serving.knative.dev"] - resources: ["*"] - verbs: ["*"] - - apiGroups: ["networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] - resources: ["*"] - verbs: ["get", "list", "watch"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-namespaced-edit - labels: - rbac.authorization.k8s.io/aggregate-to-edit: "true" - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-serving -rules: - - apiGroups: ["serving.knative.dev"] - resources: ["*"] - verbs: ["create", "update", "patch", "delete"] - - apiGroups: ["networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] - resources: ["*"] - verbs: ["get", "list", "watch"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-namespaced-view - labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-serving -rules: - - apiGroups: ["serving.knative.dev", "networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] - resources: ["*"] - verbs: ["get", "list", "watch"] - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-core - labels: - serving.knative.dev/controller: "true" - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-serving -rules: - - apiGroups: [""] - resources: ["pods", "namespaces", "secrets", "configmaps", "endpoints", "services", "events", "serviceaccounts"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: [""] - resources: ["endpoints/restricted"] # Permission for RestrictedEndpointsAdmission - verbs: ["create"] - - apiGroups: [""] - resources: ["namespaces/finalizers"] # finalizers are needed for the owner reference of the webhook - verbs: ["update"] - - apiGroups: ["apps"] - resources: ["deployments", "deployments/finalizers"] # finalizers are needed for the owner reference of the webhook - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions", "customresourcedefinitions/status"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["autoscaling"] - resources: ["horizontalpodautoscalers"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["serving.knative.dev", "autoscaling.internal.knative.dev", "networking.internal.knative.dev"] - resources: ["*", "*/status", "*/finalizers"] - verbs: ["get", "list", "create", "update", "delete", "deletecollection", "patch", "watch"] - - apiGroups: ["caching.internal.knative.dev"] - resources: ["images"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-podspecable-binding - labels: - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-serving - # Labeled to facilitate aggregated cluster roles that act on PodSpecables. - duck.knative.dev/podspecable: "true" -# Do not use this role directly. These rules will be added to the "podspecable-binder" role. -rules: - - apiGroups: - - serving.knative.dev - resources: - - configurations - - services - verbs: - - list - - watch - - patch - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: controller - namespace: knative-serving - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-admin - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" -aggregationRule: - clusterRoleSelectors: - - matchLabels: - serving.knative.dev/controller: "true" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-serving-controller-admin - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" -subjects: - - kind: ServiceAccount - name: controller - namespace: knative-serving -roleRef: - kind: ClusterRole - name: knative-serving-admin - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-serving-controller-addressable-resolver - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" -subjects: - - kind: ServiceAccount - name: controller - namespace: knative-serving -roleRef: - kind: ClusterRole - name: knative-serving-aggregated-addressable-resolver - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: images.caching.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" - knative.dev/crd-install: "true" -spec: - group: caching.internal.knative.dev - names: - kind: Image - plural: images - singular: image - categories: - - knative-internal - - caching - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Image is a Knative abstraction that encapsulates the interface by which Knative components express a desire to have a particular image cached. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Image (from the client). - type: object - required: - - image - properties: - image: - description: Image is the name of the container image url to cache across the cluster. - type: string - imagePullSecrets: - description: ImagePullSecrets contains the names of the Kubernetes Secrets containing login information used by the Pods which will run this container. - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - serviceAccountName: - description: 'ServiceAccountName is the name of the Kubernetes ServiceAccount as which the Pods will run this container. This is potentially used to authenticate the image pull if the service account has attached pull secrets. For more information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account' - type: string - status: - description: Status communicates the observed state of the Image (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: Image - type: string - jsonPath: .spec.image - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: certificates.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.4" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Certificate is responsible for provisioning a SSL certificate for the given hosts. It is a Knative abstraction for various SSL certificate provisioning solutions (such as cert-manager or self-signed SSL certificate). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the Certificate. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - dnsNames - - secretName - properties: - dnsNames: - description: DNSNames is a list of DNS names the Certificate could support. The wildcard format of DNSNames (e.g. *.default.example.com) is supported. - type: array - items: - type: string - domain: - description: Domain is the top level domain of the values for DNSNames. - type: string - secretName: - description: SecretName is the name of the secret resource to store the SSL certificate in. - type: string - status: - description: 'Status is the current state of the Certificate. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - http01Challenges: - description: HTTP01Challenges is a list of HTTP01 challenges that need to be fulfilled in order to get the TLS certificate.. - type: array - items: - description: HTTP01Challenge defines the status of a HTTP01 challenge that a certificate needs to fulfill. - type: object - properties: - serviceName: - description: ServiceName is the name of the service to serve HTTP01 challenge requests. - type: string - serviceNamespace: - description: ServiceNamespace is the namespace of the service to serve HTTP01 challenge requests. - type: string - servicePort: - description: ServicePort is the port of the service to serve HTTP01 challenge requests. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - url: - description: URL is the URL that the HTTP01 challenge is expected to serve on. - type: string - notAfter: - description: The expiration time of the TLS certificate stored in the secret named by this resource in spec.secretName. - type: string - format: date-time - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Certificate - plural: certificates - singular: certificate - categories: - - knative-internal - - networking - shortNames: - - kcert - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: configurations.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" - knative.dev/crd-install: "true" - duck.knative.dev/podspecable: "true" -spec: - group: serving.knative.dev - names: - kind: Configuration - plural: configurations - singular: configuration - categories: - - all - - knative - - serving - shortNames: - - config - - cfg - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: LatestCreated - type: string - jsonPath: .status.latestCreatedRevisionName - - name: LatestReady - type: string - jsonPath: .status.latestReadyRevisionName - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'Configuration represents the "floating HEAD" of a linear history of Revisions. Users create new Revisions by updating the Configuration''s spec. The "latest created" revision''s name is available under status, as is the "latest ready" revision''s name. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#configuration' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConfigurationSpec holds the desired state of the Configuration (from the client). - type: object - properties: - template: - description: Template holds the latest specification for the Revision to be stamped out. - type: object - properties: - metadata: - type: object - properties: - annotations: - type: object - additionalProperties: - type: string - finalizers: - type: array - items: - type: string - labels: - type: object - additionalProperties: - type: string - name: - type: string - namespace: - type: string - x-kubernetes-preserve-unknown-fields: true - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - status: - description: ConfigurationStatus communicates the observed state of the Configuration (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - latestCreatedRevisionName: - description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. - type: string - latestReadyRevisionName: - description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterdomainclaims.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.4" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: ClusterDomainClaim is a cluster-wide reservation for a particular domain name. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the ClusterDomainClaim. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - namespace - properties: - namespace: - description: Namespace is the namespace which is allowed to create a DomainMapping using this ClusterDomainClaim's name. - type: string - names: - kind: ClusterDomainClaim - plural: clusterdomainclaims - singular: clusterdomainclaim - categories: - - knative-internal - - networking - shortNames: - - cdc - scope: Cluster - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: domainmappings.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" - knative.dev/crd-install: "true" -spec: - group: serving.knative.dev - versions: - - name: v1beta1 - served: true - storage: false - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - "schema": - "openAPIV3Schema": - description: DomainMapping is a mapping from a custom hostname to an Addressable. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - ref - properties: - ref: - description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." - type: object - required: - - kind - - name - properties: - address: - description: Address points to a specific Address Name. - type: string - apiVersion: - description: API version of the referent. - type: string - group: - description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - tls: - description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. - type: object - required: - - secretName - properties: - secretName: - description: SecretName is the name of the existing secret used to terminate TLS traffic. - type: string - status: - description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - address: - description: Address holds the information needed for a DomainMapping to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - url: - description: URL is the URL of this DomainMapping. - type: string - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: DomainMapping is a mapping from a custom hostname to an Addressable. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - ref - properties: - ref: - description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." - type: object - required: - - kind - - name - properties: - address: - description: Address points to a specific Address Name. - type: string - apiVersion: - description: API version of the referent. - type: string - group: - description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - tls: - description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. - type: object - required: - - secretName - properties: - secretName: - description: SecretName is the name of the existing secret used to terminate TLS traffic. - type: string - status: - description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - address: - description: Address holds the information needed for a DomainMapping to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - url: - description: URL is the URL of this DomainMapping. - type: string - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: DomainMapping - plural: domainmappings - singular: domainmapping - categories: - - all - - knative - - serving - shortNames: - - dm - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ingresses.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.4" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: "Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable URLs, load balance traffic, offer name based virtual hosting, etc. \n This is heavily based on K8s Ingress https://godoc.org/k8s.io/api/networking/v1beta1#Ingress which some highlighted modifications." - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the Ingress. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - httpOption: - description: 'HTTPOption is the option of HTTP. It has the following two values: `HTTPOptionEnabled`, `HTTPOptionRedirected`' - type: string - rules: - description: A list of host rules used to configure the Ingress. - type: array - items: - description: IngressRule represents the rules mapping the paths under a specified host to the related backend services. Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching IngressRuleValue. - type: object - properties: - hosts: - description: 'Host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the "host" part of the URI as defined in the RFC: 1. IPs are not allowed. Currently a rule value can only apply to the IP in the Spec of the parent . 2. The `:` delimiter is not respected because ports are not allowed. Currently the port of an Ingress is implicitly :80 for http and :443 for https. Both these may change in the future. If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue. If multiple matching Hosts were provided, the first rule will take precedent.' - type: array - items: - type: string - http: - description: HTTP represents a rule to apply against incoming requests. If the rule is satisfied, the request is routed to the specified backend. - type: object - required: - - paths - properties: - paths: - description: "A collection of paths that map requests to backends. \n If they are multiple matching paths, the first match takes precedence." - type: array - items: - description: HTTPIngressPath associates a path regex with a backend. Incoming URLs matching the path are forwarded to the backend. - type: object - required: - - splits - properties: - appendHeaders: - description: "AppendHeaders allow specifying additional HTTP headers to add before forwarding a request to the destination service. \n NOTE: This differs from K8s Ingress which doesn't allow header appending." - type: object - additionalProperties: - type: string - headers: - description: Headers defines header matching rules which is a map from a header name to HeaderMatch which specify a matching condition. When a request matched with all the header matching rules, the request is routed by the corresponding ingress rule. If it is empty, the headers are not used for matching - type: object - additionalProperties: - description: HeaderMatch represents a matching value of Headers in HTTPIngressPath. Currently, only the exact matching is supported. - type: object - required: - - exact - properties: - exact: - type: string - path: - description: Path represents a literal prefix to which this rule should apply. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/'. If unspecified, the path defaults to a catch all sending traffic to the backend. - type: string - rewriteHost: - description: "RewriteHost rewrites the incoming request's host header. \n This field is currently experimental and not supported by all Ingress implementations." - type: string - splits: - description: Splits defines the referenced service endpoints to which the traffic will be forwarded to. - type: array - items: - description: IngressBackendSplit describes all endpoints for a given service and port. - type: object - required: - - serviceName - - serviceNamespace - - servicePort - properties: - appendHeaders: - description: "AppendHeaders allow specifying additional HTTP headers to add before forwarding a request to the destination service. \n NOTE: This differs from K8s Ingress which doesn't allow header appending." - type: object - additionalProperties: - type: string - percent: - description: "Specifies the split percentage, a number between 0 and 100. If only one split is specified, we default to 100. \n NOTE: This differs from K8s Ingress to allow percentage split." - type: integer - serviceName: - description: Specifies the name of the referenced service. - type: string - serviceNamespace: - description: "Specifies the namespace of the referenced service. \n NOTE: This differs from K8s Ingress to allow routing to different namespaces." - type: string - servicePort: - description: Specifies the port of the referenced service. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - visibility: - description: Visibility signifies whether this rule should `ClusterLocal`. If it's not specified then it defaults to `ExternalIP`. - type: string - tls: - description: 'TLS configuration. Currently Ingress only supports a single TLS port: 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI.' - type: array - items: - description: IngressTLS describes the transport layer security associated with an Ingress. - type: object - properties: - hosts: - description: Hosts is a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified. - type: array - items: - type: string - secretName: - description: SecretName is the name of the secret used to terminate SSL traffic. - type: string - secretNamespace: - description: SecretNamespace is the namespace of the secret used to terminate SSL traffic. If not set the namespace should be assumed to be the same as the Ingress. If set the secret should have the same namespace as the Ingress otherwise the behaviour is undefined and not supported. - type: string - status: - description: 'Status is the current state of the Ingress. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - privateLoadBalancer: - description: PrivateLoadBalancer contains the current status of the load-balancer. - type: object - properties: - ingress: - description: Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points. - type: array - items: - description: 'LoadBalancerIngressStatus represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.' - type: object - properties: - domain: - description: Domain is set for load-balancer ingress points that are DNS based (typically AWS load-balancers) - type: string - domainInternal: - description: "DomainInternal is set if there is a cluster-local DNS name to access the Ingress. \n NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local DNS name to allow routing in case of not having a mesh." - type: string - ip: - description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers) - type: string - meshOnly: - description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. - type: boolean - publicLoadBalancer: - description: PublicLoadBalancer contains the current status of the load-balancer. - type: object - properties: - ingress: - description: Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points. - type: array - items: - description: 'LoadBalancerIngressStatus represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.' - type: object - properties: - domain: - description: Domain is set for load-balancer ingress points that are DNS based (typically AWS load-balancers) - type: string - domainInternal: - description: "DomainInternal is set if there is a cluster-local DNS name to access the Ingress. \n NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local DNS name to allow routing in case of not having a mesh." - type: string - ip: - description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers) - type: string - meshOnly: - description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. - type: boolean - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: Ingress - plural: ingresses - singular: ingress - categories: - - knative-internal - - networking - shortNames: - - kingress - - king - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: metrics.autoscaling.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" - knative.dev/crd-install: "true" -spec: - group: autoscaling.internal.knative.dev - names: - kind: Metric - plural: metrics - singular: metric - categories: - - knative-internal - - autoscaling - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: Metric represents a resource to configure the metric collector with. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Metric (from the client). - type: object - required: - - panicWindow - - scrapeTarget - - stableWindow - properties: - panicWindow: - description: PanicWindow is the aggregation window for metrics where quick reactions are needed. - type: integer - format: int64 - scrapeTarget: - description: ScrapeTarget is the K8s service that publishes the metric endpoint. - type: string - stableWindow: - description: StableWindow is the aggregation window for metrics in a stable state. - type: integer - format: int64 - status: - description: Status communicates the observed state of the Metric (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: podautoscalers.autoscaling.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" - knative.dev/crd-install: "true" -spec: - group: autoscaling.internal.knative.dev - names: - kind: PodAutoscaler - plural: podautoscalers - singular: podautoscaler - categories: - - knative-internal - - autoscaling - shortNames: - - kpa - - pa - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: DesiredScale - type: integer - jsonPath: ".status.desiredScale" - - name: ActualScale - type: integer - jsonPath: ".status.actualScale" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'PodAutoscaler is a Knative abstraction that encapsulates the interface by which Knative components instantiate autoscalers. This definition is an abstraction that may be backed by multiple definitions. For more information, see the Knative Pluggability presentation: https://docs.google.com/presentation/d/19vW9HFZ6Puxt31biNZF3uLRejDmu82rxJIk1cWmxF7w/edit' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the PodAutoscaler (from the client). - type: object - required: - - protocolType - - scaleTargetRef - properties: - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means unlimited concurrency. - type: integer - format: int64 - protocolType: - description: The application-layer protocol. Matches `ProtocolType` inferred from the revision spec. - type: string - reachability: - description: Reachability specifies whether or not the `ScaleTargetRef` can be reached (ie. has a route). Defaults to `ReachabilityUnknown` - type: string - scaleTargetRef: - description: ScaleTargetRef defines the /scale-able resource that this PodAutoscaler is responsible for quickly right-sizing. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - x-kubernetes-map-type: atomic - status: - description: Status communicates the observed state of the PodAutoscaler (from the controller). - type: object - required: - - metricsServiceName - - serviceName - properties: - actualScale: - description: ActualScale shows the actual number of replicas for the revision. - type: integer - format: int32 - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - desiredScale: - description: DesiredScale shows the current desired number of replicas for the revision. - type: integer - format: int32 - metricsServiceName: - description: MetricsServiceName is the K8s Service name that provides revision metrics. The service is managed by the PA object. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - serviceName: - description: ServiceName is the K8s Service name that serves the revision, scaled by this PA. The service is created and owned by the ServerlessService object owned by this PA. - type: string - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: revisions.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" - knative.dev/crd-install: "true" -spec: - group: serving.knative.dev - names: - kind: Revision - plural: revisions - singular: revision - categories: - - all - - knative - - serving - shortNames: - - rev - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Config Name - type: string - jsonPath: ".metadata.labels['serving\\.knative\\.dev/configuration']" - - name: K8s Service Name - type: string - jsonPath: ".status.serviceName" - - name: Generation - type: string # int in string form :( - jsonPath: ".metadata.labels['serving\\.knative\\.dev/configurationGeneration']" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - name: Actual Replicas - type: integer - jsonPath: ".status.actualReplicas" - - name: Desired Replicas - type: integer - jsonPath: ".status.desiredReplicas" - schema: - openAPIV3Schema: - description: "Revision is an immutable snapshot of code and configuration. A revision references a container image. Revisions are created by updates to a Configuration. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#revision" - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - status: - description: RevisionStatus communicates the observed state of the Revision (from the controller). - type: object - properties: - actualReplicas: - description: ActualReplicas reflects the amount of ready pods running this revision. - type: integer - format: int32 - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - containerStatuses: - description: 'ContainerStatuses is a slice of images present in .Spec.Container[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' - type: array - items: - description: ContainerStatus holds the information of container name and image digest value - type: object - properties: - imageDigest: - type: string - name: - type: string - desiredReplicas: - description: DesiredReplicas reflects the desired amount of pods running this revision. - type: integer - format: int32 - initContainerStatuses: - description: 'InitContainerStatuses is a slice of images present in .Spec.InitContainer[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' - type: array - items: - description: ContainerStatus holds the information of container name and image digest value - type: object - properties: - imageDigest: - type: string - name: - type: string - logUrl: - description: LogURL specifies the generated logging url for this particular revision based on the revision url template specified in the controller's config. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: routes.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" -spec: - group: serving.knative.dev - names: - kind: Route - plural: routes - singular: route - categories: - - all - - knative - - serving - shortNames: - - rt - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'Route is responsible for configuring ingress over a collection of Revisions. Some of the Revisions a Route distributes traffic over may be specified by referencing the Configuration responsible for creating them; in these cases the Route is additionally responsible for monitoring the Configuration for "latest ready revision" changes, and smoothly rolling out latest revisions. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#route' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Route (from the client). - type: object - properties: - traffic: - description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - status: - description: Status communicates the observed state of the Route (from the controller). - type: object - properties: - address: - description: Address holds the information needed for a Route to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - traffic: - description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - url: - description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} - type: string - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: serverlessservices.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.4" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'ServerlessService is a proxy for the K8s service objects containing the endpoints for the revision, whether those are endpoints of the activator or revision pods. See: https://knative.page.link/naxz for details.' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the ServerlessService. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - objectRef - - protocolType - properties: - mode: - description: Mode describes the mode of operation of the ServerlessService. - type: string - numActivators: - description: NumActivators contains number of Activators that this revision should be assigned. O means — assign all. - type: integer - format: int32 - objectRef: - description: ObjectRef defines the resource that this ServerlessService is responsible for making "serverless". - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - x-kubernetes-map-type: atomic - protocolType: - description: The application-layer protocol. Matches `RevisionProtocolType` set on the owning pa/revision. serving imports networking, so just use string. - type: string - status: - description: 'Status is the current state of the ServerlessService. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - privateServiceName: - description: PrivateServiceName holds the name of a core K8s Service resource that load balances over the user service pods backing this Revision. - type: string - serviceName: - description: ServiceName holds the name of a core K8s Service resource that load balances over the pods backing this Revision (activator or revision). - type: string - additionalPrinterColumns: - - name: Mode - type: string - jsonPath: ".spec.mode" - - name: Activators - type: integer - jsonPath: ".spec.numActivators" - - name: ServiceName - type: string - jsonPath: ".status.serviceName" - - name: PrivateServiceName - type: string - jsonPath: ".status.privateServiceName" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: ServerlessService - plural: serverlessservices - singular: serverlessservice - categories: - - knative-internal - - networking - shortNames: - - sks - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: services.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - duck.knative.dev/podspecable: "true" -spec: - group: serving.knative.dev - names: - kind: Service - plural: services - singular: service - categories: - - all - - knative - - serving - shortNames: - - kservice - - ksvc - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: LatestCreated - type: string - jsonPath: .status.latestCreatedRevisionName - - name: LatestReady - type: string - jsonPath: .status.latestReadyRevisionName - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: "Service acts as a top-level container that manages a Route and Configuration which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership. Service acts only as an orchestrator of the underlying Routes and Configurations (much as a kubernetes Deployment orchestrates ReplicaSets), and its usage is optional but recommended. \n The Service's controller will track the statuses of its owned Configuration and Route, reflecting their statuses and conditions as its own. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#service" - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ServiceSpec represents the configuration for the Service object. A Service's specification is the union of the specifications for a Route and Configuration. The Service restricts what can be expressed in these fields, e.g. the Route must reference the provided Configuration; however, these limitations also enable friendlier defaulting, e.g. Route never needs a Configuration name, and may be defaulted to the appropriate "run latest" spec. - type: object - properties: - template: - description: Template holds the latest specification for the Revision to be stamped out. - type: object - properties: - metadata: - type: object - properties: - annotations: - type: object - additionalProperties: - type: string - finalizers: - type: array - items: - type: string - labels: - type: object - additionalProperties: - type: string - name: - type: string - namespace: - type: string - x-kubernetes-preserve-unknown-fields: true - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - traffic: - description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - status: - description: ServiceStatus represents the Status stanza of the Service resource. - type: object - properties: - address: - description: Address holds the information needed for a Route to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - latestCreatedRevisionName: - description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. - type: string - latestReadyRevisionName: - description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - traffic: - description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - url: - description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} - type: string - ---- -# Copyright 2022 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - # Do not drop -ctrl-ca suffix as control-protocol requires it. - # https://github.com/knative-sandbox/control-protocol/blob/main/pkg/certificates/reconciler/controller.go - name: serving-certs-ctrl-ca - namespace: knative-serving - labels: - serving-certs-ctrl: "data-plane" - networking.internal.knative.dev/certificate-uid: "serving-certs" - -# The data is populated when internal-encryption is enabled. ---- -apiVersion: v1 -kind: Secret -metadata: - name: knative-serving-certs - namespace: knative-serving - labels: - serving-certs-ctrl: "data-plane" - networking.internal.knative.dev/certificate-uid: "serving-certs" - -# The data is populated when internal-encryption is enabled. ---- -apiVersion: v1 -kind: Secret -metadata: - name: control-serving-certs - namespace: knative-serving - labels: - serving-certs-ctrl: "control-plane" - networking.internal.knative.dev/certificate-uid: "serving-certs" - -# The data is populated when internal-encryption is enabled. ---- -apiVersion: v1 -kind: Secret -metadata: - name: routing-serving-certs - namespace: knative-serving - labels: - serving-certs-ctrl: "data-plane-routing" - routing-id: "0" - networking.internal.knative.dev/certificate-uid: "serving-certs" -# The data is populated when internal-encryption is enabled. - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: caching.internal.knative.dev/v1alpha1 -kind: Image -metadata: - name: queue-proxy - namespace: knative-serving - labels: - app.kubernetes.io/component: queue-proxy - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" -spec: - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:298cae811495970a09a36f420205fb37af3be3f6d927d96176b5fafd5e7daccb - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-autoscaler - namespace: knative-serving - labels: - app.kubernetes.io/component: autoscaler - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" - annotations: - knative.dev/example-checksum: "47c2487f" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # The Revision ContainerConcurrency field specifies the maximum number - # of requests the Container can handle at once. Container concurrency - # target percentage is how much of that maximum to use in a stable - # state. E.g. if a Revision specifies ContainerConcurrency of 10, then - # the Autoscaler will try to maintain 7 concurrent connections per pod - # on average. - # Note: this limit will be applied to container concurrency set at every - # level (ConfigMap, Revision Spec or Annotation). - # For legacy and backwards compatibility reasons, this value also accepts - # fractional values in (0, 1] interval (i.e. 0.7 ⇒ 70%). - # Thus minimal percentage value must be greater than 1.0, or it will be - # treated as a fraction. - # NOTE: that this value does not affect actual number of concurrent requests - # the user container may receive, but only the average number of requests - # that the revision pods will receive. - container-concurrency-target-percentage: "70" - - # The container concurrency target default is what the Autoscaler will - # try to maintain when concurrency is used as the scaling metric for the - # Revision and the Revision specifies unlimited concurrency. - # When revision explicitly specifies container concurrency, that value - # will be used as a scaling target for autoscaler. - # When specifying unlimited concurrency, the autoscaler will - # horizontally scale the application based on this target concurrency. - # This is what we call "soft limit" in the documentation, i.e. it only - # affects number of pods and does not affect the number of requests - # individual pod processes. - # The value must be a positive number such that the value multiplied - # by container-concurrency-target-percentage is greater than 0.01. - # NOTE: that this value will be adjusted by application of - # container-concurrency-target-percentage, i.e. by default - # the system will target on average 70 concurrent requests - # per revision pod. - # NOTE: Only one metric can be used for autoscaling a Revision. - container-concurrency-target-default: "100" - - # The requests per second (RPS) target default is what the Autoscaler will - # try to maintain when RPS is used as the scaling metric for a Revision and - # the Revision specifies unlimited RPS. Even when specifying unlimited RPS, - # the autoscaler will horizontally scale the application based on this - # target RPS. - # Must be greater than 1.0. - # NOTE: Only one metric can be used for autoscaling a Revision. - requests-per-second-target-default: "200" - - # The target burst capacity specifies the size of burst in concurrent - # requests that the system operator expects the system will receive. - # Autoscaler will try to protect the system from queueing by introducing - # Activator in the request path if the current spare capacity of the - # service is less than this setting. - # If this setting is 0, then Activator will be in the request path only - # when the revision is scaled to 0. - # If this setting is > 0 and container-concurrency-target-percentage is - # 100% or 1.0, then activator will always be in the request path. - # -1 denotes unlimited target-burst-capacity and activator will always - # be in the request path. - # Other negative values are invalid. - target-burst-capacity: "211" - - # When operating in a stable mode, the autoscaler operates on the - # average concurrency over the stable window. - # Stable window must be in whole seconds. - stable-window: "60s" - - # When observed average concurrency during the panic window reaches - # panic-threshold-percentage the target concurrency, the autoscaler - # enters panic mode. When operating in panic mode, the autoscaler - # scales on the average concurrency over the panic window which is - # panic-window-percentage of the stable-window. - # Must be in the [1, 100] range. - # When computing the panic window it will be rounded to the closest - # whole second, at least 1s. - panic-window-percentage: "10.0" - - # The percentage of the container concurrency target at which to - # enter panic mode when reached within the panic window. - panic-threshold-percentage: "200.0" - - # Max scale up rate limits the rate at which the autoscaler will - # increase pod count. It is the maximum ratio of desired pods versus - # observed pods. - # Cannot be less or equal to 1. - # I.e with value of 2.0 the number of pods can at most go N to 2N - # over single Autoscaler period (2s), but at least N to - # N+1, if Autoscaler needs to scale up. - max-scale-up-rate: "1000.0" - - # Max scale down rate limits the rate at which the autoscaler will - # decrease pod count. It is the maximum ratio of observed pods versus - # desired pods. - # Cannot be less or equal to 1. - # I.e. with value of 2.0 the number of pods can at most go N to N/2 - # over single Autoscaler evaluation period (2s), but at - # least N to N-1, if Autoscaler needs to scale down. - max-scale-down-rate: "2.0" - - # Scale to zero feature flag. - enable-scale-to-zero: "true" - - # Scale to zero grace period is the time an inactive revision is left - # running before it is scaled to zero (must be positive, but recommended - # at least a few seconds if running with mesh networking). - # This is the upper limit and is provided not to enforce timeout after - # the revision stopped receiving requests for stable window, but to - # ensure network reprogramming to put activator in the path has completed. - # If the system determines that a shorter period is satisfactory, - # then the system will only wait that amount of time before scaling to 0. - # NOTE: this period might actually be 0, if activator has been - # in the request path sufficiently long. - # If there is necessity for the last pod to linger longer use - # scale-to-zero-pod-retention-period flag. - scale-to-zero-grace-period: "30s" - - # Scale to zero pod retention period defines the minimum amount - # of time the last pod will remain after Autoscaler has decided to - # scale to zero. - # This flag is for the situations where the pod startup is very expensive - # and the traffic is bursty (requiring smaller windows for fast action), - # but patchy. - # The larger of this flag and `scale-to-zero-grace-period` will effectively - # determine how the last pod will hang around. - scale-to-zero-pod-retention-period: "0s" - - # pod-autoscaler-class specifies the default pod autoscaler class - # that should be used if none is specified. If omitted, - # the Knative Pod Autoscaler (KPA) is used by default. - pod-autoscaler-class: "kpa.autoscaling.knative.dev" - - # The capacity of a single activator task. - # The `unit` is one concurrent request proxied by the activator. - # activator-capacity must be at least 1. - # This value is used for computation of the Activator subset size. - # See the algorithm here: http://bit.ly/38XiCZ3. - # TODO(vagababov): tune after actual benchmarking. - activator-capacity: "100.0" - - # initial-scale is the cluster-wide default value for the initial target - # scale of a revision after creation, unless overridden by the - # "autoscaling.knative.dev/initialScale" annotation. - # This value must be greater than 0 unless allow-zero-initial-scale is true. - initial-scale: "1" - - # allow-zero-initial-scale controls whether either the cluster-wide initial-scale flag, - # or the "autoscaling.knative.dev/initialScale" annotation, can be set to 0. - allow-zero-initial-scale: "false" - - # min-scale is the cluster-wide default value for the min scale of a revision, - # unless overridden by the "autoscaling.knative.dev/minScale" annotation. - min-scale: "0" - - # max-scale is the cluster-wide default value for the max scale of a revision, - # unless overridden by the "autoscaling.knative.dev/maxScale" annotation. - # If set to 0, the revision has no maximum scale. - max-scale: "0" - - # scale-down-delay is the amount of time that must pass at reduced - # concurrency before a scale down decision is applied. This can be useful, - # for example, to maintain replica count and avoid a cold start penalty if - # more requests come in within the scale down delay period. - # The default, 0s, imposes no delay at all. - scale-down-delay: "0s" - - # max-scale-limit sets the maximum permitted value for the max scale of a revision. - # When this is set to a positive value, a revision with a maxScale above that value - # (including a maxScale of "0" = unlimited) is disallowed. - # A value of zero (the default) allows any limit, including unlimited. - max-scale-limit: "0" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-defaults - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.4" - annotations: - knative.dev/example-checksum: "e7973912" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # revision-timeout-seconds contains the default number of - # seconds to use for the revision's per-request timeout, if - # none is specified. - revision-timeout-seconds: "300" # 5 minutes - - # max-revision-timeout-seconds contains the maximum number of - # seconds that can be used for revision-timeout-seconds. - # This value must be greater than or equal to revision-timeout-seconds. - # If omitted, the system default is used (600 seconds). - # - # If this value is increased, the activator's terminationGraceTimeSeconds - # should also be increased to prevent in-flight requests being disrupted. - max-revision-timeout-seconds: "600" # 10 minutes - - # revision-response-start-timeout-seconds contains the default number of - # seconds a request will be allowed to stay open while waiting to - # receive any bytes from the user's application, if none is specified. - # - # This defaults to 'revision-timeout-seconds' - revision-response-start-timeout-seconds: "300" - - # revision-idle-timeout-seconds contains the default number of - # seconds a request will be allowed to stay open while not receiving any - # bytes from the user's application, if none is specified. - revision-idle-timeout-seconds: "0" # infinite - - # revision-cpu-request contains the cpu allocation to assign - # to revisions by default. If omitted, no value is specified - # and the system default is used. - # Below is an example of setting revision-cpu-request. - # By default, it is not set by Knative. - revision-cpu-request: "400m" # 0.4 of a CPU (aka 400 milli-CPU) - - # revision-memory-request contains the memory allocation to assign - # to revisions by default. If omitted, no value is specified - # and the system default is used. - # Below is an example of setting revision-memory-request. - # By default, it is not set by Knative. - revision-memory-request: "100M" # 100 megabytes of memory - - # revision-ephemeral-storage-request contains the ephemeral storage - # allocation to assign to revisions by default. If omitted, no value is - # specified and the system default is used. - revision-ephemeral-storage-request: "500M" # 500 megabytes of storage - - # revision-cpu-limit contains the cpu allocation to limit - # revisions to by default. If omitted, no value is specified - # and the system default is used. - # Below is an example of setting revision-cpu-limit. - # By default, it is not set by Knative. - revision-cpu-limit: "1000m" # 1 CPU (aka 1000 milli-CPU) - - # revision-memory-limit contains the memory allocation to limit - # revisions to by default. If omitted, no value is specified - # and the system default is used. - # Below is an example of setting revision-memory-limit. - # By default, it is not set by Knative. - revision-memory-limit: "200M" # 200 megabytes of memory - - # revision-ephemeral-storage-limit contains the ephemeral storage - # allocation to limit revisions to by default. If omitted, no value is - # specified and the system default is used. - revision-ephemeral-storage-limit: "750M" # 750 megabytes of storage - - # container-name-template contains a template for the default - # container name, if none is specified. This field supports - # Go templating and is supplied with the ObjectMeta of the - # enclosing Service or Configuration, so values such as - # {{.Name}} are also valid. - container-name-template: "user-container" - - # init-container-name-template contains a template for the default - # init container name, if none is specified. This field supports - # Go templating and is supplied with the ObjectMeta of the - # enclosing Service or Configuration, so values such as - # {{.Name}} are also valid. - init-container-name-template: "init-container" - - # container-concurrency specifies the maximum number - # of requests the Container can handle at once, and requests - # above this threshold are queued. Setting a value of zero - # disables this throttling and lets through as many requests as - # the pod receives. - container-concurrency: "0" - - # The container concurrency max limit is an operator setting ensuring that - # the individual revisions cannot have arbitrary large concurrency - # values, or autoscaling targets. `container-concurrency` default setting - # must be at or below this value. - # - # Must be greater than 1. - # - # Note: even with this set, a user can choose a containerConcurrency - # of 0 (i.e. unbounded) unless allow-container-concurrency-zero is - # set to "false". - container-concurrency-max-limit: "1000" - - # allow-container-concurrency-zero controls whether users can - # specify 0 (i.e. unbounded) for containerConcurrency. - allow-container-concurrency-zero: "true" - - # enable-service-links specifies the default value used for the - # enableServiceLinks field of the PodSpec, when it is omitted by the user. - # See: https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service - # - # This is a tri-state flag with possible values of (true|false|default). - # - # In environments with large number of services it is suggested - # to set this value to `false`. - # See https://github.com/knative/serving/issues/8498. - enable-service-links: "false" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-deployment - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.4" - annotations: - knative.dev/example-checksum: "410041a0" -data: - # This is the Go import path for the binary that is containerized - # and substituted here. - queue-sidecar-image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:298cae811495970a09a36f420205fb37af3be3f6d927d96176b5fafd5e7daccb - _example: |- - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # List of repositories for which tag to digest resolving should be skipped - registries-skipping-tag-resolving: "kind.local,ko.local,dev.local" - - # Maximum time allowed for an image's digests to be resolved. - digest-resolution-timeout: "10s" - - # Duration we wait for the deployment to be ready before considering it failed. - progress-deadline: "600s" - - # Sets the queue proxy's CPU request. - # If omitted, a default value (currently "25m"), is used. - queue-sidecar-cpu-request: "25m" - - # Sets the queue proxy's CPU limit. - # If omitted, no value is specified and the system default is used. - queue-sidecar-cpu-limit: "1000m" - - # Sets the queue proxy's memory request. - # If omitted, no value is specified and the system default is used. - queue-sidecar-memory-request: "400Mi" - - # Sets the queue proxy's memory limit. - # If omitted, no value is specified and the system default is used. - queue-sidecar-memory-limit: "800Mi" - - # Sets the queue proxy's ephemeral storage request. - # If omitted, no value is specified and the system default is used. - queue-sidecar-ephemeral-storage-request: "512Mi" - - # Sets the queue proxy's ephemeral storage limit. - # If omitted, no value is specified and the system default is used. - queue-sidecar-ephemeral-storage-limit: "1024Mi" - - # Sets tokens associated with specific audiences for queue proxy - used by QPOptions - # - # For example, to add the `service-x` audience: - # queue-sidecar-token-audiences: "service-x" - # Also supports a list of audiences, for example: - # queue-sidecar-token-audiences: "service-x,service-y" - # If omitted, or empty, no tokens are created - queue-sidecar-token-audiences: "" - - # Sets rootCA for the queue proxy - used by QPOptions - # If omitted, or empty, no rootCA is added to the golang rootCAs - queue-sidecar-rootca: "" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-domain - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.4" - annotations: - knative.dev/example-checksum: "26c09de5" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # Default value for domain. - # Routes having the cluster domain suffix (by default 'svc.cluster.local') - # will not be exposed through Ingress. You can define your own label - # selector to assign that domain suffix to your Route here, or you can set - # the label - # "networking.knative.dev/visibility=cluster-local" - # to achieve the same effect. This shows how to make routes having - # the label app=secret only exposed to the local cluster. - svc.cluster.local: | - selector: - app: secret - - # These are example settings of domain. - # example.com will be used for all routes, but it is the least-specific rule so it - # will only be used if no other domain matches. - example.com: | - - # example.org will be used for routes having app=nonprofit. - example.org: | - selector: - app: nonprofit - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-features - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.4" - annotations: - knative.dev/example-checksum: "d3565159" -data: - _example: |- - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # Default SecurityContext settings to secure-by-default values - # if unset. - # - # This value will default to "enabled" in a future release, - # probably Knative 1.10 - secure-pod-defaults: "disabled" - - # Indicates whether multi container support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#multi-containers - multi-container: "enabled" - - # Indicates whether Kubernetes affinity support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-node-affinity - kubernetes.podspec-affinity: "disabled" - - # Indicates whether Kubernetes topologySpreadConstraints support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-topology-spread-constraints - kubernetes.podspec-topologyspreadconstraints: "disabled" - - # Indicates whether Kubernetes hostAliases support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-host-aliases - kubernetes.podspec-hostaliases: "disabled" - - # Indicates whether Kubernetes nodeSelector support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-node-selector - kubernetes.podspec-nodeselector: "disabled" - - # Indicates whether Kubernetes tolerations support is enabled - # - # WARNING: Cannot safely be disabled once enabled - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-toleration - kubernetes.podspec-tolerations: "disabled" - - # Indicates whether Kubernetes FieldRef support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-fieldref - kubernetes.podspec-fieldref: "disabled" - - # Indicates whether Kubernetes RuntimeClassName support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-runtime-class - kubernetes.podspec-runtimeclassname: "disabled" - - # Indicates whether Kubernetes DNSPolicy support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-dnspolicy - kubernetes.podspec-dnspolicy: "disabled" - - # Indicates whether Kubernetes DNSConfig support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-dnsconfig - kubernetes.podspec-dnsconfig: "disabled" - - # This feature allows end-users to set a subset of fields on the Pod's SecurityContext - # - # When set to "enabled" or "allowed" it allows the following - # PodSecurityContext properties: - # - FSGroup - # - RunAsGroup - # - RunAsNonRoot - # - SupplementalGroups - # - RunAsUser - # - SeccompProfile - # - # This feature flag should be used with caution as the PodSecurityContext - # properties may have a side-effect on non-user sidecar containers that come - # from Knative or your service mesh - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-security-context - kubernetes.podspec-securitycontext: "disabled" - - # Indicates whether Kubernetes PriorityClassName support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-priority-class-name - kubernetes.podspec-priorityclassname: "disabled" - - # Indicates whether Kubernetes SchedulerName support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-scheduler-name - kubernetes.podspec-schedulername: "disabled" - - # This feature flag allows end-users to add a subset of capabilities on the Pod's SecurityContext. - # - # When set to "enabled" or "allowed" it allows capabilities to be added to the container. - # For a list of possible capabilities, see https://man7.org/linux/man-pages/man7/capabilities.7.html - kubernetes.containerspec-addcapabilities: "disabled" - - # This feature validates PodSpecs from the validating webhook - # against the K8s API Server. - # - # When "enabled", the server will always run the extra validation. - # When "allowed", the server will not run the dry-run validation by default. - # However, clients may enable the behavior on an individual Service by - # attaching the following metadata annotation: "features.knative.dev/podspec-dryrun":"enabled". - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-dry-run - kubernetes.podspec-dryrun: "allowed" - - # Controls whether tag header based routing feature are enabled or not. - # 1. Enabled: enabling tag header based routing - # 2. Disabled: disabling tag header based routing - # See: https://knative.dev/docs/serving/feature-flags/#tag-header-based-routing - tag-header-based-routing: "disabled" - - # Controls whether http2 auto-detection should be enabled or not. - # 1. Enabled: http2 connection will be attempted via upgrade. - # 2. Disabled: http2 connection will only be attempted when port name is set to "h2c". - autodetect-http2: "disabled" - - # Controls whether volume support for EmptyDir is enabled or not. - # 1. Enabled: enabling EmptyDir volume support - # 2. Disabled: disabling EmptyDir volume support - kubernetes.podspec-volumes-emptydir: "enabled" - - # Controls whether init containers support is enabled or not. - # 1. Enabled: enabling init containers support - # 2. Disabled: disabling init containers support - kubernetes.podspec-init-containers: "disabled" - - # Controls whether persistent volume claim support is enabled or not. - # 1. Enabled: enabling persistent volume claim support - # 2. Disabled: disabling persistent volume claim support - kubernetes.podspec-persistent-volume-claim: "disabled" - - # Controls whether write access for persistent volumes is enabled or not. - # 1. Enabled: enabling write access for persistent volumes - # 2. Disabled: disabling write access for persistent volumes - kubernetes.podspec-persistent-volume-write: "disabled" - - # Controls if the queue proxy podInfo feature is enabled, allowed or disabled - # - # This feature should be enabled/allowed when using queue proxy Options (Extensions) - # Enabling will mount a podInfo volume to the queue proxy container. - # The volume will contains an 'annotations' file (from the pod's annotation field). - # The annotations in this file include the Service annotations set by the client creating the service. - # If mounted, the annotations can be accessed by queue proxy extensions at /etc/podinfo/annnotations - # - # 1. "enabled": always mount a podInfo volume - # 2. "disabled": never mount a podInfo volume - # 3. "allowed": by default, do not mount a podInfo volume - # However, a client may mount the podInfo volume on an individual Service by attaching - # the following metadata annotation to the Service: "features.knative.dev/queueproxy-podinfo":"enabled". - # - # NOTE THAT THIS IS AN EXPERIMENTAL / ALPHA FEATURE - queueproxy.mount-podinfo: "disabled" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-gc - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.4" - annotations: - knative.dev/example-checksum: "aa3813a8" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # --------------------------------------- - # Garbage Collector Settings - # --------------------------------------- - # - # Active - # * Revisions which are referenced by a Route are considered active. - # * Individual revisions may be marked with the annotation - # "serving.knative.dev/no-gc":"true" to be permanently considered active. - # * Active revisions are not considered for GC. - # Retention - # * Revisions are retained if they are any of the following: - # 1. Active - # 2. Were created within "retain-since-create-time" - # 3. Were last referenced by a route within - # "retain-since-last-active-time" - # 4. There are fewer than "min-non-active-revisions" - # If none of these conditions are met, or if the count of revisions exceed - # "max-non-active-revisions", they will be deleted by GC. - # The special value "disabled" may be used to turn off these limits. - # - # Example config to immediately collect any inactive revision: - # min-non-active-revisions: "0" - # max-non-active-revisions: "0" - # retain-since-create-time: "disabled" - # retain-since-last-active-time: "disabled" - # - # Example config to always keep around the last ten non-active revisions: - # retain-since-create-time: "disabled" - # retain-since-last-active-time: "disabled" - # max-non-active-revisions: "10" - # - # Example config to disable all garbage collection: - # retain-since-create-time: "disabled" - # retain-since-last-active-time: "disabled" - # max-non-active-revisions: "disabled" - # - # Example config to keep recently deployed or active revisions, - # always maintain the last two in case of rollback, and prevent - # burst activity from exploding the count of old revisions: - # retain-since-create-time: "48h" - # retain-since-last-active-time: "15h" - # min-non-active-revisions: "2" - # max-non-active-revisions: "1000" - - # Duration since creation before considering a revision for GC or "disabled". - retain-since-create-time: "48h" - - # Duration since active before considering a revision for GC or "disabled". - retain-since-last-active-time: "15h" - - # Minimum number of non-active revisions to retain. - min-non-active-revisions: "20" - - # Maximum number of non-active revisions to retain - # or "disabled" to disable any maximum limit. - max-non-active-revisions: "1000" - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-leader-election - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.4" - annotations: - knative.dev/example-checksum: "f4b71f57" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # lease-duration is how long non-leaders will wait to try to acquire the - # lock; 15 seconds is the value used by core kubernetes controllers. - lease-duration: "60s" - - # renew-deadline is how long a leader will try to renew the lease before - # giving up; 10 seconds is the value used by core kubernetes controllers. - renew-deadline: "40s" - - # retry-period is how long the leader election client waits between tries of - # actions; 2 seconds is the value used by core kubernetes controllers. - retry-period: "10s" - - # buckets is the number of buckets used to partition key space of each - # Reconciler. If this number is M and the replica number of the controller - # is N, the N replicas will compete for the M buckets. The owner of a - # bucket will take care of the reconciling for the keys partitioned into - # that bucket. - buckets: "1" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-logging - namespace: knative-serving - labels: - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/component: logging - app.kubernetes.io/name: knative-serving - annotations: - knative.dev/example-checksum: "b0f3c6f2" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # Common configuration for all Knative codebase - zap-logger-config: | - { - "level": "info", - "development": false, - "outputPaths": ["stdout"], - "errorOutputPaths": ["stderr"], - "encoding": "json", - "encoderConfig": { - "timeKey": "timestamp", - "levelKey": "severity", - "nameKey": "logger", - "callerKey": "caller", - "messageKey": "message", - "stacktraceKey": "stacktrace", - "lineEnding": "", - "levelEncoder": "", - "timeEncoder": "iso8601", - "durationEncoder": "", - "callerEncoder": "" - } - } - - # Log level overrides - # For all components except the queue proxy, - # changes are picked up immediately. - # For queue proxy, changes require recreation of the pods. - loglevel.controller: "info" - loglevel.autoscaler: "info" - loglevel.queueproxy: "info" - loglevel.webhook: "info" - loglevel.activator: "info" - loglevel.hpaautoscaler: "info" - loglevel.net-certmanager-controller: "info" - loglevel.net-istio-controller: "info" - loglevel.net-contour-controller: "info" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-network - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.4" - annotations: - knative.dev/example-checksum: "73d96d1b" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # ingress-class specifies the default ingress class - # to use when not dictated by Route annotation. - # - # If not specified, will use the Istio ingress. - # - # Note that changing the Ingress class of an existing Route - # will result in undefined behavior. Therefore it is best to only - # update this value during the setup of Knative, to avoid getting - # undefined behavior. - ingress-class: "istio.ingress.networking.knative.dev" - - # certificate-class specifies the default Certificate class - # to use when not dictated by Route annotation. - # - # If not specified, will use the Cert-Manager Certificate. - # - # Note that changing the Certificate class of an existing Route - # will result in undefined behavior. Therefore it is best to only - # update this value during the setup of Knative, to avoid getting - # undefined behavior. - certificate-class: "cert-manager.certificate.networking.knative.dev" - - # namespace-wildcard-cert-selector specifies a LabelSelector which - # determines which namespaces should have a wildcard certificate - # provisioned. - # - # Use an empty value to disable the feature (this is the default): - # namespace-wildcard-cert-selector: "" - # - # Use an empty object to enable for all namespaces - # namespace-wildcard-cert-selector: {} - # - # Useful labels include the "kubernetes.io/metadata.name" label to - # avoid provisioning a certifcate for the "kube-system" namespaces. - # Use the following selector to match pre-1.0 behavior of using - # "networking.knative.dev/disableWildcardCert" to exclude namespaces: - # - # matchExpressions: - # - key: "networking.knative.dev/disableWildcardCert" - # operator: "NotIn" - # values: ["true"] - namespace-wildcard-cert-selector: "" - - # domain-template specifies the golang text template string to use - # when constructing the Knative service's DNS name. The default - # value is "{{.Name}}.{{.Namespace}}.{{.Domain}}". - # - # Valid variables defined in the template include Name, Namespace, Domain, - # Labels, and Annotations. Name will be the result of the tagTemplate - # below, if a tag is specified for the route. - # - # Changing this value might be necessary when the extra levels in - # the domain name generated is problematic for wildcard certificates - # that only support a single level of domain name added to the - # certificate's domain. In those cases you might consider using a value - # of "{{.Name}}-{{.Namespace}}.{{.Domain}}", or removing the Namespace - # entirely from the template. When choosing a new value be thoughtful - # of the potential for conflicts - for example, when users choose to use - # characters such as `-` in their service, or namespace, names. - # {{.Annotations}} or {{.Labels}} can be used for any customization in the - # go template if needed. - # We strongly recommend keeping namespace part of the template to avoid - # domain name clashes: - # eg. '{{.Name}}-{{.Namespace}}.{{ index .Annotations "sub"}}.{{.Domain}}' - # and you have an annotation {"sub":"foo"}, then the generated template - # would be {Name}-{Namespace}.foo.{Domain} - domain-template: "{{.Name}}.{{.Namespace}}.{{.Domain}}" - - # tagTemplate specifies the golang text template string to use - # when constructing the DNS name for "tags" within the traffic blocks - # of Routes and Configuration. This is used in conjunction with the - # domainTemplate above to determine the full URL for the tag. - tag-template: "{{.Tag}}-{{.Name}}" - - # Controls whether TLS certificates are automatically provisioned and - # installed in the Knative ingress to terminate external TLS connection. - # 1. Enabled: enabling auto-TLS feature. - # 2. Disabled: disabling auto-TLS feature. - auto-tls: "Disabled" - - # Controls the behavior of the HTTP endpoint for the Knative ingress. - # It requires autoTLS to be enabled. - # 1. Enabled: The Knative ingress will be able to serve HTTP connection. - # 2. Redirected: The Knative ingress will send a 301 redirect for all - # http connections, asking the clients to use HTTPS. - # - # "Disabled" option is deprecated. - http-protocol: "Enabled" - - # rollout-duration contains the minimal duration in seconds over which the - # Configuration traffic targets are rolled out to the newest revision. - rollout-duration: "0" - - # autocreate-cluster-domain-claims controls whether ClusterDomainClaims should - # be automatically created (and deleted) as needed when DomainMappings are - # reconciled. - # - # If this is "false" (the default), the cluster administrator is - # responsible for creating ClusterDomainClaims and delegating them to - # namespaces via their spec.Namespace field. This setting should be used in - # multitenant environments which need to control which namespace can use a - # particular domain name in a domain mapping. - # - # If this is "true", users are able to associate arbitrary names with their - # services via the DomainMapping feature. - autocreate-cluster-domain-claims: "false" - - # If true, networking plugins can add additional information to deployed - # applications to make their pods directly accessible via their IPs even if mesh is - # enabled and thus direct-addressability is usually not possible. - # Consumers like Knative Serving can use this setting to adjust their behavior - # accordingly, i.e. to drop fallback solutions for non-pod-addressable systems. - # - # NOTE: This flag is in an alpha state and is mostly here to enable internal testing - # for now. Use with caution. - enable-mesh-pod-addressability: "false" - - # mesh-compatibility-mode indicates whether consumers of network plugins - # should directly contact Pod IPs (most efficient), or should use the - # Cluster IP (less efficient, needed when mesh is enabled unless - # `enable-mesh-pod-addressability`, above, is set). - # Permitted values are: - # - "auto" (default): automatically determine which mesh mode to use by trying Pod IP and falling back to Cluster IP as needed. - # - "enabled": always use Cluster IP and do not attempt to use Pod IPs. - # - "disabled": always use Pod IPs and do not fall back to Cluster IP on failure. - mesh-compatibility-mode: "auto" - - # Defines the scheme used for external URLs if autoTLS is not enabled. - # This can be used for making Knative report all URLs as "HTTPS" for example, if you're - # fronting Knative with an external loadbalancer that deals with TLS termination and - # Knative doesn't know about that otherwise. - default-external-scheme: "http" - - # internal-encryption indicates whether internal traffic is encrypted or not. - # If this is "true", the following traffic are encrypted: - # - ingress to activator - # - ingress to queue-proxy - # - activator to queue-proxy - # - # NOTE: This flag is in an alpha state and is mostly here to enable internal testing - # for now. Use with caution. - internal-encryption: "false" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-observability - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: observability - app.kubernetes.io/version: "1.10.4" - annotations: - knative.dev/example-checksum: "fed4756e" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # logging.enable-var-log-collection defaults to false. - # The fluentd daemon set will be set up to collect /var/log if - # this flag is true. - logging.enable-var-log-collection: "false" - - # logging.revision-url-template provides a template to use for producing the - # logging URL that is injected into the status of each Revision. - logging.revision-url-template: "http://logging.example.com/?revisionUID=${REVISION_UID}" - - # If non-empty, this enables queue proxy writing user request logs to stdout, excluding probe - # requests. - # NB: after 0.18 release logging.enable-request-log must be explicitly set to true - # in order for request logging to be enabled. - # - # The value determines the shape of the request logs and it must be a valid go text/template. - # It is important to keep this as a single line. Multiple lines are parsed as separate entities - # by most collection agents and will split the request logs into multiple records. - # - # The following fields and functions are available to the template: - # - # Request: An http.Request (see https://golang.org/pkg/net/http/#Request) - # representing an HTTP request received by the server. - # - # Response: - # struct { - # Code int // HTTP status code (see https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml) - # Size int // An int representing the size of the response. - # Latency float64 // A float64 representing the latency of the response in seconds. - # } - # - # Revision: - # struct { - # Name string // Knative revision name - # Namespace string // Knative revision namespace - # Service string // Knative service name - # Configuration string // Knative configuration name - # PodName string // Name of the pod hosting the revision - # PodIP string // IP of the pod hosting the revision - # } - # - logging.request-log-template: '{"httpRequest": {"requestMethod": "{{.Request.Method}}", "requestUrl": "{{js .Request.RequestURI}}", "requestSize": "{{.Request.ContentLength}}", "status": {{.Response.Code}}, "responseSize": "{{.Response.Size}}", "userAgent": "{{js .Request.UserAgent}}", "remoteIp": "{{js .Request.RemoteAddr}}", "serverIp": "{{.Revision.PodIP}}", "referer": "{{js .Request.Referer}}", "latency": "{{.Response.Latency}}s", "protocol": "{{.Request.Proto}}"}, "traceId": "{{index .Request.Header "X-B3-Traceid"}}"}' - - # If true, the request logging will be enabled. - # NB: up to and including Knative version 0.18 if logging.request-log-template is non-empty, this value - # will be ignored. - logging.enable-request-log: "false" - - # If true, this enables queue proxy writing request logs for probe requests to stdout. - # It uses the same template for user requests, i.e. logging.request-log-template. - logging.enable-probe-request-log: "false" - - # metrics.backend-destination field specifies the system metrics destination. - # It supports either prometheus (the default) or opencensus. - metrics.backend-destination: prometheus - - # metrics.request-metrics-backend-destination specifies the request metrics - # destination. It enables queue proxy to send request metrics. - # Currently supported values: prometheus (the default), opencensus. - metrics.request-metrics-backend-destination: prometheus - - # profiling.enable indicates whether it is allowed to retrieve runtime profiling data from - # the pods via an HTTP server in the format expected by the pprof visualization tool. When - # enabled, the Knative Serving pods expose the profiling data on an alternate HTTP port 8008. - # The HTTP context root for profiling is then /debug/pprof/. - profiling.enable: "false" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-tracing - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: tracing - app.kubernetes.io/version: "1.10.4" - annotations: - knative.dev/example-checksum: "26614636" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - # - # This may be "zipkin" or "none" (default) - backend: "none" - - # URL to zipkin collector where traces are sent. - # This must be specified when backend is "zipkin" - zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans" - - # Enable zipkin debug mode. This allows all spans to be sent to the server - # bypassing sampling. - debug: "false" - - # Percentage (0-1) of requests to trace - sample-rate: "0.1" - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: activator - namespace: knative-serving - labels: - app.kubernetes.io/component: activator - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" -spec: - minReplicas: 1 - maxReplicas: 20 - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: activator - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - # Percentage of the requested CPU - averageUtilization: 100 ---- -# Activator PDB. Currently we permit unavailability of 20% of tasks at the same time. -# Given the subsetting and that the activators are partially stateful systems, we want -# a slow rollout of the new versions and slow migration during node upgrades. -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: activator-pdb - namespace: knative-serving - labels: - app.kubernetes.io/component: activator - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" -spec: - minAvailable: 80% - selector: - matchLabels: - app: activator - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: activator - namespace: knative-serving - labels: - app.kubernetes.io/component: activator - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-serving -spec: - selector: - matchLabels: - app: activator - role: activator - template: - metadata: - labels: - app: activator - role: activator - app.kubernetes.io/component: activator - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" - spec: - serviceAccountName: controller - containers: - - name: activator - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/activator@sha256:c897abce2062a9fb4d59379cab84a7691ac743b5ddc3f0eb5676e5cb0c64afeb - # The numbers are based on performance test results from - # https://github.com/knative/serving/issues/1625#issuecomment-511930023 - resources: - requests: - cpu: 300m - memory: 60Mi - limits: - cpu: 1000m - memory: 600Mi - env: - # Run Activator with GC collection when newly generated memory is 500%. - - name: GOGC - value: "500" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/internal/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: http1 - containerPort: 8012 - - name: h2c - containerPort: 8013 - readinessProbe: - httpGet: - port: 8012 - httpHeaders: - - name: k-kubelet-probe - value: "activator" - periodSeconds: 5 - failureThreshold: 5 - livenessProbe: - httpGet: - port: 8012 - httpHeaders: - - name: k-kubelet-probe - value: "activator" - periodSeconds: 10 - failureThreshold: 12 - initialDelaySeconds: 15 - # The activator (often) sits on the dataplane, and may proxy long (e.g. - # streaming, websockets) requests. We give a long grace period for the - # activator to "lame duck" and drain outstanding requests before we - # forcibly terminate the pod (and outstanding connections). This value - # should be at least as large as the upper bound on the Revision's - # timeoutSeconds property to avoid servicing events disrupting - # connections. - terminationGracePeriodSeconds: 600 ---- -apiVersion: v1 -kind: Service -metadata: - name: activator-service - namespace: knative-serving - labels: - app: activator - app.kubernetes.io/component: activator - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-serving -spec: - selector: - app: activator - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: http - port: 80 - targetPort: 8012 - - name: http2 - port: 81 - targetPort: 8013 - - name: https - port: 443 - targetPort: 8112 - type: ClusterIP - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: autoscaler - namespace: knative-serving - labels: - app.kubernetes.io/component: autoscaler - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" -spec: - replicas: 1 - selector: - matchLabels: - app: autoscaler - strategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 0 - template: - metadata: - labels: - app: autoscaler - app.kubernetes.io/component: autoscaler - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: autoscaler - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: autoscaler - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler@sha256:eab96a85604170c27846519f9ae16b115aa5ef7169d440591e6b71011961b3dd - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 1000m - memory: 1000Mi - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: websocket - containerPort: 8080 - readinessProbe: - httpGet: - port: 8080 - httpHeaders: - - name: k-kubelet-probe - value: "autoscaler" - livenessProbe: - httpGet: - port: 8080 - httpHeaders: - - name: k-kubelet-probe - value: "autoscaler" - failureThreshold: 6 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: autoscaler - app.kubernetes.io/component: autoscaler - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" - name: autoscaler - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: http - port: 8080 - targetPort: 8080 - selector: - app: autoscaler - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller - namespace: knative-serving - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" -spec: - selector: - matchLabels: - app: controller - template: - metadata: - labels: - app: controller - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: controller - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: controller - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/controller@sha256:76d05c6a3927add949d54edc5a633a3aaeb01794c755bc0cee7c4651ad41a37e - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 1000m - memory: 1000Mi - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/internal/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - livenessProbe: - httpGet: - path: /health - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 6 - readinessProbe: - httpGet: - path: /readiness - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 3 - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: probes - containerPort: 8080 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: controller - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" - name: controller - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - selector: - app: controller - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: domain-mapping - namespace: knative-serving - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" -spec: - selector: - matchLabels: - app: domain-mapping - template: - metadata: - labels: - app: domain-mapping - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: domain-mapping - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: domain-mapping - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping@sha256:cc9c8c15f6f4767b6f84f6ab9a69c1996a36a16769406dbc9810f0dd20557f8c - resources: - requests: - cpu: 30m - memory: 40Mi - limits: - cpu: 300m - memory: 400Mi - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - livenessProbe: - httpGet: - path: /health - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 6 - readinessProbe: - httpGet: - path: /readiness - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 3 - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: probes - containerPort: 8080 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: domainmapping-webhook - namespace: knative-serving - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" -spec: - selector: - matchLabels: - app: domainmapping-webhook - role: domainmapping-webhook - template: - metadata: - labels: - app: domainmapping-webhook - role: domainmapping-webhook - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: domainmapping-webhook - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: domainmapping-webhook - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping-webhook@sha256:de341b257b21f033fd3534bd46f22acb354d31054a01ee3edb86c79423df74a6 - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 500m - memory: 500Mi - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: WEBHOOK_PORT - value: "8443" - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: https-webhook - containerPort: 8443 - readinessProbe: - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - livenessProbe: - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - failureThreshold: 6 - initialDelaySeconds: 20 - # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently - # high value that we respect whatever value it has configured for the lame duck grace period. - terminationGracePeriodSeconds: 300 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - role: domainmapping-webhook - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" - name: domainmapping-webhook - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: https-webhook - port: 443 - targetPort: 8443 - selector: - app: domainmapping-webhook - role: domainmapping-webhook - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: webhook - namespace: knative-serving - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" -spec: - minReplicas: 1 - maxReplicas: 5 - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: webhook - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - # Percentage of the requested CPU - averageUtilization: 100 ---- -# Webhook PDB. -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: webhook-pdb - namespace: knative-serving - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" -spec: - minAvailable: 80% - selector: - matchLabels: - app: webhook - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: webhook - namespace: knative-serving - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-serving -spec: - selector: - matchLabels: - app: webhook - role: webhook - template: - metadata: - labels: - app: webhook - role: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-serving - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: webhook - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: webhook - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/webhook@sha256:f19babdc636bbeed43138f1b668df827daf8c575189caadabd898b20ac72f9c8 - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 500m - memory: 500Mi - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: WEBHOOK_NAME - value: webhook - - name: WEBHOOK_PORT - value: "8443" - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/internal/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: https-webhook - containerPort: 8443 - readinessProbe: - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - livenessProbe: - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - failureThreshold: 6 - initialDelaySeconds: 20 - # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently - # high value that we respect whatever value it has configured for the lame duck grace period. - terminationGracePeriodSeconds: 300 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - role: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/version: "1.10.4" - app.kubernetes.io/name: knative-serving - name: webhook - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: https-webhook - port: 443 - targetPort: 8443 - selector: - app: webhook - role: webhook - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: config.webhook.serving.knative.dev - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: config.webhook.serving.knative.dev - objectSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: ["knative-serving"] - - key: app.kubernetes.io/component - operator: In - values: ["autoscaler", "controller", "logging", "networking", "observability", "tracing"] - timeoutSeconds: 10 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: webhook.serving.knative.dev - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: webhook.serving.knative.dev - timeoutSeconds: 10 - rules: - - apiGroups: - - autoscaling.internal.knative.dev - - networking.internal.knative.dev - - serving.knative.dev - apiVersions: - - "*" - operations: - - CREATE - - UPDATE - scope: "*" - resources: - - metrics - - podautoscalers - - certificates - - ingresses - - serverlessservices - - configurations - - revisions - - routes - - services - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: webhook.domainmapping.serving.knative.dev - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: domainmapping-webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: webhook.domainmapping.serving.knative.dev - timeoutSeconds: 10 - rules: - - apiGroups: - - serving.knative.dev - apiVersions: - - "*" - operations: - - CREATE - - UPDATE - scope: "*" - resources: - - domainmappings - - domainmappings/status - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: domainmapping-webhook-certs - namespace: knative-serving - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" -# The data is populated at install time. - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validation.webhook.domainmapping.serving.knative.dev - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: domainmapping-webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: validation.webhook.domainmapping.serving.knative.dev - timeoutSeconds: 10 - rules: - - apiGroups: - - serving.knative.dev - apiVersions: - - "*" - operations: - - CREATE - - UPDATE - - DELETE - scope: "*" - resources: - - domainmappings - - domainmappings/status - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validation.webhook.serving.knative.dev - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: validation.webhook.serving.knative.dev - timeoutSeconds: 10 - rules: - - apiGroups: - - autoscaling.internal.knative.dev - - networking.internal.knative.dev - - serving.knative.dev - apiVersions: - - "*" - operations: - - CREATE - - UPDATE - - DELETE - scope: "*" - resources: - - metrics - - podautoscalers - - certificates - - ingresses - - serverlessservices - - configurations - - revisions - - routes - - services - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: webhook-certs - namespace: knative-serving - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" -# The data is populated at install time. - ---- diff --git a/cmd/operator/kodata/knative-serving/1.10.4/4-serving-post-install-jobs.yaml b/cmd/operator/kodata/knative-serving/1.10.4/4-serving-post-install-jobs.yaml deleted file mode 100644 index 98ad7e7627..0000000000 --- a/cmd/operator/kodata/knative-serving/1.10.4/4-serving-post-install-jobs.yaml +++ /dev/null @@ -1,70 +0,0 @@ - ---- -# /tmp/knative.P2Oar7UR/tmp.XAnekri9V0/serving-storage-version-migration.yaml -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: batch/v1 -kind: Job -metadata: - generateName: storage-version-migration-serving- - namespace: knative-serving - labels: - app: storage-version-migration-serving - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: storage-version-migration-job - app.kubernetes.io/version: "1.10.4" -spec: - ttlSecondsAfterFinished: 600 - backoffLimit: 10 - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - labels: - app: storage-version-migration-serving - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: storage-version-migration-job - app.kubernetes.io/version: "1.10.4" - spec: - serviceAccountName: controller - restartPolicy: OnFailure - containers: - - name: migrate - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:ff9f64fe6ed97b42d207042f227d5807d50ac5a082d2ea77a4bc0df59e522fb4 - args: - - "services.serving.knative.dev" - - "configurations.serving.knative.dev" - - "revisions.serving.knative.dev" - - "routes.serving.knative.dev" - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 1000m - memory: 1000Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ---- diff --git a/cmd/operator/kodata/knative-serving/1.10.5/1-serving-crds.yaml b/cmd/operator/kodata/knative-serving/1.10.5/1-serving-crds.yaml deleted file mode 100644 index daa667e871..0000000000 --- a/cmd/operator/kodata/knative-serving/1.10.5/1-serving-crds.yaml +++ /dev/null @@ -1,4260 +0,0 @@ -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: certificates.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.5" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Certificate is responsible for provisioning a SSL certificate for the given hosts. It is a Knative abstraction for various SSL certificate provisioning solutions (such as cert-manager or self-signed SSL certificate). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the Certificate. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - dnsNames - - secretName - properties: - dnsNames: - description: DNSNames is a list of DNS names the Certificate could support. The wildcard format of DNSNames (e.g. *.default.example.com) is supported. - type: array - items: - type: string - domain: - description: Domain is the top level domain of the values for DNSNames. - type: string - secretName: - description: SecretName is the name of the secret resource to store the SSL certificate in. - type: string - status: - description: 'Status is the current state of the Certificate. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - http01Challenges: - description: HTTP01Challenges is a list of HTTP01 challenges that need to be fulfilled in order to get the TLS certificate.. - type: array - items: - description: HTTP01Challenge defines the status of a HTTP01 challenge that a certificate needs to fulfill. - type: object - properties: - serviceName: - description: ServiceName is the name of the service to serve HTTP01 challenge requests. - type: string - serviceNamespace: - description: ServiceNamespace is the namespace of the service to serve HTTP01 challenge requests. - type: string - servicePort: - description: ServicePort is the port of the service to serve HTTP01 challenge requests. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - url: - description: URL is the URL that the HTTP01 challenge is expected to serve on. - type: string - notAfter: - description: The expiration time of the TLS certificate stored in the secret named by this resource in spec.secretName. - type: string - format: date-time - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Certificate - plural: certificates - singular: certificate - categories: - - knative-internal - - networking - shortNames: - - kcert - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: configurations.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" - knative.dev/crd-install: "true" - duck.knative.dev/podspecable: "true" -spec: - group: serving.knative.dev - names: - kind: Configuration - plural: configurations - singular: configuration - categories: - - all - - knative - - serving - shortNames: - - config - - cfg - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: LatestCreated - type: string - jsonPath: .status.latestCreatedRevisionName - - name: LatestReady - type: string - jsonPath: .status.latestReadyRevisionName - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'Configuration represents the "floating HEAD" of a linear history of Revisions. Users create new Revisions by updating the Configuration''s spec. The "latest created" revision''s name is available under status, as is the "latest ready" revision''s name. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#configuration' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConfigurationSpec holds the desired state of the Configuration (from the client). - type: object - properties: - template: - description: Template holds the latest specification for the Revision to be stamped out. - type: object - properties: - metadata: - type: object - properties: - annotations: - type: object - additionalProperties: - type: string - finalizers: - type: array - items: - type: string - labels: - type: object - additionalProperties: - type: string - name: - type: string - namespace: - type: string - x-kubernetes-preserve-unknown-fields: true - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - status: - description: ConfigurationStatus communicates the observed state of the Configuration (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - latestCreatedRevisionName: - description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. - type: string - latestReadyRevisionName: - description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterdomainclaims.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.5" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: ClusterDomainClaim is a cluster-wide reservation for a particular domain name. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the ClusterDomainClaim. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - namespace - properties: - namespace: - description: Namespace is the namespace which is allowed to create a DomainMapping using this ClusterDomainClaim's name. - type: string - names: - kind: ClusterDomainClaim - plural: clusterdomainclaims - singular: clusterdomainclaim - categories: - - knative-internal - - networking - shortNames: - - cdc - scope: Cluster - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: domainmappings.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" - knative.dev/crd-install: "true" -spec: - group: serving.knative.dev - versions: - - name: v1beta1 - served: true - storage: false - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - "schema": - "openAPIV3Schema": - description: DomainMapping is a mapping from a custom hostname to an Addressable. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - ref - properties: - ref: - description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." - type: object - required: - - kind - - name - properties: - address: - description: Address points to a specific Address Name. - type: string - apiVersion: - description: API version of the referent. - type: string - group: - description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - tls: - description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. - type: object - required: - - secretName - properties: - secretName: - description: SecretName is the name of the existing secret used to terminate TLS traffic. - type: string - status: - description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - address: - description: Address holds the information needed for a DomainMapping to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - url: - description: URL is the URL of this DomainMapping. - type: string - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: DomainMapping is a mapping from a custom hostname to an Addressable. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - ref - properties: - ref: - description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." - type: object - required: - - kind - - name - properties: - address: - description: Address points to a specific Address Name. - type: string - apiVersion: - description: API version of the referent. - type: string - group: - description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - tls: - description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. - type: object - required: - - secretName - properties: - secretName: - description: SecretName is the name of the existing secret used to terminate TLS traffic. - type: string - status: - description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - address: - description: Address holds the information needed for a DomainMapping to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - url: - description: URL is the URL of this DomainMapping. - type: string - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: DomainMapping - plural: domainmappings - singular: domainmapping - categories: - - all - - knative - - serving - shortNames: - - dm - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ingresses.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.5" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: "Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable URLs, load balance traffic, offer name based virtual hosting, etc. \n This is heavily based on K8s Ingress https://godoc.org/k8s.io/api/networking/v1beta1#Ingress which some highlighted modifications." - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the Ingress. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - httpOption: - description: 'HTTPOption is the option of HTTP. It has the following two values: `HTTPOptionEnabled`, `HTTPOptionRedirected`' - type: string - rules: - description: A list of host rules used to configure the Ingress. - type: array - items: - description: IngressRule represents the rules mapping the paths under a specified host to the related backend services. Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching IngressRuleValue. - type: object - properties: - hosts: - description: 'Host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the "host" part of the URI as defined in the RFC: 1. IPs are not allowed. Currently a rule value can only apply to the IP in the Spec of the parent . 2. The `:` delimiter is not respected because ports are not allowed. Currently the port of an Ingress is implicitly :80 for http and :443 for https. Both these may change in the future. If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue. If multiple matching Hosts were provided, the first rule will take precedent.' - type: array - items: - type: string - http: - description: HTTP represents a rule to apply against incoming requests. If the rule is satisfied, the request is routed to the specified backend. - type: object - required: - - paths - properties: - paths: - description: "A collection of paths that map requests to backends. \n If they are multiple matching paths, the first match takes precedence." - type: array - items: - description: HTTPIngressPath associates a path regex with a backend. Incoming URLs matching the path are forwarded to the backend. - type: object - required: - - splits - properties: - appendHeaders: - description: "AppendHeaders allow specifying additional HTTP headers to add before forwarding a request to the destination service. \n NOTE: This differs from K8s Ingress which doesn't allow header appending." - type: object - additionalProperties: - type: string - headers: - description: Headers defines header matching rules which is a map from a header name to HeaderMatch which specify a matching condition. When a request matched with all the header matching rules, the request is routed by the corresponding ingress rule. If it is empty, the headers are not used for matching - type: object - additionalProperties: - description: HeaderMatch represents a matching value of Headers in HTTPIngressPath. Currently, only the exact matching is supported. - type: object - required: - - exact - properties: - exact: - type: string - path: - description: Path represents a literal prefix to which this rule should apply. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/'. If unspecified, the path defaults to a catch all sending traffic to the backend. - type: string - rewriteHost: - description: "RewriteHost rewrites the incoming request's host header. \n This field is currently experimental and not supported by all Ingress implementations." - type: string - splits: - description: Splits defines the referenced service endpoints to which the traffic will be forwarded to. - type: array - items: - description: IngressBackendSplit describes all endpoints for a given service and port. - type: object - required: - - serviceName - - serviceNamespace - - servicePort - properties: - appendHeaders: - description: "AppendHeaders allow specifying additional HTTP headers to add before forwarding a request to the destination service. \n NOTE: This differs from K8s Ingress which doesn't allow header appending." - type: object - additionalProperties: - type: string - percent: - description: "Specifies the split percentage, a number between 0 and 100. If only one split is specified, we default to 100. \n NOTE: This differs from K8s Ingress to allow percentage split." - type: integer - serviceName: - description: Specifies the name of the referenced service. - type: string - serviceNamespace: - description: "Specifies the namespace of the referenced service. \n NOTE: This differs from K8s Ingress to allow routing to different namespaces." - type: string - servicePort: - description: Specifies the port of the referenced service. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - visibility: - description: Visibility signifies whether this rule should `ClusterLocal`. If it's not specified then it defaults to `ExternalIP`. - type: string - tls: - description: 'TLS configuration. Currently Ingress only supports a single TLS port: 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI.' - type: array - items: - description: IngressTLS describes the transport layer security associated with an Ingress. - type: object - properties: - hosts: - description: Hosts is a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified. - type: array - items: - type: string - secretName: - description: SecretName is the name of the secret used to terminate SSL traffic. - type: string - secretNamespace: - description: SecretNamespace is the namespace of the secret used to terminate SSL traffic. If not set the namespace should be assumed to be the same as the Ingress. If set the secret should have the same namespace as the Ingress otherwise the behaviour is undefined and not supported. - type: string - status: - description: 'Status is the current state of the Ingress. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - privateLoadBalancer: - description: PrivateLoadBalancer contains the current status of the load-balancer. - type: object - properties: - ingress: - description: Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points. - type: array - items: - description: 'LoadBalancerIngressStatus represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.' - type: object - properties: - domain: - description: Domain is set for load-balancer ingress points that are DNS based (typically AWS load-balancers) - type: string - domainInternal: - description: "DomainInternal is set if there is a cluster-local DNS name to access the Ingress. \n NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local DNS name to allow routing in case of not having a mesh." - type: string - ip: - description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers) - type: string - meshOnly: - description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. - type: boolean - publicLoadBalancer: - description: PublicLoadBalancer contains the current status of the load-balancer. - type: object - properties: - ingress: - description: Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points. - type: array - items: - description: 'LoadBalancerIngressStatus represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.' - type: object - properties: - domain: - description: Domain is set for load-balancer ingress points that are DNS based (typically AWS load-balancers) - type: string - domainInternal: - description: "DomainInternal is set if there is a cluster-local DNS name to access the Ingress. \n NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local DNS name to allow routing in case of not having a mesh." - type: string - ip: - description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers) - type: string - meshOnly: - description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. - type: boolean - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: Ingress - plural: ingresses - singular: ingress - categories: - - knative-internal - - networking - shortNames: - - kingress - - king - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: metrics.autoscaling.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" - knative.dev/crd-install: "true" -spec: - group: autoscaling.internal.knative.dev - names: - kind: Metric - plural: metrics - singular: metric - categories: - - knative-internal - - autoscaling - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: Metric represents a resource to configure the metric collector with. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Metric (from the client). - type: object - required: - - panicWindow - - scrapeTarget - - stableWindow - properties: - panicWindow: - description: PanicWindow is the aggregation window for metrics where quick reactions are needed. - type: integer - format: int64 - scrapeTarget: - description: ScrapeTarget is the K8s service that publishes the metric endpoint. - type: string - stableWindow: - description: StableWindow is the aggregation window for metrics in a stable state. - type: integer - format: int64 - status: - description: Status communicates the observed state of the Metric (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: podautoscalers.autoscaling.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" - knative.dev/crd-install: "true" -spec: - group: autoscaling.internal.knative.dev - names: - kind: PodAutoscaler - plural: podautoscalers - singular: podautoscaler - categories: - - knative-internal - - autoscaling - shortNames: - - kpa - - pa - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: DesiredScale - type: integer - jsonPath: ".status.desiredScale" - - name: ActualScale - type: integer - jsonPath: ".status.actualScale" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'PodAutoscaler is a Knative abstraction that encapsulates the interface by which Knative components instantiate autoscalers. This definition is an abstraction that may be backed by multiple definitions. For more information, see the Knative Pluggability presentation: https://docs.google.com/presentation/d/19vW9HFZ6Puxt31biNZF3uLRejDmu82rxJIk1cWmxF7w/edit' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the PodAutoscaler (from the client). - type: object - required: - - protocolType - - scaleTargetRef - properties: - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means unlimited concurrency. - type: integer - format: int64 - protocolType: - description: The application-layer protocol. Matches `ProtocolType` inferred from the revision spec. - type: string - reachability: - description: Reachability specifies whether or not the `ScaleTargetRef` can be reached (ie. has a route). Defaults to `ReachabilityUnknown` - type: string - scaleTargetRef: - description: ScaleTargetRef defines the /scale-able resource that this PodAutoscaler is responsible for quickly right-sizing. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - x-kubernetes-map-type: atomic - status: - description: Status communicates the observed state of the PodAutoscaler (from the controller). - type: object - required: - - metricsServiceName - - serviceName - properties: - actualScale: - description: ActualScale shows the actual number of replicas for the revision. - type: integer - format: int32 - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - desiredScale: - description: DesiredScale shows the current desired number of replicas for the revision. - type: integer - format: int32 - metricsServiceName: - description: MetricsServiceName is the K8s Service name that provides revision metrics. The service is managed by the PA object. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - serviceName: - description: ServiceName is the K8s Service name that serves the revision, scaled by this PA. The service is created and owned by the ServerlessService object owned by this PA. - type: string - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: revisions.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" - knative.dev/crd-install: "true" -spec: - group: serving.knative.dev - names: - kind: Revision - plural: revisions - singular: revision - categories: - - all - - knative - - serving - shortNames: - - rev - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Config Name - type: string - jsonPath: ".metadata.labels['serving\\.knative\\.dev/configuration']" - - name: K8s Service Name - type: string - jsonPath: ".status.serviceName" - - name: Generation - type: string # int in string form :( - jsonPath: ".metadata.labels['serving\\.knative\\.dev/configurationGeneration']" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - name: Actual Replicas - type: integer - jsonPath: ".status.actualReplicas" - - name: Desired Replicas - type: integer - jsonPath: ".status.desiredReplicas" - schema: - openAPIV3Schema: - description: "Revision is an immutable snapshot of code and configuration. A revision references a container image. Revisions are created by updates to a Configuration. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#revision" - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - status: - description: RevisionStatus communicates the observed state of the Revision (from the controller). - type: object - properties: - actualReplicas: - description: ActualReplicas reflects the amount of ready pods running this revision. - type: integer - format: int32 - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - containerStatuses: - description: 'ContainerStatuses is a slice of images present in .Spec.Container[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' - type: array - items: - description: ContainerStatus holds the information of container name and image digest value - type: object - properties: - imageDigest: - type: string - name: - type: string - desiredReplicas: - description: DesiredReplicas reflects the desired amount of pods running this revision. - type: integer - format: int32 - initContainerStatuses: - description: 'InitContainerStatuses is a slice of images present in .Spec.InitContainer[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' - type: array - items: - description: ContainerStatus holds the information of container name and image digest value - type: object - properties: - imageDigest: - type: string - name: - type: string - logUrl: - description: LogURL specifies the generated logging url for this particular revision based on the revision url template specified in the controller's config. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: routes.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" -spec: - group: serving.knative.dev - names: - kind: Route - plural: routes - singular: route - categories: - - all - - knative - - serving - shortNames: - - rt - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'Route is responsible for configuring ingress over a collection of Revisions. Some of the Revisions a Route distributes traffic over may be specified by referencing the Configuration responsible for creating them; in these cases the Route is additionally responsible for monitoring the Configuration for "latest ready revision" changes, and smoothly rolling out latest revisions. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#route' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Route (from the client). - type: object - properties: - traffic: - description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - status: - description: Status communicates the observed state of the Route (from the controller). - type: object - properties: - address: - description: Address holds the information needed for a Route to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - traffic: - description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - url: - description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} - type: string - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: serverlessservices.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.5" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'ServerlessService is a proxy for the K8s service objects containing the endpoints for the revision, whether those are endpoints of the activator or revision pods. See: https://knative.page.link/naxz for details.' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the ServerlessService. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - objectRef - - protocolType - properties: - mode: - description: Mode describes the mode of operation of the ServerlessService. - type: string - numActivators: - description: NumActivators contains number of Activators that this revision should be assigned. O means — assign all. - type: integer - format: int32 - objectRef: - description: ObjectRef defines the resource that this ServerlessService is responsible for making "serverless". - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - x-kubernetes-map-type: atomic - protocolType: - description: The application-layer protocol. Matches `RevisionProtocolType` set on the owning pa/revision. serving imports networking, so just use string. - type: string - status: - description: 'Status is the current state of the ServerlessService. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - privateServiceName: - description: PrivateServiceName holds the name of a core K8s Service resource that load balances over the user service pods backing this Revision. - type: string - serviceName: - description: ServiceName holds the name of a core K8s Service resource that load balances over the pods backing this Revision (activator or revision). - type: string - additionalPrinterColumns: - - name: Mode - type: string - jsonPath: ".spec.mode" - - name: Activators - type: integer - jsonPath: ".spec.numActivators" - - name: ServiceName - type: string - jsonPath: ".status.serviceName" - - name: PrivateServiceName - type: string - jsonPath: ".status.privateServiceName" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: ServerlessService - plural: serverlessservices - singular: serverlessservice - categories: - - knative-internal - - networking - shortNames: - - sks - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: services.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - duck.knative.dev/podspecable: "true" -spec: - group: serving.knative.dev - names: - kind: Service - plural: services - singular: service - categories: - - all - - knative - - serving - shortNames: - - kservice - - ksvc - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: LatestCreated - type: string - jsonPath: .status.latestCreatedRevisionName - - name: LatestReady - type: string - jsonPath: .status.latestReadyRevisionName - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: "Service acts as a top-level container that manages a Route and Configuration which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership. Service acts only as an orchestrator of the underlying Routes and Configurations (much as a kubernetes Deployment orchestrates ReplicaSets), and its usage is optional but recommended. \n The Service's controller will track the statuses of its owned Configuration and Route, reflecting their statuses and conditions as its own. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#service" - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ServiceSpec represents the configuration for the Service object. A Service's specification is the union of the specifications for a Route and Configuration. The Service restricts what can be expressed in these fields, e.g. the Route must reference the provided Configuration; however, these limitations also enable friendlier defaulting, e.g. Route never needs a Configuration name, and may be defaulted to the appropriate "run latest" spec. - type: object - properties: - template: - description: Template holds the latest specification for the Revision to be stamped out. - type: object - properties: - metadata: - type: object - properties: - annotations: - type: object - additionalProperties: - type: string - finalizers: - type: array - items: - type: string - labels: - type: object - additionalProperties: - type: string - name: - type: string - namespace: - type: string - x-kubernetes-preserve-unknown-fields: true - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - traffic: - description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - status: - description: ServiceStatus represents the Status stanza of the Service resource. - type: object - properties: - address: - description: Address holds the information needed for a Route to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - latestCreatedRevisionName: - description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. - type: string - latestReadyRevisionName: - description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - traffic: - description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - url: - description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} - type: string - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: images.caching.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" - knative.dev/crd-install: "true" -spec: - group: caching.internal.knative.dev - names: - kind: Image - plural: images - singular: image - categories: - - knative-internal - - caching - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Image is a Knative abstraction that encapsulates the interface by which Knative components express a desire to have a particular image cached. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Image (from the client). - type: object - required: - - image - properties: - image: - description: Image is the name of the container image url to cache across the cluster. - type: string - imagePullSecrets: - description: ImagePullSecrets contains the names of the Kubernetes Secrets containing login information used by the Pods which will run this container. - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - serviceAccountName: - description: 'ServiceAccountName is the name of the Kubernetes ServiceAccount as which the Pods will run this container. This is potentially used to authenticate the image pull if the service account has attached pull secrets. For more information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account' - type: string - status: - description: Status communicates the observed state of the Image (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: Image - type: string - jsonPath: .spec.image - ---- diff --git a/cmd/operator/kodata/knative-serving/1.10.5/2-serving-core.yaml b/cmd/operator/kodata/knative-serving/1.10.5/2-serving-core.yaml deleted file mode 100644 index 05c1137e2a..0000000000 --- a/cmd/operator/kodata/knative-serving/1.10.5/2-serving-core.yaml +++ /dev/null @@ -1,7191 +0,0 @@ -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Namespace -metadata: - name: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Use this aggregated ClusterRole when you need readonly access to "Addressables" -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - # Named like this to avoid clashing with eventing's existing `addressable-resolver` role - # (which should be identical, but isn't guaranteed to be installed alongside serving). - name: knative-serving-aggregated-addressable-resolver - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-serving -aggregationRule: - clusterRoleSelectors: - - matchLabels: - duck.knative.dev/addressable: "true" ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-addressable-resolver - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-serving - # Labeled to facilitate aggregated cluster roles that act on Addressables. - duck.knative.dev/addressable: "true" -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - serving.knative.dev - resources: - - routes - - routes/status - - services - - services/status - verbs: - - get - - list - - watch - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-namespaced-admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-serving -rules: - - apiGroups: ["serving.knative.dev"] - resources: ["*"] - verbs: ["*"] - - apiGroups: ["networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] - resources: ["*"] - verbs: ["get", "list", "watch"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-namespaced-edit - labels: - rbac.authorization.k8s.io/aggregate-to-edit: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-serving -rules: - - apiGroups: ["serving.knative.dev"] - resources: ["*"] - verbs: ["create", "update", "patch", "delete"] - - apiGroups: ["networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] - resources: ["*"] - verbs: ["get", "list", "watch"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-namespaced-view - labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-serving -rules: - - apiGroups: ["serving.knative.dev", "networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] - resources: ["*"] - verbs: ["get", "list", "watch"] - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-core - labels: - serving.knative.dev/controller: "true" - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-serving -rules: - - apiGroups: [""] - resources: ["pods", "namespaces", "secrets", "configmaps", "endpoints", "services", "events", "serviceaccounts"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: [""] - resources: ["endpoints/restricted"] # Permission for RestrictedEndpointsAdmission - verbs: ["create"] - - apiGroups: [""] - resources: ["namespaces/finalizers"] # finalizers are needed for the owner reference of the webhook - verbs: ["update"] - - apiGroups: ["apps"] - resources: ["deployments", "deployments/finalizers"] # finalizers are needed for the owner reference of the webhook - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions", "customresourcedefinitions/status"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["autoscaling"] - resources: ["horizontalpodautoscalers"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["serving.knative.dev", "autoscaling.internal.knative.dev", "networking.internal.knative.dev"] - resources: ["*", "*/status", "*/finalizers"] - verbs: ["get", "list", "create", "update", "delete", "deletecollection", "patch", "watch"] - - apiGroups: ["caching.internal.knative.dev"] - resources: ["images"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-podspecable-binding - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-serving - # Labeled to facilitate aggregated cluster roles that act on PodSpecables. - duck.knative.dev/podspecable: "true" -# Do not use this role directly. These rules will be added to the "podspecable-binder" role. -rules: - - apiGroups: - - serving.knative.dev - resources: - - configurations - - services - verbs: - - list - - watch - - patch - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: controller - namespace: knative-serving - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-admin - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" -aggregationRule: - clusterRoleSelectors: - - matchLabels: - serving.knative.dev/controller: "true" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-serving-controller-admin - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" -subjects: - - kind: ServiceAccount - name: controller - namespace: knative-serving -roleRef: - kind: ClusterRole - name: knative-serving-admin - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-serving-controller-addressable-resolver - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" -subjects: - - kind: ServiceAccount - name: controller - namespace: knative-serving -roleRef: - kind: ClusterRole - name: knative-serving-aggregated-addressable-resolver - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: images.caching.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" - knative.dev/crd-install: "true" -spec: - group: caching.internal.knative.dev - names: - kind: Image - plural: images - singular: image - categories: - - knative-internal - - caching - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Image is a Knative abstraction that encapsulates the interface by which Knative components express a desire to have a particular image cached. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Image (from the client). - type: object - required: - - image - properties: - image: - description: Image is the name of the container image url to cache across the cluster. - type: string - imagePullSecrets: - description: ImagePullSecrets contains the names of the Kubernetes Secrets containing login information used by the Pods which will run this container. - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - serviceAccountName: - description: 'ServiceAccountName is the name of the Kubernetes ServiceAccount as which the Pods will run this container. This is potentially used to authenticate the image pull if the service account has attached pull secrets. For more information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account' - type: string - status: - description: Status communicates the observed state of the Image (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: Image - type: string - jsonPath: .spec.image - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: certificates.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.5" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Certificate is responsible for provisioning a SSL certificate for the given hosts. It is a Knative abstraction for various SSL certificate provisioning solutions (such as cert-manager or self-signed SSL certificate). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the Certificate. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - dnsNames - - secretName - properties: - dnsNames: - description: DNSNames is a list of DNS names the Certificate could support. The wildcard format of DNSNames (e.g. *.default.example.com) is supported. - type: array - items: - type: string - domain: - description: Domain is the top level domain of the values for DNSNames. - type: string - secretName: - description: SecretName is the name of the secret resource to store the SSL certificate in. - type: string - status: - description: 'Status is the current state of the Certificate. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - http01Challenges: - description: HTTP01Challenges is a list of HTTP01 challenges that need to be fulfilled in order to get the TLS certificate.. - type: array - items: - description: HTTP01Challenge defines the status of a HTTP01 challenge that a certificate needs to fulfill. - type: object - properties: - serviceName: - description: ServiceName is the name of the service to serve HTTP01 challenge requests. - type: string - serviceNamespace: - description: ServiceNamespace is the namespace of the service to serve HTTP01 challenge requests. - type: string - servicePort: - description: ServicePort is the port of the service to serve HTTP01 challenge requests. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - url: - description: URL is the URL that the HTTP01 challenge is expected to serve on. - type: string - notAfter: - description: The expiration time of the TLS certificate stored in the secret named by this resource in spec.secretName. - type: string - format: date-time - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Certificate - plural: certificates - singular: certificate - categories: - - knative-internal - - networking - shortNames: - - kcert - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: configurations.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" - knative.dev/crd-install: "true" - duck.knative.dev/podspecable: "true" -spec: - group: serving.knative.dev - names: - kind: Configuration - plural: configurations - singular: configuration - categories: - - all - - knative - - serving - shortNames: - - config - - cfg - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: LatestCreated - type: string - jsonPath: .status.latestCreatedRevisionName - - name: LatestReady - type: string - jsonPath: .status.latestReadyRevisionName - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'Configuration represents the "floating HEAD" of a linear history of Revisions. Users create new Revisions by updating the Configuration''s spec. The "latest created" revision''s name is available under status, as is the "latest ready" revision''s name. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#configuration' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConfigurationSpec holds the desired state of the Configuration (from the client). - type: object - properties: - template: - description: Template holds the latest specification for the Revision to be stamped out. - type: object - properties: - metadata: - type: object - properties: - annotations: - type: object - additionalProperties: - type: string - finalizers: - type: array - items: - type: string - labels: - type: object - additionalProperties: - type: string - name: - type: string - namespace: - type: string - x-kubernetes-preserve-unknown-fields: true - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - status: - description: ConfigurationStatus communicates the observed state of the Configuration (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - latestCreatedRevisionName: - description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. - type: string - latestReadyRevisionName: - description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterdomainclaims.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.5" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: ClusterDomainClaim is a cluster-wide reservation for a particular domain name. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the ClusterDomainClaim. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - namespace - properties: - namespace: - description: Namespace is the namespace which is allowed to create a DomainMapping using this ClusterDomainClaim's name. - type: string - names: - kind: ClusterDomainClaim - plural: clusterdomainclaims - singular: clusterdomainclaim - categories: - - knative-internal - - networking - shortNames: - - cdc - scope: Cluster - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: domainmappings.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" - knative.dev/crd-install: "true" -spec: - group: serving.knative.dev - versions: - - name: v1beta1 - served: true - storage: false - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - "schema": - "openAPIV3Schema": - description: DomainMapping is a mapping from a custom hostname to an Addressable. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - ref - properties: - ref: - description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." - type: object - required: - - kind - - name - properties: - address: - description: Address points to a specific Address Name. - type: string - apiVersion: - description: API version of the referent. - type: string - group: - description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - tls: - description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. - type: object - required: - - secretName - properties: - secretName: - description: SecretName is the name of the existing secret used to terminate TLS traffic. - type: string - status: - description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - address: - description: Address holds the information needed for a DomainMapping to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - url: - description: URL is the URL of this DomainMapping. - type: string - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: DomainMapping is a mapping from a custom hostname to an Addressable. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - ref - properties: - ref: - description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." - type: object - required: - - kind - - name - properties: - address: - description: Address points to a specific Address Name. - type: string - apiVersion: - description: API version of the referent. - type: string - group: - description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - tls: - description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. - type: object - required: - - secretName - properties: - secretName: - description: SecretName is the name of the existing secret used to terminate TLS traffic. - type: string - status: - description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - address: - description: Address holds the information needed for a DomainMapping to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - url: - description: URL is the URL of this DomainMapping. - type: string - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: DomainMapping - plural: domainmappings - singular: domainmapping - categories: - - all - - knative - - serving - shortNames: - - dm - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ingresses.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.5" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: "Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable URLs, load balance traffic, offer name based virtual hosting, etc. \n This is heavily based on K8s Ingress https://godoc.org/k8s.io/api/networking/v1beta1#Ingress which some highlighted modifications." - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the Ingress. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - httpOption: - description: 'HTTPOption is the option of HTTP. It has the following two values: `HTTPOptionEnabled`, `HTTPOptionRedirected`' - type: string - rules: - description: A list of host rules used to configure the Ingress. - type: array - items: - description: IngressRule represents the rules mapping the paths under a specified host to the related backend services. Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching IngressRuleValue. - type: object - properties: - hosts: - description: 'Host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the "host" part of the URI as defined in the RFC: 1. IPs are not allowed. Currently a rule value can only apply to the IP in the Spec of the parent . 2. The `:` delimiter is not respected because ports are not allowed. Currently the port of an Ingress is implicitly :80 for http and :443 for https. Both these may change in the future. If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue. If multiple matching Hosts were provided, the first rule will take precedent.' - type: array - items: - type: string - http: - description: HTTP represents a rule to apply against incoming requests. If the rule is satisfied, the request is routed to the specified backend. - type: object - required: - - paths - properties: - paths: - description: "A collection of paths that map requests to backends. \n If they are multiple matching paths, the first match takes precedence." - type: array - items: - description: HTTPIngressPath associates a path regex with a backend. Incoming URLs matching the path are forwarded to the backend. - type: object - required: - - splits - properties: - appendHeaders: - description: "AppendHeaders allow specifying additional HTTP headers to add before forwarding a request to the destination service. \n NOTE: This differs from K8s Ingress which doesn't allow header appending." - type: object - additionalProperties: - type: string - headers: - description: Headers defines header matching rules which is a map from a header name to HeaderMatch which specify a matching condition. When a request matched with all the header matching rules, the request is routed by the corresponding ingress rule. If it is empty, the headers are not used for matching - type: object - additionalProperties: - description: HeaderMatch represents a matching value of Headers in HTTPIngressPath. Currently, only the exact matching is supported. - type: object - required: - - exact - properties: - exact: - type: string - path: - description: Path represents a literal prefix to which this rule should apply. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/'. If unspecified, the path defaults to a catch all sending traffic to the backend. - type: string - rewriteHost: - description: "RewriteHost rewrites the incoming request's host header. \n This field is currently experimental and not supported by all Ingress implementations." - type: string - splits: - description: Splits defines the referenced service endpoints to which the traffic will be forwarded to. - type: array - items: - description: IngressBackendSplit describes all endpoints for a given service and port. - type: object - required: - - serviceName - - serviceNamespace - - servicePort - properties: - appendHeaders: - description: "AppendHeaders allow specifying additional HTTP headers to add before forwarding a request to the destination service. \n NOTE: This differs from K8s Ingress which doesn't allow header appending." - type: object - additionalProperties: - type: string - percent: - description: "Specifies the split percentage, a number between 0 and 100. If only one split is specified, we default to 100. \n NOTE: This differs from K8s Ingress to allow percentage split." - type: integer - serviceName: - description: Specifies the name of the referenced service. - type: string - serviceNamespace: - description: "Specifies the namespace of the referenced service. \n NOTE: This differs from K8s Ingress to allow routing to different namespaces." - type: string - servicePort: - description: Specifies the port of the referenced service. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - visibility: - description: Visibility signifies whether this rule should `ClusterLocal`. If it's not specified then it defaults to `ExternalIP`. - type: string - tls: - description: 'TLS configuration. Currently Ingress only supports a single TLS port: 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI.' - type: array - items: - description: IngressTLS describes the transport layer security associated with an Ingress. - type: object - properties: - hosts: - description: Hosts is a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified. - type: array - items: - type: string - secretName: - description: SecretName is the name of the secret used to terminate SSL traffic. - type: string - secretNamespace: - description: SecretNamespace is the namespace of the secret used to terminate SSL traffic. If not set the namespace should be assumed to be the same as the Ingress. If set the secret should have the same namespace as the Ingress otherwise the behaviour is undefined and not supported. - type: string - status: - description: 'Status is the current state of the Ingress. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - privateLoadBalancer: - description: PrivateLoadBalancer contains the current status of the load-balancer. - type: object - properties: - ingress: - description: Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points. - type: array - items: - description: 'LoadBalancerIngressStatus represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.' - type: object - properties: - domain: - description: Domain is set for load-balancer ingress points that are DNS based (typically AWS load-balancers) - type: string - domainInternal: - description: "DomainInternal is set if there is a cluster-local DNS name to access the Ingress. \n NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local DNS name to allow routing in case of not having a mesh." - type: string - ip: - description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers) - type: string - meshOnly: - description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. - type: boolean - publicLoadBalancer: - description: PublicLoadBalancer contains the current status of the load-balancer. - type: object - properties: - ingress: - description: Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points. - type: array - items: - description: 'LoadBalancerIngressStatus represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.' - type: object - properties: - domain: - description: Domain is set for load-balancer ingress points that are DNS based (typically AWS load-balancers) - type: string - domainInternal: - description: "DomainInternal is set if there is a cluster-local DNS name to access the Ingress. \n NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local DNS name to allow routing in case of not having a mesh." - type: string - ip: - description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers) - type: string - meshOnly: - description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. - type: boolean - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: Ingress - plural: ingresses - singular: ingress - categories: - - knative-internal - - networking - shortNames: - - kingress - - king - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: metrics.autoscaling.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" - knative.dev/crd-install: "true" -spec: - group: autoscaling.internal.knative.dev - names: - kind: Metric - plural: metrics - singular: metric - categories: - - knative-internal - - autoscaling - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: Metric represents a resource to configure the metric collector with. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Metric (from the client). - type: object - required: - - panicWindow - - scrapeTarget - - stableWindow - properties: - panicWindow: - description: PanicWindow is the aggregation window for metrics where quick reactions are needed. - type: integer - format: int64 - scrapeTarget: - description: ScrapeTarget is the K8s service that publishes the metric endpoint. - type: string - stableWindow: - description: StableWindow is the aggregation window for metrics in a stable state. - type: integer - format: int64 - status: - description: Status communicates the observed state of the Metric (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: podautoscalers.autoscaling.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" - knative.dev/crd-install: "true" -spec: - group: autoscaling.internal.knative.dev - names: - kind: PodAutoscaler - plural: podautoscalers - singular: podautoscaler - categories: - - knative-internal - - autoscaling - shortNames: - - kpa - - pa - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: DesiredScale - type: integer - jsonPath: ".status.desiredScale" - - name: ActualScale - type: integer - jsonPath: ".status.actualScale" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'PodAutoscaler is a Knative abstraction that encapsulates the interface by which Knative components instantiate autoscalers. This definition is an abstraction that may be backed by multiple definitions. For more information, see the Knative Pluggability presentation: https://docs.google.com/presentation/d/19vW9HFZ6Puxt31biNZF3uLRejDmu82rxJIk1cWmxF7w/edit' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the PodAutoscaler (from the client). - type: object - required: - - protocolType - - scaleTargetRef - properties: - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means unlimited concurrency. - type: integer - format: int64 - protocolType: - description: The application-layer protocol. Matches `ProtocolType` inferred from the revision spec. - type: string - reachability: - description: Reachability specifies whether or not the `ScaleTargetRef` can be reached (ie. has a route). Defaults to `ReachabilityUnknown` - type: string - scaleTargetRef: - description: ScaleTargetRef defines the /scale-able resource that this PodAutoscaler is responsible for quickly right-sizing. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - x-kubernetes-map-type: atomic - status: - description: Status communicates the observed state of the PodAutoscaler (from the controller). - type: object - required: - - metricsServiceName - - serviceName - properties: - actualScale: - description: ActualScale shows the actual number of replicas for the revision. - type: integer - format: int32 - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - desiredScale: - description: DesiredScale shows the current desired number of replicas for the revision. - type: integer - format: int32 - metricsServiceName: - description: MetricsServiceName is the K8s Service name that provides revision metrics. The service is managed by the PA object. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - serviceName: - description: ServiceName is the K8s Service name that serves the revision, scaled by this PA. The service is created and owned by the ServerlessService object owned by this PA. - type: string - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: revisions.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" - knative.dev/crd-install: "true" -spec: - group: serving.knative.dev - names: - kind: Revision - plural: revisions - singular: revision - categories: - - all - - knative - - serving - shortNames: - - rev - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Config Name - type: string - jsonPath: ".metadata.labels['serving\\.knative\\.dev/configuration']" - - name: K8s Service Name - type: string - jsonPath: ".status.serviceName" - - name: Generation - type: string # int in string form :( - jsonPath: ".metadata.labels['serving\\.knative\\.dev/configurationGeneration']" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - name: Actual Replicas - type: integer - jsonPath: ".status.actualReplicas" - - name: Desired Replicas - type: integer - jsonPath: ".status.desiredReplicas" - schema: - openAPIV3Schema: - description: "Revision is an immutable snapshot of code and configuration. A revision references a container image. Revisions are created by updates to a Configuration. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#revision" - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - status: - description: RevisionStatus communicates the observed state of the Revision (from the controller). - type: object - properties: - actualReplicas: - description: ActualReplicas reflects the amount of ready pods running this revision. - type: integer - format: int32 - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - containerStatuses: - description: 'ContainerStatuses is a slice of images present in .Spec.Container[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' - type: array - items: - description: ContainerStatus holds the information of container name and image digest value - type: object - properties: - imageDigest: - type: string - name: - type: string - desiredReplicas: - description: DesiredReplicas reflects the desired amount of pods running this revision. - type: integer - format: int32 - initContainerStatuses: - description: 'InitContainerStatuses is a slice of images present in .Spec.InitContainer[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' - type: array - items: - description: ContainerStatus holds the information of container name and image digest value - type: object - properties: - imageDigest: - type: string - name: - type: string - logUrl: - description: LogURL specifies the generated logging url for this particular revision based on the revision url template specified in the controller's config. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: routes.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" -spec: - group: serving.knative.dev - names: - kind: Route - plural: routes - singular: route - categories: - - all - - knative - - serving - shortNames: - - rt - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'Route is responsible for configuring ingress over a collection of Revisions. Some of the Revisions a Route distributes traffic over may be specified by referencing the Configuration responsible for creating them; in these cases the Route is additionally responsible for monitoring the Configuration for "latest ready revision" changes, and smoothly rolling out latest revisions. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#route' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Route (from the client). - type: object - properties: - traffic: - description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - status: - description: Status communicates the observed state of the Route (from the controller). - type: object - properties: - address: - description: Address holds the information needed for a Route to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - traffic: - description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - url: - description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} - type: string - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: serverlessservices.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.5" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'ServerlessService is a proxy for the K8s service objects containing the endpoints for the revision, whether those are endpoints of the activator or revision pods. See: https://knative.page.link/naxz for details.' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the ServerlessService. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - objectRef - - protocolType - properties: - mode: - description: Mode describes the mode of operation of the ServerlessService. - type: string - numActivators: - description: NumActivators contains number of Activators that this revision should be assigned. O means — assign all. - type: integer - format: int32 - objectRef: - description: ObjectRef defines the resource that this ServerlessService is responsible for making "serverless". - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - x-kubernetes-map-type: atomic - protocolType: - description: The application-layer protocol. Matches `RevisionProtocolType` set on the owning pa/revision. serving imports networking, so just use string. - type: string - status: - description: 'Status is the current state of the ServerlessService. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - privateServiceName: - description: PrivateServiceName holds the name of a core K8s Service resource that load balances over the user service pods backing this Revision. - type: string - serviceName: - description: ServiceName holds the name of a core K8s Service resource that load balances over the pods backing this Revision (activator or revision). - type: string - additionalPrinterColumns: - - name: Mode - type: string - jsonPath: ".spec.mode" - - name: Activators - type: integer - jsonPath: ".spec.numActivators" - - name: ServiceName - type: string - jsonPath: ".status.serviceName" - - name: PrivateServiceName - type: string - jsonPath: ".status.privateServiceName" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: ServerlessService - plural: serverlessservices - singular: serverlessservice - categories: - - knative-internal - - networking - shortNames: - - sks - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: services.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - duck.knative.dev/podspecable: "true" -spec: - group: serving.knative.dev - names: - kind: Service - plural: services - singular: service - categories: - - all - - knative - - serving - shortNames: - - kservice - - ksvc - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: LatestCreated - type: string - jsonPath: .status.latestCreatedRevisionName - - name: LatestReady - type: string - jsonPath: .status.latestReadyRevisionName - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: "Service acts as a top-level container that manages a Route and Configuration which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership. Service acts only as an orchestrator of the underlying Routes and Configurations (much as a kubernetes Deployment orchestrates ReplicaSets), and its usage is optional but recommended. \n The Service's controller will track the statuses of its owned Configuration and Route, reflecting their statuses and conditions as its own. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#service" - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ServiceSpec represents the configuration for the Service object. A Service's specification is the union of the specifications for a Route and Configuration. The Service restricts what can be expressed in these fields, e.g. the Route must reference the provided Configuration; however, these limitations also enable friendlier defaulting, e.g. Route never needs a Configuration name, and may be defaulted to the appropriate "run latest" spec. - type: object - properties: - template: - description: Template holds the latest specification for the Revision to be stamped out. - type: object - properties: - metadata: - type: object - properties: - annotations: - type: object - additionalProperties: - type: string - finalizers: - type: array - items: - type: string - labels: - type: object - additionalProperties: - type: string - name: - type: string - namespace: - type: string - x-kubernetes-preserve-unknown-fields: true - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - traffic: - description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - status: - description: ServiceStatus represents the Status stanza of the Service resource. - type: object - properties: - address: - description: Address holds the information needed for a Route to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - latestCreatedRevisionName: - description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. - type: string - latestReadyRevisionName: - description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - traffic: - description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - url: - description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} - type: string - ---- -# Copyright 2022 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - # Do not drop -ctrl-ca suffix as control-protocol requires it. - # https://github.com/knative-sandbox/control-protocol/blob/main/pkg/certificates/reconciler/controller.go - name: serving-certs-ctrl-ca - namespace: knative-serving - labels: - serving-certs-ctrl: "data-plane" - networking.internal.knative.dev/certificate-uid: "serving-certs" - -# The data is populated when internal-encryption is enabled. ---- -apiVersion: v1 -kind: Secret -metadata: - name: knative-serving-certs - namespace: knative-serving - labels: - serving-certs-ctrl: "data-plane" - networking.internal.knative.dev/certificate-uid: "serving-certs" - -# The data is populated when internal-encryption is enabled. ---- -apiVersion: v1 -kind: Secret -metadata: - name: control-serving-certs - namespace: knative-serving - labels: - serving-certs-ctrl: "control-plane" - networking.internal.knative.dev/certificate-uid: "serving-certs" - -# The data is populated when internal-encryption is enabled. ---- -apiVersion: v1 -kind: Secret -metadata: - name: routing-serving-certs - namespace: knative-serving - labels: - serving-certs-ctrl: "data-plane-routing" - routing-id: "0" - networking.internal.knative.dev/certificate-uid: "serving-certs" -# The data is populated when internal-encryption is enabled. - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: caching.internal.knative.dev/v1alpha1 -kind: Image -metadata: - name: queue-proxy - namespace: knative-serving - labels: - app.kubernetes.io/component: queue-proxy - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" -spec: - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:f27169aef65817a7caa38d603355e66971bb9cb4647e115a4a346d635bff5475 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-autoscaler - namespace: knative-serving - labels: - app.kubernetes.io/component: autoscaler - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" - annotations: - knative.dev/example-checksum: "47c2487f" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # The Revision ContainerConcurrency field specifies the maximum number - # of requests the Container can handle at once. Container concurrency - # target percentage is how much of that maximum to use in a stable - # state. E.g. if a Revision specifies ContainerConcurrency of 10, then - # the Autoscaler will try to maintain 7 concurrent connections per pod - # on average. - # Note: this limit will be applied to container concurrency set at every - # level (ConfigMap, Revision Spec or Annotation). - # For legacy and backwards compatibility reasons, this value also accepts - # fractional values in (0, 1] interval (i.e. 0.7 ⇒ 70%). - # Thus minimal percentage value must be greater than 1.0, or it will be - # treated as a fraction. - # NOTE: that this value does not affect actual number of concurrent requests - # the user container may receive, but only the average number of requests - # that the revision pods will receive. - container-concurrency-target-percentage: "70" - - # The container concurrency target default is what the Autoscaler will - # try to maintain when concurrency is used as the scaling metric for the - # Revision and the Revision specifies unlimited concurrency. - # When revision explicitly specifies container concurrency, that value - # will be used as a scaling target for autoscaler. - # When specifying unlimited concurrency, the autoscaler will - # horizontally scale the application based on this target concurrency. - # This is what we call "soft limit" in the documentation, i.e. it only - # affects number of pods and does not affect the number of requests - # individual pod processes. - # The value must be a positive number such that the value multiplied - # by container-concurrency-target-percentage is greater than 0.01. - # NOTE: that this value will be adjusted by application of - # container-concurrency-target-percentage, i.e. by default - # the system will target on average 70 concurrent requests - # per revision pod. - # NOTE: Only one metric can be used for autoscaling a Revision. - container-concurrency-target-default: "100" - - # The requests per second (RPS) target default is what the Autoscaler will - # try to maintain when RPS is used as the scaling metric for a Revision and - # the Revision specifies unlimited RPS. Even when specifying unlimited RPS, - # the autoscaler will horizontally scale the application based on this - # target RPS. - # Must be greater than 1.0. - # NOTE: Only one metric can be used for autoscaling a Revision. - requests-per-second-target-default: "200" - - # The target burst capacity specifies the size of burst in concurrent - # requests that the system operator expects the system will receive. - # Autoscaler will try to protect the system from queueing by introducing - # Activator in the request path if the current spare capacity of the - # service is less than this setting. - # If this setting is 0, then Activator will be in the request path only - # when the revision is scaled to 0. - # If this setting is > 0 and container-concurrency-target-percentage is - # 100% or 1.0, then activator will always be in the request path. - # -1 denotes unlimited target-burst-capacity and activator will always - # be in the request path. - # Other negative values are invalid. - target-burst-capacity: "211" - - # When operating in a stable mode, the autoscaler operates on the - # average concurrency over the stable window. - # Stable window must be in whole seconds. - stable-window: "60s" - - # When observed average concurrency during the panic window reaches - # panic-threshold-percentage the target concurrency, the autoscaler - # enters panic mode. When operating in panic mode, the autoscaler - # scales on the average concurrency over the panic window which is - # panic-window-percentage of the stable-window. - # Must be in the [1, 100] range. - # When computing the panic window it will be rounded to the closest - # whole second, at least 1s. - panic-window-percentage: "10.0" - - # The percentage of the container concurrency target at which to - # enter panic mode when reached within the panic window. - panic-threshold-percentage: "200.0" - - # Max scale up rate limits the rate at which the autoscaler will - # increase pod count. It is the maximum ratio of desired pods versus - # observed pods. - # Cannot be less or equal to 1. - # I.e with value of 2.0 the number of pods can at most go N to 2N - # over single Autoscaler period (2s), but at least N to - # N+1, if Autoscaler needs to scale up. - max-scale-up-rate: "1000.0" - - # Max scale down rate limits the rate at which the autoscaler will - # decrease pod count. It is the maximum ratio of observed pods versus - # desired pods. - # Cannot be less or equal to 1. - # I.e. with value of 2.0 the number of pods can at most go N to N/2 - # over single Autoscaler evaluation period (2s), but at - # least N to N-1, if Autoscaler needs to scale down. - max-scale-down-rate: "2.0" - - # Scale to zero feature flag. - enable-scale-to-zero: "true" - - # Scale to zero grace period is the time an inactive revision is left - # running before it is scaled to zero (must be positive, but recommended - # at least a few seconds if running with mesh networking). - # This is the upper limit and is provided not to enforce timeout after - # the revision stopped receiving requests for stable window, but to - # ensure network reprogramming to put activator in the path has completed. - # If the system determines that a shorter period is satisfactory, - # then the system will only wait that amount of time before scaling to 0. - # NOTE: this period might actually be 0, if activator has been - # in the request path sufficiently long. - # If there is necessity for the last pod to linger longer use - # scale-to-zero-pod-retention-period flag. - scale-to-zero-grace-period: "30s" - - # Scale to zero pod retention period defines the minimum amount - # of time the last pod will remain after Autoscaler has decided to - # scale to zero. - # This flag is for the situations where the pod startup is very expensive - # and the traffic is bursty (requiring smaller windows for fast action), - # but patchy. - # The larger of this flag and `scale-to-zero-grace-period` will effectively - # determine how the last pod will hang around. - scale-to-zero-pod-retention-period: "0s" - - # pod-autoscaler-class specifies the default pod autoscaler class - # that should be used if none is specified. If omitted, - # the Knative Pod Autoscaler (KPA) is used by default. - pod-autoscaler-class: "kpa.autoscaling.knative.dev" - - # The capacity of a single activator task. - # The `unit` is one concurrent request proxied by the activator. - # activator-capacity must be at least 1. - # This value is used for computation of the Activator subset size. - # See the algorithm here: http://bit.ly/38XiCZ3. - # TODO(vagababov): tune after actual benchmarking. - activator-capacity: "100.0" - - # initial-scale is the cluster-wide default value for the initial target - # scale of a revision after creation, unless overridden by the - # "autoscaling.knative.dev/initialScale" annotation. - # This value must be greater than 0 unless allow-zero-initial-scale is true. - initial-scale: "1" - - # allow-zero-initial-scale controls whether either the cluster-wide initial-scale flag, - # or the "autoscaling.knative.dev/initialScale" annotation, can be set to 0. - allow-zero-initial-scale: "false" - - # min-scale is the cluster-wide default value for the min scale of a revision, - # unless overridden by the "autoscaling.knative.dev/minScale" annotation. - min-scale: "0" - - # max-scale is the cluster-wide default value for the max scale of a revision, - # unless overridden by the "autoscaling.knative.dev/maxScale" annotation. - # If set to 0, the revision has no maximum scale. - max-scale: "0" - - # scale-down-delay is the amount of time that must pass at reduced - # concurrency before a scale down decision is applied. This can be useful, - # for example, to maintain replica count and avoid a cold start penalty if - # more requests come in within the scale down delay period. - # The default, 0s, imposes no delay at all. - scale-down-delay: "0s" - - # max-scale-limit sets the maximum permitted value for the max scale of a revision. - # When this is set to a positive value, a revision with a maxScale above that value - # (including a maxScale of "0" = unlimited) is disallowed. - # A value of zero (the default) allows any limit, including unlimited. - max-scale-limit: "0" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-defaults - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.5" - annotations: - knative.dev/example-checksum: "e7973912" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # revision-timeout-seconds contains the default number of - # seconds to use for the revision's per-request timeout, if - # none is specified. - revision-timeout-seconds: "300" # 5 minutes - - # max-revision-timeout-seconds contains the maximum number of - # seconds that can be used for revision-timeout-seconds. - # This value must be greater than or equal to revision-timeout-seconds. - # If omitted, the system default is used (600 seconds). - # - # If this value is increased, the activator's terminationGraceTimeSeconds - # should also be increased to prevent in-flight requests being disrupted. - max-revision-timeout-seconds: "600" # 10 minutes - - # revision-response-start-timeout-seconds contains the default number of - # seconds a request will be allowed to stay open while waiting to - # receive any bytes from the user's application, if none is specified. - # - # This defaults to 'revision-timeout-seconds' - revision-response-start-timeout-seconds: "300" - - # revision-idle-timeout-seconds contains the default number of - # seconds a request will be allowed to stay open while not receiving any - # bytes from the user's application, if none is specified. - revision-idle-timeout-seconds: "0" # infinite - - # revision-cpu-request contains the cpu allocation to assign - # to revisions by default. If omitted, no value is specified - # and the system default is used. - # Below is an example of setting revision-cpu-request. - # By default, it is not set by Knative. - revision-cpu-request: "400m" # 0.4 of a CPU (aka 400 milli-CPU) - - # revision-memory-request contains the memory allocation to assign - # to revisions by default. If omitted, no value is specified - # and the system default is used. - # Below is an example of setting revision-memory-request. - # By default, it is not set by Knative. - revision-memory-request: "100M" # 100 megabytes of memory - - # revision-ephemeral-storage-request contains the ephemeral storage - # allocation to assign to revisions by default. If omitted, no value is - # specified and the system default is used. - revision-ephemeral-storage-request: "500M" # 500 megabytes of storage - - # revision-cpu-limit contains the cpu allocation to limit - # revisions to by default. If omitted, no value is specified - # and the system default is used. - # Below is an example of setting revision-cpu-limit. - # By default, it is not set by Knative. - revision-cpu-limit: "1000m" # 1 CPU (aka 1000 milli-CPU) - - # revision-memory-limit contains the memory allocation to limit - # revisions to by default. If omitted, no value is specified - # and the system default is used. - # Below is an example of setting revision-memory-limit. - # By default, it is not set by Knative. - revision-memory-limit: "200M" # 200 megabytes of memory - - # revision-ephemeral-storage-limit contains the ephemeral storage - # allocation to limit revisions to by default. If omitted, no value is - # specified and the system default is used. - revision-ephemeral-storage-limit: "750M" # 750 megabytes of storage - - # container-name-template contains a template for the default - # container name, if none is specified. This field supports - # Go templating and is supplied with the ObjectMeta of the - # enclosing Service or Configuration, so values such as - # {{.Name}} are also valid. - container-name-template: "user-container" - - # init-container-name-template contains a template for the default - # init container name, if none is specified. This field supports - # Go templating and is supplied with the ObjectMeta of the - # enclosing Service or Configuration, so values such as - # {{.Name}} are also valid. - init-container-name-template: "init-container" - - # container-concurrency specifies the maximum number - # of requests the Container can handle at once, and requests - # above this threshold are queued. Setting a value of zero - # disables this throttling and lets through as many requests as - # the pod receives. - container-concurrency: "0" - - # The container concurrency max limit is an operator setting ensuring that - # the individual revisions cannot have arbitrary large concurrency - # values, or autoscaling targets. `container-concurrency` default setting - # must be at or below this value. - # - # Must be greater than 1. - # - # Note: even with this set, a user can choose a containerConcurrency - # of 0 (i.e. unbounded) unless allow-container-concurrency-zero is - # set to "false". - container-concurrency-max-limit: "1000" - - # allow-container-concurrency-zero controls whether users can - # specify 0 (i.e. unbounded) for containerConcurrency. - allow-container-concurrency-zero: "true" - - # enable-service-links specifies the default value used for the - # enableServiceLinks field of the PodSpec, when it is omitted by the user. - # See: https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service - # - # This is a tri-state flag with possible values of (true|false|default). - # - # In environments with large number of services it is suggested - # to set this value to `false`. - # See https://github.com/knative/serving/issues/8498. - enable-service-links: "false" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-deployment - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.5" - annotations: - knative.dev/example-checksum: "410041a0" -data: - # This is the Go import path for the binary that is containerized - # and substituted here. - queue-sidecar-image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:f27169aef65817a7caa38d603355e66971bb9cb4647e115a4a346d635bff5475 - _example: |- - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # List of repositories for which tag to digest resolving should be skipped - registries-skipping-tag-resolving: "kind.local,ko.local,dev.local" - - # Maximum time allowed for an image's digests to be resolved. - digest-resolution-timeout: "10s" - - # Duration we wait for the deployment to be ready before considering it failed. - progress-deadline: "600s" - - # Sets the queue proxy's CPU request. - # If omitted, a default value (currently "25m"), is used. - queue-sidecar-cpu-request: "25m" - - # Sets the queue proxy's CPU limit. - # If omitted, no value is specified and the system default is used. - queue-sidecar-cpu-limit: "1000m" - - # Sets the queue proxy's memory request. - # If omitted, no value is specified and the system default is used. - queue-sidecar-memory-request: "400Mi" - - # Sets the queue proxy's memory limit. - # If omitted, no value is specified and the system default is used. - queue-sidecar-memory-limit: "800Mi" - - # Sets the queue proxy's ephemeral storage request. - # If omitted, no value is specified and the system default is used. - queue-sidecar-ephemeral-storage-request: "512Mi" - - # Sets the queue proxy's ephemeral storage limit. - # If omitted, no value is specified and the system default is used. - queue-sidecar-ephemeral-storage-limit: "1024Mi" - - # Sets tokens associated with specific audiences for queue proxy - used by QPOptions - # - # For example, to add the `service-x` audience: - # queue-sidecar-token-audiences: "service-x" - # Also supports a list of audiences, for example: - # queue-sidecar-token-audiences: "service-x,service-y" - # If omitted, or empty, no tokens are created - queue-sidecar-token-audiences: "" - - # Sets rootCA for the queue proxy - used by QPOptions - # If omitted, or empty, no rootCA is added to the golang rootCAs - queue-sidecar-rootca: "" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-domain - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.5" - annotations: - knative.dev/example-checksum: "26c09de5" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # Default value for domain. - # Routes having the cluster domain suffix (by default 'svc.cluster.local') - # will not be exposed through Ingress. You can define your own label - # selector to assign that domain suffix to your Route here, or you can set - # the label - # "networking.knative.dev/visibility=cluster-local" - # to achieve the same effect. This shows how to make routes having - # the label app=secret only exposed to the local cluster. - svc.cluster.local: | - selector: - app: secret - - # These are example settings of domain. - # example.com will be used for all routes, but it is the least-specific rule so it - # will only be used if no other domain matches. - example.com: | - - # example.org will be used for routes having app=nonprofit. - example.org: | - selector: - app: nonprofit - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-features - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.5" - annotations: - knative.dev/example-checksum: "d3565159" -data: - _example: |- - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # Default SecurityContext settings to secure-by-default values - # if unset. - # - # This value will default to "enabled" in a future release, - # probably Knative 1.10 - secure-pod-defaults: "disabled" - - # Indicates whether multi container support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#multi-containers - multi-container: "enabled" - - # Indicates whether Kubernetes affinity support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-node-affinity - kubernetes.podspec-affinity: "disabled" - - # Indicates whether Kubernetes topologySpreadConstraints support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-topology-spread-constraints - kubernetes.podspec-topologyspreadconstraints: "disabled" - - # Indicates whether Kubernetes hostAliases support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-host-aliases - kubernetes.podspec-hostaliases: "disabled" - - # Indicates whether Kubernetes nodeSelector support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-node-selector - kubernetes.podspec-nodeselector: "disabled" - - # Indicates whether Kubernetes tolerations support is enabled - # - # WARNING: Cannot safely be disabled once enabled - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-toleration - kubernetes.podspec-tolerations: "disabled" - - # Indicates whether Kubernetes FieldRef support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-fieldref - kubernetes.podspec-fieldref: "disabled" - - # Indicates whether Kubernetes RuntimeClassName support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-runtime-class - kubernetes.podspec-runtimeclassname: "disabled" - - # Indicates whether Kubernetes DNSPolicy support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-dnspolicy - kubernetes.podspec-dnspolicy: "disabled" - - # Indicates whether Kubernetes DNSConfig support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-dnsconfig - kubernetes.podspec-dnsconfig: "disabled" - - # This feature allows end-users to set a subset of fields on the Pod's SecurityContext - # - # When set to "enabled" or "allowed" it allows the following - # PodSecurityContext properties: - # - FSGroup - # - RunAsGroup - # - RunAsNonRoot - # - SupplementalGroups - # - RunAsUser - # - SeccompProfile - # - # This feature flag should be used with caution as the PodSecurityContext - # properties may have a side-effect on non-user sidecar containers that come - # from Knative or your service mesh - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-security-context - kubernetes.podspec-securitycontext: "disabled" - - # Indicates whether Kubernetes PriorityClassName support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-priority-class-name - kubernetes.podspec-priorityclassname: "disabled" - - # Indicates whether Kubernetes SchedulerName support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-scheduler-name - kubernetes.podspec-schedulername: "disabled" - - # This feature flag allows end-users to add a subset of capabilities on the Pod's SecurityContext. - # - # When set to "enabled" or "allowed" it allows capabilities to be added to the container. - # For a list of possible capabilities, see https://man7.org/linux/man-pages/man7/capabilities.7.html - kubernetes.containerspec-addcapabilities: "disabled" - - # This feature validates PodSpecs from the validating webhook - # against the K8s API Server. - # - # When "enabled", the server will always run the extra validation. - # When "allowed", the server will not run the dry-run validation by default. - # However, clients may enable the behavior on an individual Service by - # attaching the following metadata annotation: "features.knative.dev/podspec-dryrun":"enabled". - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-dry-run - kubernetes.podspec-dryrun: "allowed" - - # Controls whether tag header based routing feature are enabled or not. - # 1. Enabled: enabling tag header based routing - # 2. Disabled: disabling tag header based routing - # See: https://knative.dev/docs/serving/feature-flags/#tag-header-based-routing - tag-header-based-routing: "disabled" - - # Controls whether http2 auto-detection should be enabled or not. - # 1. Enabled: http2 connection will be attempted via upgrade. - # 2. Disabled: http2 connection will only be attempted when port name is set to "h2c". - autodetect-http2: "disabled" - - # Controls whether volume support for EmptyDir is enabled or not. - # 1. Enabled: enabling EmptyDir volume support - # 2. Disabled: disabling EmptyDir volume support - kubernetes.podspec-volumes-emptydir: "enabled" - - # Controls whether init containers support is enabled or not. - # 1. Enabled: enabling init containers support - # 2. Disabled: disabling init containers support - kubernetes.podspec-init-containers: "disabled" - - # Controls whether persistent volume claim support is enabled or not. - # 1. Enabled: enabling persistent volume claim support - # 2. Disabled: disabling persistent volume claim support - kubernetes.podspec-persistent-volume-claim: "disabled" - - # Controls whether write access for persistent volumes is enabled or not. - # 1. Enabled: enabling write access for persistent volumes - # 2. Disabled: disabling write access for persistent volumes - kubernetes.podspec-persistent-volume-write: "disabled" - - # Controls if the queue proxy podInfo feature is enabled, allowed or disabled - # - # This feature should be enabled/allowed when using queue proxy Options (Extensions) - # Enabling will mount a podInfo volume to the queue proxy container. - # The volume will contains an 'annotations' file (from the pod's annotation field). - # The annotations in this file include the Service annotations set by the client creating the service. - # If mounted, the annotations can be accessed by queue proxy extensions at /etc/podinfo/annnotations - # - # 1. "enabled": always mount a podInfo volume - # 2. "disabled": never mount a podInfo volume - # 3. "allowed": by default, do not mount a podInfo volume - # However, a client may mount the podInfo volume on an individual Service by attaching - # the following metadata annotation to the Service: "features.knative.dev/queueproxy-podinfo":"enabled". - # - # NOTE THAT THIS IS AN EXPERIMENTAL / ALPHA FEATURE - queueproxy.mount-podinfo: "disabled" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-gc - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.5" - annotations: - knative.dev/example-checksum: "aa3813a8" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # --------------------------------------- - # Garbage Collector Settings - # --------------------------------------- - # - # Active - # * Revisions which are referenced by a Route are considered active. - # * Individual revisions may be marked with the annotation - # "serving.knative.dev/no-gc":"true" to be permanently considered active. - # * Active revisions are not considered for GC. - # Retention - # * Revisions are retained if they are any of the following: - # 1. Active - # 2. Were created within "retain-since-create-time" - # 3. Were last referenced by a route within - # "retain-since-last-active-time" - # 4. There are fewer than "min-non-active-revisions" - # If none of these conditions are met, or if the count of revisions exceed - # "max-non-active-revisions", they will be deleted by GC. - # The special value "disabled" may be used to turn off these limits. - # - # Example config to immediately collect any inactive revision: - # min-non-active-revisions: "0" - # max-non-active-revisions: "0" - # retain-since-create-time: "disabled" - # retain-since-last-active-time: "disabled" - # - # Example config to always keep around the last ten non-active revisions: - # retain-since-create-time: "disabled" - # retain-since-last-active-time: "disabled" - # max-non-active-revisions: "10" - # - # Example config to disable all garbage collection: - # retain-since-create-time: "disabled" - # retain-since-last-active-time: "disabled" - # max-non-active-revisions: "disabled" - # - # Example config to keep recently deployed or active revisions, - # always maintain the last two in case of rollback, and prevent - # burst activity from exploding the count of old revisions: - # retain-since-create-time: "48h" - # retain-since-last-active-time: "15h" - # min-non-active-revisions: "2" - # max-non-active-revisions: "1000" - - # Duration since creation before considering a revision for GC or "disabled". - retain-since-create-time: "48h" - - # Duration since active before considering a revision for GC or "disabled". - retain-since-last-active-time: "15h" - - # Minimum number of non-active revisions to retain. - min-non-active-revisions: "20" - - # Maximum number of non-active revisions to retain - # or "disabled" to disable any maximum limit. - max-non-active-revisions: "1000" - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-leader-election - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.5" - annotations: - knative.dev/example-checksum: "f4b71f57" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # lease-duration is how long non-leaders will wait to try to acquire the - # lock; 15 seconds is the value used by core kubernetes controllers. - lease-duration: "60s" - - # renew-deadline is how long a leader will try to renew the lease before - # giving up; 10 seconds is the value used by core kubernetes controllers. - renew-deadline: "40s" - - # retry-period is how long the leader election client waits between tries of - # actions; 2 seconds is the value used by core kubernetes controllers. - retry-period: "10s" - - # buckets is the number of buckets used to partition key space of each - # Reconciler. If this number is M and the replica number of the controller - # is N, the N replicas will compete for the M buckets. The owner of a - # bucket will take care of the reconciling for the keys partitioned into - # that bucket. - buckets: "1" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-logging - namespace: knative-serving - labels: - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/component: logging - app.kubernetes.io/name: knative-serving - annotations: - knative.dev/example-checksum: "b0f3c6f2" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # Common configuration for all Knative codebase - zap-logger-config: | - { - "level": "info", - "development": false, - "outputPaths": ["stdout"], - "errorOutputPaths": ["stderr"], - "encoding": "json", - "encoderConfig": { - "timeKey": "timestamp", - "levelKey": "severity", - "nameKey": "logger", - "callerKey": "caller", - "messageKey": "message", - "stacktraceKey": "stacktrace", - "lineEnding": "", - "levelEncoder": "", - "timeEncoder": "iso8601", - "durationEncoder": "", - "callerEncoder": "" - } - } - - # Log level overrides - # For all components except the queue proxy, - # changes are picked up immediately. - # For queue proxy, changes require recreation of the pods. - loglevel.controller: "info" - loglevel.autoscaler: "info" - loglevel.queueproxy: "info" - loglevel.webhook: "info" - loglevel.activator: "info" - loglevel.hpaautoscaler: "info" - loglevel.net-certmanager-controller: "info" - loglevel.net-istio-controller: "info" - loglevel.net-contour-controller: "info" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-network - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.5" - annotations: - knative.dev/example-checksum: "73d96d1b" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # ingress-class specifies the default ingress class - # to use when not dictated by Route annotation. - # - # If not specified, will use the Istio ingress. - # - # Note that changing the Ingress class of an existing Route - # will result in undefined behavior. Therefore it is best to only - # update this value during the setup of Knative, to avoid getting - # undefined behavior. - ingress-class: "istio.ingress.networking.knative.dev" - - # certificate-class specifies the default Certificate class - # to use when not dictated by Route annotation. - # - # If not specified, will use the Cert-Manager Certificate. - # - # Note that changing the Certificate class of an existing Route - # will result in undefined behavior. Therefore it is best to only - # update this value during the setup of Knative, to avoid getting - # undefined behavior. - certificate-class: "cert-manager.certificate.networking.knative.dev" - - # namespace-wildcard-cert-selector specifies a LabelSelector which - # determines which namespaces should have a wildcard certificate - # provisioned. - # - # Use an empty value to disable the feature (this is the default): - # namespace-wildcard-cert-selector: "" - # - # Use an empty object to enable for all namespaces - # namespace-wildcard-cert-selector: {} - # - # Useful labels include the "kubernetes.io/metadata.name" label to - # avoid provisioning a certifcate for the "kube-system" namespaces. - # Use the following selector to match pre-1.0 behavior of using - # "networking.knative.dev/disableWildcardCert" to exclude namespaces: - # - # matchExpressions: - # - key: "networking.knative.dev/disableWildcardCert" - # operator: "NotIn" - # values: ["true"] - namespace-wildcard-cert-selector: "" - - # domain-template specifies the golang text template string to use - # when constructing the Knative service's DNS name. The default - # value is "{{.Name}}.{{.Namespace}}.{{.Domain}}". - # - # Valid variables defined in the template include Name, Namespace, Domain, - # Labels, and Annotations. Name will be the result of the tagTemplate - # below, if a tag is specified for the route. - # - # Changing this value might be necessary when the extra levels in - # the domain name generated is problematic for wildcard certificates - # that only support a single level of domain name added to the - # certificate's domain. In those cases you might consider using a value - # of "{{.Name}}-{{.Namespace}}.{{.Domain}}", or removing the Namespace - # entirely from the template. When choosing a new value be thoughtful - # of the potential for conflicts - for example, when users choose to use - # characters such as `-` in their service, or namespace, names. - # {{.Annotations}} or {{.Labels}} can be used for any customization in the - # go template if needed. - # We strongly recommend keeping namespace part of the template to avoid - # domain name clashes: - # eg. '{{.Name}}-{{.Namespace}}.{{ index .Annotations "sub"}}.{{.Domain}}' - # and you have an annotation {"sub":"foo"}, then the generated template - # would be {Name}-{Namespace}.foo.{Domain} - domain-template: "{{.Name}}.{{.Namespace}}.{{.Domain}}" - - # tagTemplate specifies the golang text template string to use - # when constructing the DNS name for "tags" within the traffic blocks - # of Routes and Configuration. This is used in conjunction with the - # domainTemplate above to determine the full URL for the tag. - tag-template: "{{.Tag}}-{{.Name}}" - - # Controls whether TLS certificates are automatically provisioned and - # installed in the Knative ingress to terminate external TLS connection. - # 1. Enabled: enabling auto-TLS feature. - # 2. Disabled: disabling auto-TLS feature. - auto-tls: "Disabled" - - # Controls the behavior of the HTTP endpoint for the Knative ingress. - # It requires autoTLS to be enabled. - # 1. Enabled: The Knative ingress will be able to serve HTTP connection. - # 2. Redirected: The Knative ingress will send a 301 redirect for all - # http connections, asking the clients to use HTTPS. - # - # "Disabled" option is deprecated. - http-protocol: "Enabled" - - # rollout-duration contains the minimal duration in seconds over which the - # Configuration traffic targets are rolled out to the newest revision. - rollout-duration: "0" - - # autocreate-cluster-domain-claims controls whether ClusterDomainClaims should - # be automatically created (and deleted) as needed when DomainMappings are - # reconciled. - # - # If this is "false" (the default), the cluster administrator is - # responsible for creating ClusterDomainClaims and delegating them to - # namespaces via their spec.Namespace field. This setting should be used in - # multitenant environments which need to control which namespace can use a - # particular domain name in a domain mapping. - # - # If this is "true", users are able to associate arbitrary names with their - # services via the DomainMapping feature. - autocreate-cluster-domain-claims: "false" - - # If true, networking plugins can add additional information to deployed - # applications to make their pods directly accessible via their IPs even if mesh is - # enabled and thus direct-addressability is usually not possible. - # Consumers like Knative Serving can use this setting to adjust their behavior - # accordingly, i.e. to drop fallback solutions for non-pod-addressable systems. - # - # NOTE: This flag is in an alpha state and is mostly here to enable internal testing - # for now. Use with caution. - enable-mesh-pod-addressability: "false" - - # mesh-compatibility-mode indicates whether consumers of network plugins - # should directly contact Pod IPs (most efficient), or should use the - # Cluster IP (less efficient, needed when mesh is enabled unless - # `enable-mesh-pod-addressability`, above, is set). - # Permitted values are: - # - "auto" (default): automatically determine which mesh mode to use by trying Pod IP and falling back to Cluster IP as needed. - # - "enabled": always use Cluster IP and do not attempt to use Pod IPs. - # - "disabled": always use Pod IPs and do not fall back to Cluster IP on failure. - mesh-compatibility-mode: "auto" - - # Defines the scheme used for external URLs if autoTLS is not enabled. - # This can be used for making Knative report all URLs as "HTTPS" for example, if you're - # fronting Knative with an external loadbalancer that deals with TLS termination and - # Knative doesn't know about that otherwise. - default-external-scheme: "http" - - # internal-encryption indicates whether internal traffic is encrypted or not. - # If this is "true", the following traffic are encrypted: - # - ingress to activator - # - ingress to queue-proxy - # - activator to queue-proxy - # - # NOTE: This flag is in an alpha state and is mostly here to enable internal testing - # for now. Use with caution. - internal-encryption: "false" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-observability - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: observability - app.kubernetes.io/version: "1.10.5" - annotations: - knative.dev/example-checksum: "fed4756e" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # logging.enable-var-log-collection defaults to false. - # The fluentd daemon set will be set up to collect /var/log if - # this flag is true. - logging.enable-var-log-collection: "false" - - # logging.revision-url-template provides a template to use for producing the - # logging URL that is injected into the status of each Revision. - logging.revision-url-template: "http://logging.example.com/?revisionUID=${REVISION_UID}" - - # If non-empty, this enables queue proxy writing user request logs to stdout, excluding probe - # requests. - # NB: after 0.18 release logging.enable-request-log must be explicitly set to true - # in order for request logging to be enabled. - # - # The value determines the shape of the request logs and it must be a valid go text/template. - # It is important to keep this as a single line. Multiple lines are parsed as separate entities - # by most collection agents and will split the request logs into multiple records. - # - # The following fields and functions are available to the template: - # - # Request: An http.Request (see https://golang.org/pkg/net/http/#Request) - # representing an HTTP request received by the server. - # - # Response: - # struct { - # Code int // HTTP status code (see https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml) - # Size int // An int representing the size of the response. - # Latency float64 // A float64 representing the latency of the response in seconds. - # } - # - # Revision: - # struct { - # Name string // Knative revision name - # Namespace string // Knative revision namespace - # Service string // Knative service name - # Configuration string // Knative configuration name - # PodName string // Name of the pod hosting the revision - # PodIP string // IP of the pod hosting the revision - # } - # - logging.request-log-template: '{"httpRequest": {"requestMethod": "{{.Request.Method}}", "requestUrl": "{{js .Request.RequestURI}}", "requestSize": "{{.Request.ContentLength}}", "status": {{.Response.Code}}, "responseSize": "{{.Response.Size}}", "userAgent": "{{js .Request.UserAgent}}", "remoteIp": "{{js .Request.RemoteAddr}}", "serverIp": "{{.Revision.PodIP}}", "referer": "{{js .Request.Referer}}", "latency": "{{.Response.Latency}}s", "protocol": "{{.Request.Proto}}"}, "traceId": "{{index .Request.Header "X-B3-Traceid"}}"}' - - # If true, the request logging will be enabled. - # NB: up to and including Knative version 0.18 if logging.request-log-template is non-empty, this value - # will be ignored. - logging.enable-request-log: "false" - - # If true, this enables queue proxy writing request logs for probe requests to stdout. - # It uses the same template for user requests, i.e. logging.request-log-template. - logging.enable-probe-request-log: "false" - - # metrics.backend-destination field specifies the system metrics destination. - # It supports either prometheus (the default) or opencensus. - metrics.backend-destination: prometheus - - # metrics.request-metrics-backend-destination specifies the request metrics - # destination. It enables queue proxy to send request metrics. - # Currently supported values: prometheus (the default), opencensus. - metrics.request-metrics-backend-destination: prometheus - - # profiling.enable indicates whether it is allowed to retrieve runtime profiling data from - # the pods via an HTTP server in the format expected by the pprof visualization tool. When - # enabled, the Knative Serving pods expose the profiling data on an alternate HTTP port 8008. - # The HTTP context root for profiling is then /debug/pprof/. - profiling.enable: "false" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-tracing - namespace: knative-serving - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: tracing - app.kubernetes.io/version: "1.10.5" - annotations: - knative.dev/example-checksum: "26614636" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - # - # This may be "zipkin" or "none" (default) - backend: "none" - - # URL to zipkin collector where traces are sent. - # This must be specified when backend is "zipkin" - zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans" - - # Enable zipkin debug mode. This allows all spans to be sent to the server - # bypassing sampling. - debug: "false" - - # Percentage (0-1) of requests to trace - sample-rate: "0.1" - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: activator - namespace: knative-serving - labels: - app.kubernetes.io/component: activator - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" -spec: - minReplicas: 1 - maxReplicas: 20 - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: activator - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - # Percentage of the requested CPU - averageUtilization: 100 ---- -# Activator PDB. Currently we permit unavailability of 20% of tasks at the same time. -# Given the subsetting and that the activators are partially stateful systems, we want -# a slow rollout of the new versions and slow migration during node upgrades. -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: activator-pdb - namespace: knative-serving - labels: - app.kubernetes.io/component: activator - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" -spec: - minAvailable: 80% - selector: - matchLabels: - app: activator - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: activator - namespace: knative-serving - labels: - app.kubernetes.io/component: activator - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-serving -spec: - selector: - matchLabels: - app: activator - role: activator - template: - metadata: - labels: - app: activator - role: activator - app.kubernetes.io/component: activator - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" - spec: - serviceAccountName: controller - containers: - - name: activator - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/activator@sha256:e07f7aeeef1b0559e11e0f3ce81c0b7f412faabb0c346a00577785f399a0f41b - # The numbers are based on performance test results from - # https://github.com/knative/serving/issues/1625#issuecomment-511930023 - resources: - requests: - cpu: 300m - memory: 60Mi - limits: - cpu: 1000m - memory: 600Mi - env: - # Run Activator with GC collection when newly generated memory is 500%. - - name: GOGC - value: "500" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/internal/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: http1 - containerPort: 8012 - - name: h2c - containerPort: 8013 - readinessProbe: - httpGet: - port: 8012 - httpHeaders: - - name: k-kubelet-probe - value: "activator" - periodSeconds: 5 - failureThreshold: 5 - livenessProbe: - httpGet: - port: 8012 - httpHeaders: - - name: k-kubelet-probe - value: "activator" - periodSeconds: 10 - failureThreshold: 12 - initialDelaySeconds: 15 - # The activator (often) sits on the dataplane, and may proxy long (e.g. - # streaming, websockets) requests. We give a long grace period for the - # activator to "lame duck" and drain outstanding requests before we - # forcibly terminate the pod (and outstanding connections). This value - # should be at least as large as the upper bound on the Revision's - # timeoutSeconds property to avoid servicing events disrupting - # connections. - terminationGracePeriodSeconds: 600 ---- -apiVersion: v1 -kind: Service -metadata: - name: activator-service - namespace: knative-serving - labels: - app: activator - app.kubernetes.io/component: activator - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-serving -spec: - selector: - app: activator - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: http - port: 80 - targetPort: 8012 - - name: http2 - port: 81 - targetPort: 8013 - - name: https - port: 443 - targetPort: 8112 - type: ClusterIP - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: autoscaler - namespace: knative-serving - labels: - app.kubernetes.io/component: autoscaler - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" -spec: - replicas: 1 - selector: - matchLabels: - app: autoscaler - strategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 0 - template: - metadata: - labels: - app: autoscaler - app.kubernetes.io/component: autoscaler - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: autoscaler - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: autoscaler - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler@sha256:786e8f654df537cc8382892022c6c49cb92d0a514b782cbf97067d9c263e60ce - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 1000m - memory: 1000Mi - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: websocket - containerPort: 8080 - readinessProbe: - httpGet: - port: 8080 - httpHeaders: - - name: k-kubelet-probe - value: "autoscaler" - livenessProbe: - httpGet: - port: 8080 - httpHeaders: - - name: k-kubelet-probe - value: "autoscaler" - failureThreshold: 6 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: autoscaler - app.kubernetes.io/component: autoscaler - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" - name: autoscaler - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: http - port: 8080 - targetPort: 8080 - selector: - app: autoscaler - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller - namespace: knative-serving - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" -spec: - selector: - matchLabels: - app: controller - template: - metadata: - labels: - app: controller - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: controller - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: controller - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/controller@sha256:f693c0d53736b9c02ece191cb0aa5e86af8c59eeb0b648c0349fcb7acb9944f0 - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 1000m - memory: 1000Mi - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/internal/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - livenessProbe: - httpGet: - path: /health - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 6 - readinessProbe: - httpGet: - path: /readiness - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 3 - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: probes - containerPort: 8080 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: controller - app.kubernetes.io/component: controller - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" - name: controller - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - selector: - app: controller - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: domain-mapping - namespace: knative-serving - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" -spec: - selector: - matchLabels: - app: domain-mapping - template: - metadata: - labels: - app: domain-mapping - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: domain-mapping - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: domain-mapping - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping@sha256:c03196b569186cf96d3bb2ab3948e58e9b297d362912fc210ec24eb358abc4d6 - resources: - requests: - cpu: 30m - memory: 40Mi - limits: - cpu: 300m - memory: 400Mi - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - livenessProbe: - httpGet: - path: /health - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 6 - readinessProbe: - httpGet: - path: /readiness - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 3 - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: probes - containerPort: 8080 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: domainmapping-webhook - namespace: knative-serving - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" -spec: - selector: - matchLabels: - app: domainmapping-webhook - role: domainmapping-webhook - template: - metadata: - labels: - app: domainmapping-webhook - role: domainmapping-webhook - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: domainmapping-webhook - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: domainmapping-webhook - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping-webhook@sha256:a03c8eb54c7ead30079c267217d911f01610e36d54c9433ec07b116ab9fa18ff - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 500m - memory: 500Mi - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: WEBHOOK_PORT - value: "8443" - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: https-webhook - containerPort: 8443 - readinessProbe: - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - livenessProbe: - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - failureThreshold: 6 - initialDelaySeconds: 20 - # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently - # high value that we respect whatever value it has configured for the lame duck grace period. - terminationGracePeriodSeconds: 300 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - role: domainmapping-webhook - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" - name: domainmapping-webhook - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: https-webhook - port: 443 - targetPort: 8443 - selector: - app: domainmapping-webhook - role: domainmapping-webhook - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: webhook - namespace: knative-serving - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" -spec: - minReplicas: 1 - maxReplicas: 5 - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: webhook - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - # Percentage of the requested CPU - averageUtilization: 100 ---- -# Webhook PDB. -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: webhook-pdb - namespace: knative-serving - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" -spec: - minAvailable: 80% - selector: - matchLabels: - app: webhook - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: webhook - namespace: knative-serving - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-serving -spec: - selector: - matchLabels: - app: webhook - role: webhook - template: - metadata: - labels: - app: webhook - role: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-serving - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: webhook - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: webhook - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/webhook@sha256:bbb7143c00e20ba65efbc44ac2d8c7c6c3efe469ab848efbc1b9fa44d19e82fd - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 500m - memory: 500Mi - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: WEBHOOK_NAME - value: webhook - - name: WEBHOOK_PORT - value: "8443" - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/internal/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: https-webhook - containerPort: 8443 - readinessProbe: - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - livenessProbe: - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - failureThreshold: 6 - initialDelaySeconds: 20 - # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently - # high value that we respect whatever value it has configured for the lame duck grace period. - terminationGracePeriodSeconds: 300 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - role: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/version: "1.10.5" - app.kubernetes.io/name: knative-serving - name: webhook - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: https-webhook - port: 443 - targetPort: 8443 - selector: - app: webhook - role: webhook - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: config.webhook.serving.knative.dev - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: config.webhook.serving.knative.dev - objectSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: ["knative-serving"] - - key: app.kubernetes.io/component - operator: In - values: ["autoscaler", "controller", "logging", "networking", "observability", "tracing"] - timeoutSeconds: 10 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: webhook.serving.knative.dev - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: webhook.serving.knative.dev - timeoutSeconds: 10 - rules: - - apiGroups: - - autoscaling.internal.knative.dev - - networking.internal.knative.dev - - serving.knative.dev - apiVersions: - - "*" - operations: - - CREATE - - UPDATE - scope: "*" - resources: - - metrics - - podautoscalers - - certificates - - ingresses - - serverlessservices - - configurations - - revisions - - routes - - services - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: webhook.domainmapping.serving.knative.dev - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: domainmapping-webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: webhook.domainmapping.serving.knative.dev - timeoutSeconds: 10 - rules: - - apiGroups: - - serving.knative.dev - apiVersions: - - "*" - operations: - - CREATE - - UPDATE - scope: "*" - resources: - - domainmappings - - domainmappings/status - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: domainmapping-webhook-certs - namespace: knative-serving - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" -# The data is populated at install time. - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validation.webhook.domainmapping.serving.knative.dev - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: domainmapping-webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: validation.webhook.domainmapping.serving.knative.dev - timeoutSeconds: 10 - rules: - - apiGroups: - - serving.knative.dev - apiVersions: - - "*" - operations: - - CREATE - - UPDATE - - DELETE - scope: "*" - resources: - - domainmappings - - domainmappings/status - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validation.webhook.serving.knative.dev - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: validation.webhook.serving.knative.dev - timeoutSeconds: 10 - rules: - - apiGroups: - - autoscaling.internal.knative.dev - - networking.internal.knative.dev - - serving.knative.dev - apiVersions: - - "*" - operations: - - CREATE - - UPDATE - - DELETE - scope: "*" - resources: - - metrics - - podautoscalers - - certificates - - ingresses - - serverlessservices - - configurations - - revisions - - routes - - services - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: webhook-certs - namespace: knative-serving - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" -# The data is populated at install time. - ---- diff --git a/cmd/operator/kodata/knative-serving/1.10.5/3-serving-hpa.yaml b/cmd/operator/kodata/knative-serving/1.10.5/3-serving-hpa.yaml deleted file mode 100644 index ec50030fd1..0000000000 --- a/cmd/operator/kodata/knative-serving/1.10.5/3-serving-hpa.yaml +++ /dev/null @@ -1,126 +0,0 @@ -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: autoscaler-hpa - namespace: knative-serving - labels: - autoscaling.knative.dev/autoscaler-provider: hpa - app.kubernetes.io/component: autoscaler-hpa - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" -spec: - selector: - matchLabels: - app: autoscaler-hpa - template: - metadata: - labels: - app: autoscaler-hpa - app.kubernetes.io/component: autoscaler-hpa - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: autoscaler-hpa - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: autoscaler-hpa - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler-hpa@sha256:1e006700a77b874fa7d6de951980929061c96449de5c71e3d07a78e187b8a8c6 - resources: - requests: - cpu: 30m - memory: 40Mi - limits: - cpu: 300m - memory: 400Mi - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - livenessProbe: - httpGet: - path: /health - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 5 - readinessProbe: - httpGet: - path: /readiness - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 5 - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: probes - containerPort: 8080 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: autoscaler-hpa - autoscaling.knative.dev/autoscaler-provider: hpa - app.kubernetes.io/component: autoscaler-hpa - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.5" - name: autoscaler-hpa - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - selector: - app: autoscaler-hpa - ---- diff --git a/cmd/operator/kodata/knative-serving/1.10.5/4-serving-post-install-jobs.yaml b/cmd/operator/kodata/knative-serving/1.10.5/4-serving-post-install-jobs.yaml deleted file mode 100644 index 05d7fe446c..0000000000 --- a/cmd/operator/kodata/knative-serving/1.10.5/4-serving-post-install-jobs.yaml +++ /dev/null @@ -1,70 +0,0 @@ - ---- -# /tmp/knative.e6esI1Gn/tmp.B4U7eWlk21/serving-storage-version-migration.yaml -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: batch/v1 -kind: Job -metadata: - generateName: storage-version-migration-serving- - namespace: knative-serving - labels: - app: storage-version-migration-serving - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: storage-version-migration-job - app.kubernetes.io/version: "1.10.5" -spec: - ttlSecondsAfterFinished: 600 - backoffLimit: 10 - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - labels: - app: storage-version-migration-serving - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: storage-version-migration-job - app.kubernetes.io/version: "1.10.5" - spec: - serviceAccountName: controller - restartPolicy: OnFailure - containers: - - name: migrate - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:52fadc7843c5f31d96b83ca5b81d6e82a2fb10c82a808341fed8fea7b5b83254 - args: - - "services.serving.knative.dev" - - "configurations.serving.knative.dev" - - "revisions.serving.knative.dev" - - "routes.serving.knative.dev" - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 1000m - memory: 1000Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ---- diff --git a/cmd/operator/kodata/knative-serving/1.10.6/1-serving-crds.yaml b/cmd/operator/kodata/knative-serving/1.10.6/1-serving-crds.yaml deleted file mode 100644 index 288655ad0f..0000000000 --- a/cmd/operator/kodata/knative-serving/1.10.6/1-serving-crds.yaml +++ /dev/null @@ -1,4260 +0,0 @@ -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: certificates.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.6" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Certificate is responsible for provisioning a SSL certificate for the given hosts. It is a Knative abstraction for various SSL certificate provisioning solutions (such as cert-manager or self-signed SSL certificate). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the Certificate. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - dnsNames - - secretName - properties: - dnsNames: - description: DNSNames is a list of DNS names the Certificate could support. The wildcard format of DNSNames (e.g. *.default.example.com) is supported. - type: array - items: - type: string - domain: - description: Domain is the top level domain of the values for DNSNames. - type: string - secretName: - description: SecretName is the name of the secret resource to store the SSL certificate in. - type: string - status: - description: 'Status is the current state of the Certificate. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - http01Challenges: - description: HTTP01Challenges is a list of HTTP01 challenges that need to be fulfilled in order to get the TLS certificate.. - type: array - items: - description: HTTP01Challenge defines the status of a HTTP01 challenge that a certificate needs to fulfill. - type: object - properties: - serviceName: - description: ServiceName is the name of the service to serve HTTP01 challenge requests. - type: string - serviceNamespace: - description: ServiceNamespace is the namespace of the service to serve HTTP01 challenge requests. - type: string - servicePort: - description: ServicePort is the port of the service to serve HTTP01 challenge requests. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - url: - description: URL is the URL that the HTTP01 challenge is expected to serve on. - type: string - notAfter: - description: The expiration time of the TLS certificate stored in the secret named by this resource in spec.secretName. - type: string - format: date-time - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Certificate - plural: certificates - singular: certificate - categories: - - knative-internal - - networking - shortNames: - - kcert - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: configurations.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" - knative.dev/crd-install: "true" - duck.knative.dev/podspecable: "true" -spec: - group: serving.knative.dev - names: - kind: Configuration - plural: configurations - singular: configuration - categories: - - all - - knative - - serving - shortNames: - - config - - cfg - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: LatestCreated - type: string - jsonPath: .status.latestCreatedRevisionName - - name: LatestReady - type: string - jsonPath: .status.latestReadyRevisionName - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'Configuration represents the "floating HEAD" of a linear history of Revisions. Users create new Revisions by updating the Configuration''s spec. The "latest created" revision''s name is available under status, as is the "latest ready" revision''s name. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#configuration' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConfigurationSpec holds the desired state of the Configuration (from the client). - type: object - properties: - template: - description: Template holds the latest specification for the Revision to be stamped out. - type: object - properties: - metadata: - type: object - properties: - annotations: - type: object - additionalProperties: - type: string - finalizers: - type: array - items: - type: string - labels: - type: object - additionalProperties: - type: string - name: - type: string - namespace: - type: string - x-kubernetes-preserve-unknown-fields: true - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - status: - description: ConfigurationStatus communicates the observed state of the Configuration (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - latestCreatedRevisionName: - description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. - type: string - latestReadyRevisionName: - description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterdomainclaims.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.6" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: ClusterDomainClaim is a cluster-wide reservation for a particular domain name. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the ClusterDomainClaim. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - namespace - properties: - namespace: - description: Namespace is the namespace which is allowed to create a DomainMapping using this ClusterDomainClaim's name. - type: string - names: - kind: ClusterDomainClaim - plural: clusterdomainclaims - singular: clusterdomainclaim - categories: - - knative-internal - - networking - shortNames: - - cdc - scope: Cluster - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: domainmappings.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" - knative.dev/crd-install: "true" -spec: - group: serving.knative.dev - versions: - - name: v1beta1 - served: true - storage: false - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - "schema": - "openAPIV3Schema": - description: DomainMapping is a mapping from a custom hostname to an Addressable. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - ref - properties: - ref: - description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." - type: object - required: - - kind - - name - properties: - address: - description: Address points to a specific Address Name. - type: string - apiVersion: - description: API version of the referent. - type: string - group: - description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - tls: - description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. - type: object - required: - - secretName - properties: - secretName: - description: SecretName is the name of the existing secret used to terminate TLS traffic. - type: string - status: - description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - address: - description: Address holds the information needed for a DomainMapping to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - url: - description: URL is the URL of this DomainMapping. - type: string - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: DomainMapping is a mapping from a custom hostname to an Addressable. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - ref - properties: - ref: - description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." - type: object - required: - - kind - - name - properties: - address: - description: Address points to a specific Address Name. - type: string - apiVersion: - description: API version of the referent. - type: string - group: - description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - tls: - description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. - type: object - required: - - secretName - properties: - secretName: - description: SecretName is the name of the existing secret used to terminate TLS traffic. - type: string - status: - description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - address: - description: Address holds the information needed for a DomainMapping to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - url: - description: URL is the URL of this DomainMapping. - type: string - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: DomainMapping - plural: domainmappings - singular: domainmapping - categories: - - all - - knative - - serving - shortNames: - - dm - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ingresses.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.6" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: "Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable URLs, load balance traffic, offer name based virtual hosting, etc. \n This is heavily based on K8s Ingress https://godoc.org/k8s.io/api/networking/v1beta1#Ingress which some highlighted modifications." - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the Ingress. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - httpOption: - description: 'HTTPOption is the option of HTTP. It has the following two values: `HTTPOptionEnabled`, `HTTPOptionRedirected`' - type: string - rules: - description: A list of host rules used to configure the Ingress. - type: array - items: - description: IngressRule represents the rules mapping the paths under a specified host to the related backend services. Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching IngressRuleValue. - type: object - properties: - hosts: - description: 'Host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the "host" part of the URI as defined in the RFC: 1. IPs are not allowed. Currently a rule value can only apply to the IP in the Spec of the parent . 2. The `:` delimiter is not respected because ports are not allowed. Currently the port of an Ingress is implicitly :80 for http and :443 for https. Both these may change in the future. If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue. If multiple matching Hosts were provided, the first rule will take precedent.' - type: array - items: - type: string - http: - description: HTTP represents a rule to apply against incoming requests. If the rule is satisfied, the request is routed to the specified backend. - type: object - required: - - paths - properties: - paths: - description: "A collection of paths that map requests to backends. \n If they are multiple matching paths, the first match takes precedence." - type: array - items: - description: HTTPIngressPath associates a path regex with a backend. Incoming URLs matching the path are forwarded to the backend. - type: object - required: - - splits - properties: - appendHeaders: - description: "AppendHeaders allow specifying additional HTTP headers to add before forwarding a request to the destination service. \n NOTE: This differs from K8s Ingress which doesn't allow header appending." - type: object - additionalProperties: - type: string - headers: - description: Headers defines header matching rules which is a map from a header name to HeaderMatch which specify a matching condition. When a request matched with all the header matching rules, the request is routed by the corresponding ingress rule. If it is empty, the headers are not used for matching - type: object - additionalProperties: - description: HeaderMatch represents a matching value of Headers in HTTPIngressPath. Currently, only the exact matching is supported. - type: object - required: - - exact - properties: - exact: - type: string - path: - description: Path represents a literal prefix to which this rule should apply. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/'. If unspecified, the path defaults to a catch all sending traffic to the backend. - type: string - rewriteHost: - description: "RewriteHost rewrites the incoming request's host header. \n This field is currently experimental and not supported by all Ingress implementations." - type: string - splits: - description: Splits defines the referenced service endpoints to which the traffic will be forwarded to. - type: array - items: - description: IngressBackendSplit describes all endpoints for a given service and port. - type: object - required: - - serviceName - - serviceNamespace - - servicePort - properties: - appendHeaders: - description: "AppendHeaders allow specifying additional HTTP headers to add before forwarding a request to the destination service. \n NOTE: This differs from K8s Ingress which doesn't allow header appending." - type: object - additionalProperties: - type: string - percent: - description: "Specifies the split percentage, a number between 0 and 100. If only one split is specified, we default to 100. \n NOTE: This differs from K8s Ingress to allow percentage split." - type: integer - serviceName: - description: Specifies the name of the referenced service. - type: string - serviceNamespace: - description: "Specifies the namespace of the referenced service. \n NOTE: This differs from K8s Ingress to allow routing to different namespaces." - type: string - servicePort: - description: Specifies the port of the referenced service. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - visibility: - description: Visibility signifies whether this rule should `ClusterLocal`. If it's not specified then it defaults to `ExternalIP`. - type: string - tls: - description: 'TLS configuration. Currently Ingress only supports a single TLS port: 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI.' - type: array - items: - description: IngressTLS describes the transport layer security associated with an Ingress. - type: object - properties: - hosts: - description: Hosts is a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified. - type: array - items: - type: string - secretName: - description: SecretName is the name of the secret used to terminate SSL traffic. - type: string - secretNamespace: - description: SecretNamespace is the namespace of the secret used to terminate SSL traffic. If not set the namespace should be assumed to be the same as the Ingress. If set the secret should have the same namespace as the Ingress otherwise the behaviour is undefined and not supported. - type: string - status: - description: 'Status is the current state of the Ingress. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - privateLoadBalancer: - description: PrivateLoadBalancer contains the current status of the load-balancer. - type: object - properties: - ingress: - description: Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points. - type: array - items: - description: 'LoadBalancerIngressStatus represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.' - type: object - properties: - domain: - description: Domain is set for load-balancer ingress points that are DNS based (typically AWS load-balancers) - type: string - domainInternal: - description: "DomainInternal is set if there is a cluster-local DNS name to access the Ingress. \n NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local DNS name to allow routing in case of not having a mesh." - type: string - ip: - description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers) - type: string - meshOnly: - description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. - type: boolean - publicLoadBalancer: - description: PublicLoadBalancer contains the current status of the load-balancer. - type: object - properties: - ingress: - description: Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points. - type: array - items: - description: 'LoadBalancerIngressStatus represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.' - type: object - properties: - domain: - description: Domain is set for load-balancer ingress points that are DNS based (typically AWS load-balancers) - type: string - domainInternal: - description: "DomainInternal is set if there is a cluster-local DNS name to access the Ingress. \n NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local DNS name to allow routing in case of not having a mesh." - type: string - ip: - description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers) - type: string - meshOnly: - description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. - type: boolean - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: Ingress - plural: ingresses - singular: ingress - categories: - - knative-internal - - networking - shortNames: - - kingress - - king - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: metrics.autoscaling.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" - knative.dev/crd-install: "true" -spec: - group: autoscaling.internal.knative.dev - names: - kind: Metric - plural: metrics - singular: metric - categories: - - knative-internal - - autoscaling - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: Metric represents a resource to configure the metric collector with. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Metric (from the client). - type: object - required: - - panicWindow - - scrapeTarget - - stableWindow - properties: - panicWindow: - description: PanicWindow is the aggregation window for metrics where quick reactions are needed. - type: integer - format: int64 - scrapeTarget: - description: ScrapeTarget is the K8s service that publishes the metric endpoint. - type: string - stableWindow: - description: StableWindow is the aggregation window for metrics in a stable state. - type: integer - format: int64 - status: - description: Status communicates the observed state of the Metric (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: podautoscalers.autoscaling.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" - knative.dev/crd-install: "true" -spec: - group: autoscaling.internal.knative.dev - names: - kind: PodAutoscaler - plural: podautoscalers - singular: podautoscaler - categories: - - knative-internal - - autoscaling - shortNames: - - kpa - - pa - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: DesiredScale - type: integer - jsonPath: ".status.desiredScale" - - name: ActualScale - type: integer - jsonPath: ".status.actualScale" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'PodAutoscaler is a Knative abstraction that encapsulates the interface by which Knative components instantiate autoscalers. This definition is an abstraction that may be backed by multiple definitions. For more information, see the Knative Pluggability presentation: https://docs.google.com/presentation/d/19vW9HFZ6Puxt31biNZF3uLRejDmu82rxJIk1cWmxF7w/edit' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the PodAutoscaler (from the client). - type: object - required: - - protocolType - - scaleTargetRef - properties: - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means unlimited concurrency. - type: integer - format: int64 - protocolType: - description: The application-layer protocol. Matches `ProtocolType` inferred from the revision spec. - type: string - reachability: - description: Reachability specifies whether or not the `ScaleTargetRef` can be reached (ie. has a route). Defaults to `ReachabilityUnknown` - type: string - scaleTargetRef: - description: ScaleTargetRef defines the /scale-able resource that this PodAutoscaler is responsible for quickly right-sizing. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - x-kubernetes-map-type: atomic - status: - description: Status communicates the observed state of the PodAutoscaler (from the controller). - type: object - required: - - metricsServiceName - - serviceName - properties: - actualScale: - description: ActualScale shows the actual number of replicas for the revision. - type: integer - format: int32 - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - desiredScale: - description: DesiredScale shows the current desired number of replicas for the revision. - type: integer - format: int32 - metricsServiceName: - description: MetricsServiceName is the K8s Service name that provides revision metrics. The service is managed by the PA object. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - serviceName: - description: ServiceName is the K8s Service name that serves the revision, scaled by this PA. The service is created and owned by the ServerlessService object owned by this PA. - type: string - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: revisions.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" - knative.dev/crd-install: "true" -spec: - group: serving.knative.dev - names: - kind: Revision - plural: revisions - singular: revision - categories: - - all - - knative - - serving - shortNames: - - rev - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Config Name - type: string - jsonPath: ".metadata.labels['serving\\.knative\\.dev/configuration']" - - name: K8s Service Name - type: string - jsonPath: ".status.serviceName" - - name: Generation - type: string # int in string form :( - jsonPath: ".metadata.labels['serving\\.knative\\.dev/configurationGeneration']" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - name: Actual Replicas - type: integer - jsonPath: ".status.actualReplicas" - - name: Desired Replicas - type: integer - jsonPath: ".status.desiredReplicas" - schema: - openAPIV3Schema: - description: "Revision is an immutable snapshot of code and configuration. A revision references a container image. Revisions are created by updates to a Configuration. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#revision" - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - status: - description: RevisionStatus communicates the observed state of the Revision (from the controller). - type: object - properties: - actualReplicas: - description: ActualReplicas reflects the amount of ready pods running this revision. - type: integer - format: int32 - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - containerStatuses: - description: 'ContainerStatuses is a slice of images present in .Spec.Container[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' - type: array - items: - description: ContainerStatus holds the information of container name and image digest value - type: object - properties: - imageDigest: - type: string - name: - type: string - desiredReplicas: - description: DesiredReplicas reflects the desired amount of pods running this revision. - type: integer - format: int32 - initContainerStatuses: - description: 'InitContainerStatuses is a slice of images present in .Spec.InitContainer[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' - type: array - items: - description: ContainerStatus holds the information of container name and image digest value - type: object - properties: - imageDigest: - type: string - name: - type: string - logUrl: - description: LogURL specifies the generated logging url for this particular revision based on the revision url template specified in the controller's config. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: routes.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" -spec: - group: serving.knative.dev - names: - kind: Route - plural: routes - singular: route - categories: - - all - - knative - - serving - shortNames: - - rt - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: 'Route is responsible for configuring ingress over a collection of Revisions. Some of the Revisions a Route distributes traffic over may be specified by referencing the Configuration responsible for creating them; in these cases the Route is additionally responsible for monitoring the Configuration for "latest ready revision" changes, and smoothly rolling out latest revisions. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#route' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Route (from the client). - type: object - properties: - traffic: - description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - status: - description: Status communicates the observed state of the Route (from the controller). - type: object - properties: - address: - description: Address holds the information needed for a Route to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - traffic: - description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - url: - description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} - type: string - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: serverlessservices.networking.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.6" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: 'ServerlessService is a proxy for the K8s service objects containing the endpoints for the revision, whether those are endpoints of the activator or revision pods. See: https://knative.page.link/naxz for details.' - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the ServerlessService. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - objectRef - - protocolType - properties: - mode: - description: Mode describes the mode of operation of the ServerlessService. - type: string - numActivators: - description: NumActivators contains number of Activators that this revision should be assigned. O means — assign all. - type: integer - format: int32 - objectRef: - description: ObjectRef defines the resource that this ServerlessService is responsible for making "serverless". - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - x-kubernetes-map-type: atomic - protocolType: - description: The application-layer protocol. Matches `RevisionProtocolType` set on the owning pa/revision. serving imports networking, so just use string. - type: string - status: - description: 'Status is the current state of the ServerlessService. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - privateServiceName: - description: PrivateServiceName holds the name of a core K8s Service resource that load balances over the user service pods backing this Revision. - type: string - serviceName: - description: ServiceName holds the name of a core K8s Service resource that load balances over the pods backing this Revision (activator or revision). - type: string - additionalPrinterColumns: - - name: Mode - type: string - jsonPath: ".spec.mode" - - name: Activators - type: integer - jsonPath: ".spec.numActivators" - - name: ServiceName - type: string - jsonPath: ".status.serviceName" - - name: PrivateServiceName - type: string - jsonPath: ".status.privateServiceName" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: ServerlessService - plural: serverlessservices - singular: serverlessservice - categories: - - knative-internal - - networking - shortNames: - - sks - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: services.serving.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - duck.knative.dev/podspecable: "true" -spec: - group: serving.knative.dev - names: - kind: Service - plural: services - singular: service - categories: - - all - - knative - - serving - shortNames: - - kservice - - ksvc - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: LatestCreated - type: string - jsonPath: .status.latestCreatedRevisionName - - name: LatestReady - type: string - jsonPath: .status.latestReadyRevisionName - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - schema: - openAPIV3Schema: - description: "Service acts as a top-level container that manages a Route and Configuration which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership. Service acts only as an orchestrator of the underlying Routes and Configurations (much as a kubernetes Deployment orchestrates ReplicaSets), and its usage is optional but recommended. \n The Service's controller will track the statuses of its owned Configuration and Route, reflecting their statuses and conditions as its own. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#service" - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ServiceSpec represents the configuration for the Service object. A Service's specification is the union of the specifications for a Route and Configuration. The Service restricts what can be expressed in these fields, e.g. the Route must reference the provided Configuration; however, these limitations also enable friendlier defaulting, e.g. Route never needs a Configuration name, and may be defaulted to the appropriate "run latest" spec. - type: object - properties: - template: - description: Template holds the latest specification for the Revision to be stamped out. - type: object - properties: - metadata: - type: object - properties: - annotations: - type: object - additionalProperties: - type: string - finalizers: - type: array - items: - type: string - labels: - type: object - additionalProperties: - type: string - name: - type: string - namespace: - type: string - x-kubernetes-preserve-unknown-fields: true - spec: - description: RevisionSpec holds the desired state of the Revision (from the client). - type: object - required: - - containers - properties: - affinity: - description: This is accessible behind a feature flag - kubernetes.podspec-affinity - type: object - x-kubernetes-preserve-unknown-fields: true - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. - type: integer - format: int64 - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - properties: - args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig - type: object - x-kubernetes-preserve-unknown-fields: true - dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - type: boolean - hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases - type: object - x-kubernetes-preserve-unknown-fields: true - idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. - type: integer - format: int64 - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-init-containers - type: object - x-kubernetes-preserve-unknown-fields: true - nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector - type: object - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-map-type: atomic - priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname - type: string - x-kubernetes-preserve-unknown-fields: true - responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. - type: integer - format: int64 - runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname - type: string - x-kubernetes-preserve-unknown-fields: true - schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername - type: string - x-kubernetes-preserve-unknown-fields: true - securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. - type: integer - format: int64 - tolerations: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations - type: object - x-kubernetes-preserve-unknown-fields: true - topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: array - items: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints - type: object - x-kubernetes-preserve-unknown-fields: true - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - configMap: - description: configMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim - type: object - x-kubernetes-preserve-unknown-fields: true - projected: - description: projected items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: sources is the list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: configMap information about the configMap data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its keys must be defined - type: boolean - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secret: - description: secret information about the secret data to project - type: object - properties: - items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional field specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: path is the path relative to the mount point of the file to project the token into. - type: string - secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: optional field specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - traffic: - description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - status: - description: ServiceStatus represents the Status stanza of the Service resource. - type: object - properties: - address: - description: Address holds the information needed for a Route to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - latestCreatedRevisionName: - description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. - type: string - latestReadyRevisionName: - description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - traffic: - description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. - type: array - items: - description: TrafficTarget holds a single entry of the routing table for a Route. - type: object - properties: - configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. - type: string - latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. - type: boolean - percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' - type: integer - format: int64 - revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. - type: string - tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. - type: string - url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) - type: string - url: - description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} - type: string - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: images.caching.internal.knative.dev - labels: - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" - knative.dev/crd-install: "true" -spec: - group: caching.internal.knative.dev - names: - kind: Image - plural: images - singular: image - categories: - - knative-internal - - caching - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Image is a Knative abstraction that encapsulates the interface by which Knative components express a desire to have a particular image cached. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Image (from the client). - type: object - required: - - image - properties: - image: - description: Image is the name of the container image url to cache across the cluster. - type: string - imagePullSecrets: - description: ImagePullSecrets contains the names of the Kubernetes Secrets containing login information used by the Pods which will run this container. - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - serviceAccountName: - description: 'ServiceAccountName is the name of the Kubernetes ServiceAccount as which the Pods will run this container. This is potentially used to authenticate the image pull if the service account has attached pull secrets. For more information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account' - type: string - status: - description: Status communicates the observed state of the Image (from the controller). - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: Image - type: string - jsonPath: .spec.image - ---- diff --git a/cmd/operator/kodata/knative-serving/1.10.6/3-serving-hpa.yaml b/cmd/operator/kodata/knative-serving/1.10.6/3-serving-hpa.yaml deleted file mode 100644 index 4e0f2c04b3..0000000000 --- a/cmd/operator/kodata/knative-serving/1.10.6/3-serving-hpa.yaml +++ /dev/null @@ -1,126 +0,0 @@ -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: autoscaler-hpa - namespace: knative-serving - labels: - autoscaling.knative.dev/autoscaler-provider: hpa - app.kubernetes.io/component: autoscaler-hpa - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" -spec: - selector: - matchLabels: - app: autoscaler-hpa - template: - metadata: - labels: - app: autoscaler-hpa - app.kubernetes.io/component: autoscaler-hpa - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: autoscaler-hpa - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: autoscaler-hpa - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler-hpa@sha256:cc88ad26363c327a14112bffcf1bb9a550ac342fc8f9839e6ead34a1400851e5 - resources: - requests: - cpu: 30m - memory: 40Mi - limits: - cpu: 300m - memory: 400Mi - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - livenessProbe: - httpGet: - path: /health - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 5 - readinessProbe: - httpGet: - path: /readiness - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 5 - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: probes - containerPort: 8080 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: autoscaler-hpa - autoscaling.knative.dev/autoscaler-provider: hpa - app.kubernetes.io/component: autoscaler-hpa - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" - name: autoscaler-hpa - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - selector: - app: autoscaler-hpa - ---- diff --git a/cmd/operator/kodata/knative-serving/1.10.6/4-serving-post-install-jobs.yaml b/cmd/operator/kodata/knative-serving/1.10.6/4-serving-post-install-jobs.yaml deleted file mode 100644 index 03090efdcc..0000000000 --- a/cmd/operator/kodata/knative-serving/1.10.6/4-serving-post-install-jobs.yaml +++ /dev/null @@ -1,70 +0,0 @@ - ---- -# /tmp/knative.6oPL7DIf/tmp.d2WjSNiKhk/serving-storage-version-migration.yaml -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: batch/v1 -kind: Job -metadata: - generateName: storage-version-migration-serving- - namespace: knative-serving - labels: - app: storage-version-migration-serving - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: storage-version-migration-job - app.kubernetes.io/version: "1.10.6" -spec: - ttlSecondsAfterFinished: 600 - backoffLimit: 10 - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - labels: - app: storage-version-migration-serving - app.kubernetes.io/name: knative-serving - app.kubernetes.io/component: storage-version-migration-job - app.kubernetes.io/version: "1.10.6" - spec: - serviceAccountName: controller - restartPolicy: OnFailure - containers: - - name: migrate - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:055b1d79e4083c01e2c31d76a37cc315ec6e858f14ebad7d6fa3392c17b2d189 - args: - - "services.serving.knative.dev" - - "configurations.serving.knative.dev" - - "revisions.serving.knative.dev" - - "routes.serving.knative.dev" - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 1000m - memory: 1000Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ---- diff --git a/cmd/operator/kodata/knative-serving/1.14.0/1-serving-crds.yaml b/cmd/operator/kodata/knative-serving/1.14.0/1-serving-crds.yaml new file mode 100644 index 0000000000..b909a50142 --- /dev/null +++ b/cmd/operator/kodata/knative-serving/1.14.0/1-serving-crds.yaml @@ -0,0 +1,6143 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: certificates.networking.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.14.0" + knative.dev/crd-install: "true" +spec: + group: networking.internal.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: |- + Certificate is responsible for provisioning a SSL certificate for the + given hosts. It is a Knative abstraction for various SSL certificate + provisioning solutions (such as cert-manager or self-signed SSL certificate). + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Spec is the desired state of the Certificate. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + required: + - dnsNames + - secretName + properties: + dnsNames: + description: |- + DNSNames is a list of DNS names the Certificate could support. + The wildcard format of DNSNames (e.g. *.default.example.com) is supported. + type: array + items: + type: string + domain: + description: Domain is the top level domain of the values for DNSNames. + type: string + secretName: + description: SecretName is the name of the secret resource to store the SSL certificate in. + type: string + status: + description: |- + Status is the current state of the Certificate. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + http01Challenges: + description: |- + HTTP01Challenges is a list of HTTP01 challenges that need to be fulfilled + in order to get the TLS certificate.. + type: array + items: + description: |- + HTTP01Challenge defines the status of a HTTP01 challenge that a certificate needs + to fulfill. + type: object + properties: + serviceName: + description: ServiceName is the name of the service to serve HTTP01 challenge requests. + type: string + serviceNamespace: + description: ServiceNamespace is the namespace of the service to serve HTTP01 challenge requests. + type: string + servicePort: + description: ServicePort is the port of the service to serve HTTP01 challenge requests. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + url: + description: URL is the URL that the HTTP01 challenge is expected to serve on. + type: string + notAfter: + description: |- + The expiration time of the TLS certificate stored in the secret named + by this resource in spec.secretName. + type: string + format: date-time + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: Certificate + plural: certificates + singular: certificate + categories: + - knative-internal + - networking + shortNames: + - kcert + scope: Namespaced + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: configurations.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.14.0" + knative.dev/crd-install: "true" + duck.knative.dev/podspecable: "true" +spec: + group: serving.knative.dev + names: + kind: Configuration + plural: configurations + singular: configuration + categories: + - all + - knative + - serving + shortNames: + - config + - cfg + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: LatestCreated + type: string + jsonPath: .status.latestCreatedRevisionName + - name: LatestReady + type: string + jsonPath: .status.latestReadyRevisionName + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: |- + Configuration represents the "floating HEAD" of a linear history of Revisions. + Users create new Revisions by updating the Configuration's spec. + The "latest created" revision's name is available under status, as is the + "latest ready" revision's name. + See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#configuration + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ConfigurationSpec holds the desired state of the Configuration (from the client). + type: object + properties: + template: + description: Template holds the latest specification for the Revision to be stamped out. + type: object + properties: + metadata: + type: object + properties: + annotations: + type: object + additionalProperties: + type: string + finalizers: + type: array + items: + type: string + labels: + type: object + additionalProperties: + type: string + name: + type: string + namespace: + type: string + x-kubernetes-preserve-unknown-fields: true + spec: + description: RevisionSpec holds the desired state of the Revision (from the client). + type: object + required: + - containers + properties: + affinity: + description: This is accessible behind a feature flag - kubernetes.podspec-affinity + type: object + x-kubernetes-preserve-unknown-fields: true + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. + type: boolean + containerConcurrency: + description: |- + ContainerConcurrency specifies the maximum allowed in-flight (concurrent) + requests per container of the Revision. Defaults to `0` which means + concurrency to the application is not limited, and the system decides the + target concurrency for the autoscaler. + type: integer + format: int64 + containers: + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. + type: array + items: + description: A single application container that you want to run within a pod. + type: object + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + fieldRef: + description: This is accessible behind a feature flag - kubernetes.podspec-fieldref + type: object + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-map-type: atomic + resourceFieldRef: + description: This is accessible behind a feature flag - kubernetes.podspec-fieldref + type: object + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: array + items: + description: EnvFromSource represents the source of a set of ConfigMaps + type: object + properties: + configMapRef: + description: The ConfigMap to select from + type: object + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + type: object + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + x-kubernetes-map-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies the action to take. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies an action involving a GRPC port. + type: object + required: + - port + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + type: array + items: + description: ContainerPort represents a network port in a single container. + type: object + required: + - containerPort + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + type: integer + format: int32 + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + default: TCP + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies the action to take. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies an action involving a GRPC port. + type: object + required: + - port + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + type: array + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + type: object + required: + - name + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + type: object + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + type: object + properties: + add: + description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + drop: + description: Removed capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + type: object + required: + - type + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + type: array + items: + description: VolumeMount describes a mounting of a Volume within a container. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + dnsConfig: + description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig + type: object + x-kubernetes-preserve-unknown-fields: true + dnsPolicy: + description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy + type: string + enableServiceLinks: + description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' + type: boolean + hostAliases: + description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases + type: object + x-kubernetes-preserve-unknown-fields: true + idleTimeoutSeconds: + description: |- + IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed + to stay open while not receiving any bytes from the user's application. If + unspecified, a system default will be provided. + type: integer + format: int64 + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + type: array + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + type: object + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + x-kubernetes-map-type: atomic + initContainers: + description: |- + List of initialization containers belonging to the pod. + Init containers are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and is handled according + to its restartPolicy. The name for an init container or normal container must be + unique among all containers. + Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. + The resourceRequirements of an init container are taken into account during scheduling + by finding the highest request/limit for each resource type, and then using the max of + of that value or the sum of the normal containers. Limits are applied to init containers + in a similar fashion. + Init containers cannot currently be added or removed. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-init-containers + type: object + x-kubernetes-preserve-unknown-fields: true + nodeSelector: + description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector + type: object + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-map-type: atomic + priorityClassName: + description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname + type: string + x-kubernetes-preserve-unknown-fields: true + responseStartTimeoutSeconds: + description: |- + ResponseStartTimeoutSeconds is the maximum duration in seconds that the request + routing layer will wait for a request delivered to a container to begin + sending any network traffic. + type: integer + format: int64 + runtimeClassName: + description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname + type: string + x-kubernetes-preserve-unknown-fields: true + schedulerName: + description: This is accessible behind a feature flag - kubernetes.podspec-schedulername + type: string + x-kubernetes-preserve-unknown-fields: true + securityContext: + description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext + type: object + x-kubernetes-preserve-unknown-fields: true + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + type: string + shareProcessNamespace: + description: This is accessible behind a feature flag - kubernetes.podspec-shareproccessnamespace + type: boolean + x-kubernetes-preserve-unknown-fields: true + timeoutSeconds: + description: |- + TimeoutSeconds is the maximum duration in seconds that the request instance + is allowed to respond to a request. If unspecified, a system default will + be provided. + type: integer + format: int64 + tolerations: + description: This is accessible behind a feature flag - kubernetes.podspec-tolerations + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-tolerations + type: object + x-kubernetes-preserve-unknown-fields: true + topologySpreadConstraints: + description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints + type: object + x-kubernetes-preserve-unknown-fields: true + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + type: array + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + type: object + required: + - name + properties: + configMap: + description: configMap represents a configMap that should populate this volume + type: object + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + emptyDir: + description: This is accessible behind a feature flag - kubernetes.podspec-emptydir + type: object + x-kubernetes-preserve-unknown-fields: true + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + persistentVolumeClaim: + description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim + type: object + x-kubernetes-preserve-unknown-fields: true + projected: + description: projected items for all in one resources secrets, configmaps, and downward API + type: object + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + sources: + description: sources is the list of volume projections + type: array + items: + description: Projection that may be projected along with other supported volume types + type: object + properties: + configMap: + description: configMap information about the configMap data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI data to project + type: object + properties: + items: + description: Items is a list of DownwardAPIVolume file + type: array + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + type: object + required: + - path + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + x-kubernetes-map-type: atomic + secret: + description: secret information about the secret data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional field specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about the serviceAccountToken data to project + type: object + required: + - path + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + type: integer + format: int64 + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: object + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + optional: + description: optional field specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + status: + description: ConfigurationStatus communicates the observed state of the Configuration (from the controller). + type: object + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + latestCreatedRevisionName: + description: |- + LatestCreatedRevisionName is the last revision that was created from this + Configuration. It might not be ready yet, for that use LatestReadyRevisionName. + type: string + latestReadyRevisionName: + description: |- + LatestReadyRevisionName holds the name of the latest Revision stamped out + from this Configuration that has had its "Ready" condition become "True". + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterdomainclaims.networking.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.14.0" + knative.dev/crd-install: "true" +spec: + group: networking.internal.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: ClusterDomainClaim is a cluster-wide reservation for a particular domain name. + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Spec is the desired state of the ClusterDomainClaim. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + required: + - namespace + properties: + namespace: + description: |- + Namespace is the namespace which is allowed to create a DomainMapping + using this ClusterDomainClaim's name. + type: string + names: + kind: ClusterDomainClaim + plural: clusterdomainclaims + singular: clusterdomainclaim + categories: + - knative-internal + - networking + shortNames: + - cdc + scope: Cluster + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: domainmappings.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.14.0" + knative.dev/crd-install: "true" +spec: + group: serving.knative.dev + versions: + - name: v1beta1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.url + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + "schema": + "openAPIV3Schema": + description: DomainMapping is a mapping from a custom hostname to an Addressable. + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Spec is the desired state of the DomainMapping. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + required: + - ref + properties: + ref: + description: |- + Ref specifies the target of the Domain Mapping. + + + The object identified by the Ref must be an Addressable with a URL of the + form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, + and `{name}` and `{namespace}` are the name and namespace of a Kubernetes + Service. + + + This contract is satisfied by Knative types such as Knative Services and + Knative Routes, and by Kubernetes Services. + type: object + required: + - kind + - name + properties: + address: + description: Address points to a specific Address Name. + type: string + apiVersion: + description: API version of the referent. + type: string + group: + description: |- + Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. + Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086 + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + This is optional field, it gets defaulted to the object holding it if left out. + type: string + tls: + description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. + type: object + required: + - secretName + properties: + secretName: + description: SecretName is the name of the existing secret used to terminate TLS traffic. + type: string + status: + description: |- + Status is the current state of the DomainMapping. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + properties: + address: + description: Address holds the information needed for a DomainMapping to be the target of an event. + type: object + properties: + CACerts: + description: |- + CACerts is the Certification Authority (CA) certificates in PEM format + according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + audience: + description: Audience is the OIDC audience for this address. + type: string + name: + description: Name is the name of the address. + type: string + url: + type: string + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + url: + description: URL is the URL of this DomainMapping. + type: string + names: + kind: DomainMapping + plural: domainmappings + singular: domainmapping + categories: + - all + - knative + - serving + shortNames: + - dm + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: ingresses.networking.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.14.0" + knative.dev/crd-install: "true" +spec: + group: networking.internal.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: |- + Ingress is a collection of rules that allow inbound connections to reach the endpoints defined + by a backend. An Ingress can be configured to give services externally-reachable URLs, load + balance traffic, offer name based virtual hosting, etc. + + + This is heavily based on K8s Ingress https://godoc.org/k8s.io/api/networking/v1beta1#Ingress + which some highlighted modifications. + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Spec is the desired state of the Ingress. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + properties: + httpOption: + description: |- + HTTPOption is the option of HTTP. It has the following two values: + `HTTPOptionEnabled`, `HTTPOptionRedirected` + type: string + rules: + description: A list of host rules used to configure the Ingress. + type: array + items: + description: |- + IngressRule represents the rules mapping the paths under a specified host to + the related backend services. Incoming requests are first evaluated for a host + match, then routed to the backend associated with the matching IngressRuleValue. + type: object + properties: + hosts: + description: |- + Host is the fully qualified domain name of a network host, as defined + by RFC 3986. Note the following deviations from the "host" part of the + URI as defined in the RFC: + 1. IPs are not allowed. Currently a rule value can only apply to the + IP in the Spec of the parent . + 2. The `:` delimiter is not respected because ports are not allowed. + Currently the port of an Ingress is implicitly :80 for http and + :443 for https. + Both these may change in the future. + If the host is unspecified, the Ingress routes all traffic based on the + specified IngressRuleValue. + If multiple matching Hosts were provided, the first rule will take precedent. + type: array + items: + type: string + http: + description: |- + HTTP represents a rule to apply against incoming requests. If the + rule is satisfied, the request is routed to the specified backend. + type: object + required: + - paths + properties: + paths: + description: |- + A collection of paths that map requests to backends. + + + If they are multiple matching paths, the first match takes precedence. + type: array + items: + description: |- + HTTPIngressPath associates a path regex with a backend. Incoming URLs matching + the path are forwarded to the backend. + type: object + required: + - splits + properties: + appendHeaders: + description: |- + AppendHeaders allow specifying additional HTTP headers to add + before forwarding a request to the destination service. + + + NOTE: This differs from K8s Ingress which doesn't allow header appending. + type: object + additionalProperties: + type: string + headers: + description: |- + Headers defines header matching rules which is a map from a header name + to HeaderMatch which specify a matching condition. + When a request matched with all the header matching rules, + the request is routed by the corresponding ingress rule. + If it is empty, the headers are not used for matching + type: object + additionalProperties: + description: |- + HeaderMatch represents a matching value of Headers in HTTPIngressPath. + Currently, only the exact matching is supported. + type: object + required: + - exact + properties: + exact: + type: string + path: + description: |- + Path represents a literal prefix to which this rule should apply. + Currently it can contain characters disallowed from the conventional + "path" part of a URL as defined by RFC 3986. Paths must begin with + a '/'. If unspecified, the path defaults to a catch all sending + traffic to the backend. + type: string + rewriteHost: + description: |- + RewriteHost rewrites the incoming request's host header. + + + This field is currently experimental and not supported by all Ingress + implementations. + type: string + splits: + description: |- + Splits defines the referenced service endpoints to which the traffic + will be forwarded to. + type: array + items: + description: IngressBackendSplit describes all endpoints for a given service and port. + type: object + required: + - serviceName + - serviceNamespace + - servicePort + properties: + appendHeaders: + description: |- + AppendHeaders allow specifying additional HTTP headers to add + before forwarding a request to the destination service. + + + NOTE: This differs from K8s Ingress which doesn't allow header appending. + type: object + additionalProperties: + type: string + percent: + description: |- + Specifies the split percentage, a number between 0 and 100. If + only one split is specified, we default to 100. + + + NOTE: This differs from K8s Ingress to allow percentage split. + type: integer + serviceName: + description: Specifies the name of the referenced service. + type: string + serviceNamespace: + description: |- + Specifies the namespace of the referenced service. + + + NOTE: This differs from K8s Ingress to allow routing to different namespaces. + type: string + servicePort: + description: Specifies the port of the referenced service. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + visibility: + description: |- + Visibility signifies whether this rule should `ClusterLocal`. If it's not + specified then it defaults to `ExternalIP`. + type: string + tls: + description: |- + TLS configuration. Currently Ingress only supports a single TLS + port: 443. If multiple members of this list specify different hosts, they + will be multiplexed on the same port according to the hostname specified + through the SNI TLS extension, if the ingress controller fulfilling the + ingress supports SNI. + type: array + items: + description: IngressTLS describes the transport layer security associated with an Ingress. + type: object + properties: + hosts: + description: |- + Hosts is a list of hosts included in the TLS certificate. The values in + this list must match the name/s used in the tlsSecret. Defaults to the + wildcard host setting for the loadbalancer controller fulfilling this + Ingress, if left unspecified. + type: array + items: + type: string + secretName: + description: SecretName is the name of the secret used to terminate SSL traffic. + type: string + secretNamespace: + description: |- + SecretNamespace is the namespace of the secret used to terminate SSL traffic. + If not set the namespace should be assumed to be the same as the Ingress. + If set the secret should have the same namespace as the Ingress otherwise + the behaviour is undefined and not supported. + type: string + status: + description: |- + Status is the current state of the Ingress. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + privateLoadBalancer: + description: PrivateLoadBalancer contains the current status of the load-balancer. + type: object + properties: + ingress: + description: |- + Ingress is a list containing ingress points for the load-balancer. + Traffic intended for the service should be sent to these ingress points. + type: array + items: + description: |- + LoadBalancerIngressStatus represents the status of a load-balancer ingress point: + traffic intended for the service should be sent to an ingress point. + type: object + properties: + domain: + description: |- + Domain is set for load-balancer ingress points that are DNS based + (typically AWS load-balancers) + type: string + domainInternal: + description: |- + DomainInternal is set if there is a cluster-local DNS name to access the Ingress. + + + NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local + DNS name to allow routing in case of not having a mesh. + type: string + ip: + description: |- + IP is set for load-balancer ingress points that are IP based + (typically GCE or OpenStack load-balancers) + type: string + meshOnly: + description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. + type: boolean + publicLoadBalancer: + description: PublicLoadBalancer contains the current status of the load-balancer. + type: object + properties: + ingress: + description: |- + Ingress is a list containing ingress points for the load-balancer. + Traffic intended for the service should be sent to these ingress points. + type: array + items: + description: |- + LoadBalancerIngressStatus represents the status of a load-balancer ingress point: + traffic intended for the service should be sent to an ingress point. + type: object + properties: + domain: + description: |- + Domain is set for load-balancer ingress points that are DNS based + (typically AWS load-balancers) + type: string + domainInternal: + description: |- + DomainInternal is set if there is a cluster-local DNS name to access the Ingress. + + + NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local + DNS name to allow routing in case of not having a mesh. + type: string + ip: + description: |- + IP is set for load-balancer ingress points that are IP based + (typically GCE or OpenStack load-balancers) + type: string + meshOnly: + description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. + type: boolean + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + names: + kind: Ingress + plural: ingresses + singular: ingress + categories: + - knative-internal + - networking + shortNames: + - kingress + - king + scope: Namespaced + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: metrics.autoscaling.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.14.0" + knative.dev/crd-install: "true" +spec: + group: autoscaling.internal.knative.dev + names: + kind: Metric + plural: metrics + singular: metric + categories: + - knative-internal + - autoscaling + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: Metric represents a resource to configure the metric collector with. + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec holds the desired state of the Metric (from the client). + type: object + required: + - panicWindow + - scrapeTarget + - stableWindow + properties: + panicWindow: + description: PanicWindow is the aggregation window for metrics where quick reactions are needed. + type: integer + format: int64 + scrapeTarget: + description: ScrapeTarget is the K8s service that publishes the metric endpoint. + type: string + stableWindow: + description: StableWindow is the aggregation window for metrics in a stable state. + type: integer + format: int64 + status: + description: Status communicates the observed state of the Metric (from the controller). + type: object + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: podautoscalers.autoscaling.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.14.0" + knative.dev/crd-install: "true" +spec: + group: autoscaling.internal.knative.dev + names: + kind: PodAutoscaler + plural: podautoscalers + singular: podautoscaler + categories: + - knative-internal + - autoscaling + shortNames: + - kpa + - pa + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: DesiredScale + type: integer + jsonPath: ".status.desiredScale" + - name: ActualScale + type: integer + jsonPath: ".status.actualScale" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: |- + PodAutoscaler is a Knative abstraction that encapsulates the interface by which Knative + components instantiate autoscalers. This definition is an abstraction that may be backed + by multiple definitions. For more information, see the Knative Pluggability presentation: + https://docs.google.com/presentation/d/19vW9HFZ6Puxt31biNZF3uLRejDmu82rxJIk1cWmxF7w/edit + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec holds the desired state of the PodAutoscaler (from the client). + type: object + required: + - protocolType + - scaleTargetRef + properties: + containerConcurrency: + description: |- + ContainerConcurrency specifies the maximum allowed + in-flight (concurrent) requests per container of the Revision. + Defaults to `0` which means unlimited concurrency. + type: integer + format: int64 + protocolType: + description: The application-layer protocol. Matches `ProtocolType` inferred from the revision spec. + type: string + reachability: + description: |- + Reachability specifies whether or not the `ScaleTargetRef` can be reached (ie. has a route). + Defaults to `ReachabilityUnknown` + type: string + scaleTargetRef: + description: |- + ScaleTargetRef defines the /scale-able resource that this PodAutoscaler + is responsible for quickly right-sizing. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + x-kubernetes-map-type: atomic + status: + description: Status communicates the observed state of the PodAutoscaler (from the controller). + type: object + required: + - metricsServiceName + - serviceName + properties: + actualScale: + description: ActualScale shows the actual number of replicas for the revision. + type: integer + format: int32 + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + desiredScale: + description: DesiredScale shows the current desired number of replicas for the revision. + type: integer + format: int32 + metricsServiceName: + description: |- + MetricsServiceName is the K8s Service name that provides revision metrics. + The service is managed by the PA object. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + serviceName: + description: |- + ServiceName is the K8s Service name that serves the revision, scaled by this PA. + The service is created and owned by the ServerlessService object owned by this PA. + type: string + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: revisions.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.14.0" + knative.dev/crd-install: "true" +spec: + group: serving.knative.dev + names: + kind: Revision + plural: revisions + singular: revision + categories: + - all + - knative + - serving + shortNames: + - rev + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: Config Name + type: string + jsonPath: ".metadata.labels['serving\\.knative\\.dev/configuration']" + - name: K8s Service Name + type: string + jsonPath: ".status.serviceName" + - name: Generation + type: string # int in string form :( + jsonPath: ".metadata.labels['serving\\.knative\\.dev/configurationGeneration']" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + - name: Actual Replicas + type: integer + jsonPath: ".status.actualReplicas" + - name: Desired Replicas + type: integer + jsonPath: ".status.desiredReplicas" + schema: + openAPIV3Schema: + description: |- + Revision is an immutable snapshot of code and configuration. A revision + references a container image. Revisions are created by updates to a + Configuration. + + + See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#revision + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RevisionSpec holds the desired state of the Revision (from the client). + type: object + required: + - containers + properties: + affinity: + description: This is accessible behind a feature flag - kubernetes.podspec-affinity + type: object + x-kubernetes-preserve-unknown-fields: true + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. + type: boolean + containerConcurrency: + description: |- + ContainerConcurrency specifies the maximum allowed in-flight (concurrent) + requests per container of the Revision. Defaults to `0` which means + concurrency to the application is not limited, and the system decides the + target concurrency for the autoscaler. + type: integer + format: int64 + containers: + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. + type: array + items: + description: A single application container that you want to run within a pod. + type: object + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + fieldRef: + description: This is accessible behind a feature flag - kubernetes.podspec-fieldref + type: object + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-map-type: atomic + resourceFieldRef: + description: This is accessible behind a feature flag - kubernetes.podspec-fieldref + type: object + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: array + items: + description: EnvFromSource represents the source of a set of ConfigMaps + type: object + properties: + configMapRef: + description: The ConfigMap to select from + type: object + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + type: object + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + x-kubernetes-map-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies the action to take. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies an action involving a GRPC port. + type: object + required: + - port + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + type: array + items: + description: ContainerPort represents a network port in a single container. + type: object + required: + - containerPort + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + type: integer + format: int32 + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + default: TCP + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies the action to take. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies an action involving a GRPC port. + type: object + required: + - port + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + type: array + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + type: object + required: + - name + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + type: object + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + type: object + properties: + add: + description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + drop: + description: Removed capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + type: object + required: + - type + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + type: array + items: + description: VolumeMount describes a mounting of a Volume within a container. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + dnsConfig: + description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig + type: object + x-kubernetes-preserve-unknown-fields: true + dnsPolicy: + description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy + type: string + enableServiceLinks: + description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' + type: boolean + hostAliases: + description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases + type: object + x-kubernetes-preserve-unknown-fields: true + idleTimeoutSeconds: + description: |- + IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed + to stay open while not receiving any bytes from the user's application. If + unspecified, a system default will be provided. + type: integer + format: int64 + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + type: array + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + type: object + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + x-kubernetes-map-type: atomic + initContainers: + description: |- + List of initialization containers belonging to the pod. + Init containers are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and is handled according + to its restartPolicy. The name for an init container or normal container must be + unique among all containers. + Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. + The resourceRequirements of an init container are taken into account during scheduling + by finding the highest request/limit for each resource type, and then using the max of + of that value or the sum of the normal containers. Limits are applied to init containers + in a similar fashion. + Init containers cannot currently be added or removed. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-init-containers + type: object + x-kubernetes-preserve-unknown-fields: true + nodeSelector: + description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector + type: object + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-map-type: atomic + priorityClassName: + description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname + type: string + x-kubernetes-preserve-unknown-fields: true + responseStartTimeoutSeconds: + description: |- + ResponseStartTimeoutSeconds is the maximum duration in seconds that the request + routing layer will wait for a request delivered to a container to begin + sending any network traffic. + type: integer + format: int64 + runtimeClassName: + description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname + type: string + x-kubernetes-preserve-unknown-fields: true + schedulerName: + description: This is accessible behind a feature flag - kubernetes.podspec-schedulername + type: string + x-kubernetes-preserve-unknown-fields: true + securityContext: + description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext + type: object + x-kubernetes-preserve-unknown-fields: true + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + type: string + shareProcessNamespace: + description: This is accessible behind a feature flag - kubernetes.podspec-shareproccessnamespace + type: boolean + x-kubernetes-preserve-unknown-fields: true + timeoutSeconds: + description: |- + TimeoutSeconds is the maximum duration in seconds that the request instance + is allowed to respond to a request. If unspecified, a system default will + be provided. + type: integer + format: int64 + tolerations: + description: This is accessible behind a feature flag - kubernetes.podspec-tolerations + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-tolerations + type: object + x-kubernetes-preserve-unknown-fields: true + topologySpreadConstraints: + description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints + type: object + x-kubernetes-preserve-unknown-fields: true + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + type: array + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + type: object + required: + - name + properties: + configMap: + description: configMap represents a configMap that should populate this volume + type: object + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + emptyDir: + description: This is accessible behind a feature flag - kubernetes.podspec-emptydir + type: object + x-kubernetes-preserve-unknown-fields: true + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + persistentVolumeClaim: + description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim + type: object + x-kubernetes-preserve-unknown-fields: true + projected: + description: projected items for all in one resources secrets, configmaps, and downward API + type: object + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + sources: + description: sources is the list of volume projections + type: array + items: + description: Projection that may be projected along with other supported volume types + type: object + properties: + configMap: + description: configMap information about the configMap data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI data to project + type: object + properties: + items: + description: Items is a list of DownwardAPIVolume file + type: array + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + type: object + required: + - path + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + x-kubernetes-map-type: atomic + secret: + description: secret information about the secret data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional field specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about the serviceAccountToken data to project + type: object + required: + - path + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + type: integer + format: int64 + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: object + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + optional: + description: optional field specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + status: + description: RevisionStatus communicates the observed state of the Revision (from the controller). + type: object + properties: + actualReplicas: + description: ActualReplicas reflects the amount of ready pods running this revision. + type: integer + format: int32 + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + containerStatuses: + description: |- + ContainerStatuses is a slice of images present in .Spec.Container[*].Image + to their respective digests and their container name. + The digests are resolved during the creation of Revision. + ContainerStatuses holds the container name and image digests + for both serving and non serving containers. + ref: http://bit.ly/image-digests + type: array + items: + description: ContainerStatus holds the information of container name and image digest value + type: object + properties: + imageDigest: + type: string + name: + type: string + desiredReplicas: + description: DesiredReplicas reflects the desired amount of pods running this revision. + type: integer + format: int32 + initContainerStatuses: + description: |- + InitContainerStatuses is a slice of images present in .Spec.InitContainer[*].Image + to their respective digests and their container name. + The digests are resolved during the creation of Revision. + ContainerStatuses holds the container name and image digests + for both serving and non serving containers. + ref: http://bit.ly/image-digests + type: array + items: + description: ContainerStatus holds the information of container name and image digest value + type: object + properties: + imageDigest: + type: string + name: + type: string + logUrl: + description: |- + LogURL specifies the generated logging url for this particular revision + based on the revision url template specified in the controller's config. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: routes.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.14.0" + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" +spec: + group: serving.knative.dev + names: + kind: Route + plural: routes + singular: route + categories: + - all + - knative + - serving + shortNames: + - rt + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.url + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: |- + Route is responsible for configuring ingress over a collection of Revisions. + Some of the Revisions a Route distributes traffic over may be specified by + referencing the Configuration responsible for creating them; in these cases + the Route is additionally responsible for monitoring the Configuration for + "latest ready revision" changes, and smoothly rolling out latest revisions. + See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#route + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec holds the desired state of the Route (from the client). + type: object + properties: + traffic: + description: |- + Traffic specifies how to distribute traffic over a collection of + revisions and configurations. + type: array + items: + description: TrafficTarget holds a single entry of the routing table for a Route. + type: object + properties: + configurationName: + description: |- + ConfigurationName of a configuration to whose latest revision we will send + this portion of traffic. When the "status.latestReadyRevisionName" of the + referenced configuration changes, we will automatically migrate traffic + from the prior "latest ready" revision to the new one. This field is never + set in Route's status, only its spec. This is mutually exclusive with + RevisionName. + type: string + latestRevision: + description: |- + LatestRevision may be optionally provided to indicate that the latest + ready Revision of the Configuration should be used for this traffic + target. When provided LatestRevision must be true if RevisionName is + empty; it must be false when RevisionName is non-empty. + type: boolean + percent: + description: |- + Percent indicates that percentage based routing should be used and + the value indicates the percent of traffic that is be routed to this + Revision or Configuration. `0` (zero) mean no traffic, `100` means all + traffic. + When percentage based routing is being used the follow rules apply: + - the sum of all percent values must equal 100 + - when not specified, the implied value for `percent` is zero for + that particular Revision or Configuration + type: integer + format: int64 + revisionName: + description: |- + RevisionName of a specific revision to which to send this portion of + traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: |- + Tag is optionally used to expose a dedicated url for referencing + this target exclusively. + type: string + url: + description: |- + URL displays the URL for accessing named traffic targets. URL is displayed in + status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and + a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string + status: + description: Status communicates the observed state of the Route (from the controller). + type: object + properties: + address: + description: Address holds the information needed for a Route to be the target of an event. + type: object + properties: + CACerts: + description: |- + CACerts is the Certification Authority (CA) certificates in PEM format + according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + audience: + description: Audience is the OIDC audience for this address. + type: string + name: + description: Name is the name of the address. + type: string + url: + type: string + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + traffic: + description: |- + Traffic holds the configured traffic distribution. + These entries will always contain RevisionName references. + When ConfigurationName appears in the spec, this will hold the + LatestReadyRevisionName that we last observed. + type: array + items: + description: TrafficTarget holds a single entry of the routing table for a Route. + type: object + properties: + configurationName: + description: |- + ConfigurationName of a configuration to whose latest revision we will send + this portion of traffic. When the "status.latestReadyRevisionName" of the + referenced configuration changes, we will automatically migrate traffic + from the prior "latest ready" revision to the new one. This field is never + set in Route's status, only its spec. This is mutually exclusive with + RevisionName. + type: string + latestRevision: + description: |- + LatestRevision may be optionally provided to indicate that the latest + ready Revision of the Configuration should be used for this traffic + target. When provided LatestRevision must be true if RevisionName is + empty; it must be false when RevisionName is non-empty. + type: boolean + percent: + description: |- + Percent indicates that percentage based routing should be used and + the value indicates the percent of traffic that is be routed to this + Revision or Configuration. `0` (zero) mean no traffic, `100` means all + traffic. + When percentage based routing is being used the follow rules apply: + - the sum of all percent values must equal 100 + - when not specified, the implied value for `percent` is zero for + that particular Revision or Configuration + type: integer + format: int64 + revisionName: + description: |- + RevisionName of a specific revision to which to send this portion of + traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: |- + Tag is optionally used to expose a dedicated url for referencing + this target exclusively. + type: string + url: + description: |- + URL displays the URL for accessing named traffic targets. URL is displayed in + status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and + a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string + url: + description: |- + URL holds the url that will distribute traffic over the provided traffic targets. + It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} + type: string + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: serverlessservices.networking.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.14.0" + knative.dev/crd-install: "true" +spec: + group: networking.internal.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: |- + ServerlessService is a proxy for the K8s service objects containing the + endpoints for the revision, whether those are endpoints of the activator or + revision pods. + See: https://knative.page.link/naxz for details. + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Spec is the desired state of the ServerlessService. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + required: + - objectRef + - protocolType + properties: + mode: + description: Mode describes the mode of operation of the ServerlessService. + type: string + numActivators: + description: |- + NumActivators contains number of Activators that this revision should be + assigned. + O means — assign all. + type: integer + format: int32 + objectRef: + description: |- + ObjectRef defines the resource that this ServerlessService + is responsible for making "serverless". + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + x-kubernetes-map-type: atomic + protocolType: + description: |- + The application-layer protocol. Matches `RevisionProtocolType` set on the owning pa/revision. + serving imports networking, so just use string. + type: string + status: + description: |- + Status is the current state of the ServerlessService. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + privateServiceName: + description: |- + PrivateServiceName holds the name of a core K8s Service resource that + load balances over the user service pods backing this Revision. + type: string + serviceName: + description: |- + ServiceName holds the name of a core K8s Service resource that + load balances over the pods backing this Revision (activator or revision). + type: string + additionalPrinterColumns: + - name: Mode + type: string + jsonPath: ".spec.mode" + - name: Activators + type: integer + jsonPath: ".spec.numActivators" + - name: ServiceName + type: string + jsonPath: ".status.serviceName" + - name: PrivateServiceName + type: string + jsonPath: ".status.privateServiceName" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + names: + kind: ServerlessService + plural: serverlessservices + singular: serverlessservice + categories: + - knative-internal + - networking + shortNames: + - sks + scope: Namespaced + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: services.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.14.0" + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + duck.knative.dev/podspecable: "true" +spec: + group: serving.knative.dev + names: + kind: Service + plural: services + singular: service + categories: + - all + - knative + - serving + shortNames: + - kservice + - ksvc + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.url + - name: LatestCreated + type: string + jsonPath: .status.latestCreatedRevisionName + - name: LatestReady + type: string + jsonPath: .status.latestReadyRevisionName + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: |- + Service acts as a top-level container that manages a Route and Configuration + which implement a network service. Service exists to provide a singular + abstraction which can be access controlled, reasoned about, and which + encapsulates software lifecycle decisions such as rollout policy and + team resource ownership. Service acts only as an orchestrator of the + underlying Routes and Configurations (much as a kubernetes Deployment + orchestrates ReplicaSets), and its usage is optional but recommended. + + + The Service's controller will track the statuses of its owned Configuration + and Route, reflecting their statuses and conditions as its own. + + + See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#service + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + ServiceSpec represents the configuration for the Service object. + A Service's specification is the union of the specifications for a Route + and Configuration. The Service restricts what can be expressed in these + fields, e.g. the Route must reference the provided Configuration; + however, these limitations also enable friendlier defaulting, + e.g. Route never needs a Configuration name, and may be defaulted to + the appropriate "run latest" spec. + type: object + properties: + template: + description: Template holds the latest specification for the Revision to be stamped out. + type: object + properties: + metadata: + type: object + properties: + annotations: + type: object + additionalProperties: + type: string + finalizers: + type: array + items: + type: string + labels: + type: object + additionalProperties: + type: string + name: + type: string + namespace: + type: string + x-kubernetes-preserve-unknown-fields: true + spec: + description: RevisionSpec holds the desired state of the Revision (from the client). + type: object + required: + - containers + properties: + affinity: + description: This is accessible behind a feature flag - kubernetes.podspec-affinity + type: object + x-kubernetes-preserve-unknown-fields: true + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. + type: boolean + containerConcurrency: + description: |- + ContainerConcurrency specifies the maximum allowed in-flight (concurrent) + requests per container of the Revision. Defaults to `0` which means + concurrency to the application is not limited, and the system decides the + target concurrency for the autoscaler. + type: integer + format: int64 + containers: + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. + type: array + items: + description: A single application container that you want to run within a pod. + type: object + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + fieldRef: + description: This is accessible behind a feature flag - kubernetes.podspec-fieldref + type: object + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-map-type: atomic + resourceFieldRef: + description: This is accessible behind a feature flag - kubernetes.podspec-fieldref + type: object + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: array + items: + description: EnvFromSource represents the source of a set of ConfigMaps + type: object + properties: + configMapRef: + description: The ConfigMap to select from + type: object + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + type: object + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + x-kubernetes-map-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies the action to take. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies an action involving a GRPC port. + type: object + required: + - port + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + type: array + items: + description: ContainerPort represents a network port in a single container. + type: object + required: + - containerPort + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + type: integer + format: int32 + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + default: TCP + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies the action to take. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies an action involving a GRPC port. + type: object + required: + - port + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + type: array + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + type: object + required: + - name + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + type: object + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + type: object + properties: + add: + description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + drop: + description: Removed capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + type: object + required: + - type + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + type: array + items: + description: VolumeMount describes a mounting of a Volume within a container. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + dnsConfig: + description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig + type: object + x-kubernetes-preserve-unknown-fields: true + dnsPolicy: + description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy + type: string + enableServiceLinks: + description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' + type: boolean + hostAliases: + description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases + type: object + x-kubernetes-preserve-unknown-fields: true + idleTimeoutSeconds: + description: |- + IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed + to stay open while not receiving any bytes from the user's application. If + unspecified, a system default will be provided. + type: integer + format: int64 + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + type: array + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + type: object + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + x-kubernetes-map-type: atomic + initContainers: + description: |- + List of initialization containers belonging to the pod. + Init containers are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and is handled according + to its restartPolicy. The name for an init container or normal container must be + unique among all containers. + Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. + The resourceRequirements of an init container are taken into account during scheduling + by finding the highest request/limit for each resource type, and then using the max of + of that value or the sum of the normal containers. Limits are applied to init containers + in a similar fashion. + Init containers cannot currently be added or removed. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-init-containers + type: object + x-kubernetes-preserve-unknown-fields: true + nodeSelector: + description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector + type: object + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-map-type: atomic + priorityClassName: + description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname + type: string + x-kubernetes-preserve-unknown-fields: true + responseStartTimeoutSeconds: + description: |- + ResponseStartTimeoutSeconds is the maximum duration in seconds that the request + routing layer will wait for a request delivered to a container to begin + sending any network traffic. + type: integer + format: int64 + runtimeClassName: + description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname + type: string + x-kubernetes-preserve-unknown-fields: true + schedulerName: + description: This is accessible behind a feature flag - kubernetes.podspec-schedulername + type: string + x-kubernetes-preserve-unknown-fields: true + securityContext: + description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext + type: object + x-kubernetes-preserve-unknown-fields: true + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + type: string + shareProcessNamespace: + description: This is accessible behind a feature flag - kubernetes.podspec-shareproccessnamespace + type: boolean + x-kubernetes-preserve-unknown-fields: true + timeoutSeconds: + description: |- + TimeoutSeconds is the maximum duration in seconds that the request instance + is allowed to respond to a request. If unspecified, a system default will + be provided. + type: integer + format: int64 + tolerations: + description: This is accessible behind a feature flag - kubernetes.podspec-tolerations + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-tolerations + type: object + x-kubernetes-preserve-unknown-fields: true + topologySpreadConstraints: + description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints + type: object + x-kubernetes-preserve-unknown-fields: true + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + type: array + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + type: object + required: + - name + properties: + configMap: + description: configMap represents a configMap that should populate this volume + type: object + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + emptyDir: + description: This is accessible behind a feature flag - kubernetes.podspec-emptydir + type: object + x-kubernetes-preserve-unknown-fields: true + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + persistentVolumeClaim: + description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim + type: object + x-kubernetes-preserve-unknown-fields: true + projected: + description: projected items for all in one resources secrets, configmaps, and downward API + type: object + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + sources: + description: sources is the list of volume projections + type: array + items: + description: Projection that may be projected along with other supported volume types + type: object + properties: + configMap: + description: configMap information about the configMap data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI data to project + type: object + properties: + items: + description: Items is a list of DownwardAPIVolume file + type: array + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + type: object + required: + - path + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + x-kubernetes-map-type: atomic + secret: + description: secret information about the secret data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional field specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about the serviceAccountToken data to project + type: object + required: + - path + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + type: integer + format: int64 + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: object + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + optional: + description: optional field specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + traffic: + description: |- + Traffic specifies how to distribute traffic over a collection of + revisions and configurations. + type: array + items: + description: TrafficTarget holds a single entry of the routing table for a Route. + type: object + properties: + configurationName: + description: |- + ConfigurationName of a configuration to whose latest revision we will send + this portion of traffic. When the "status.latestReadyRevisionName" of the + referenced configuration changes, we will automatically migrate traffic + from the prior "latest ready" revision to the new one. This field is never + set in Route's status, only its spec. This is mutually exclusive with + RevisionName. + type: string + latestRevision: + description: |- + LatestRevision may be optionally provided to indicate that the latest + ready Revision of the Configuration should be used for this traffic + target. When provided LatestRevision must be true if RevisionName is + empty; it must be false when RevisionName is non-empty. + type: boolean + percent: + description: |- + Percent indicates that percentage based routing should be used and + the value indicates the percent of traffic that is be routed to this + Revision or Configuration. `0` (zero) mean no traffic, `100` means all + traffic. + When percentage based routing is being used the follow rules apply: + - the sum of all percent values must equal 100 + - when not specified, the implied value for `percent` is zero for + that particular Revision or Configuration + type: integer + format: int64 + revisionName: + description: |- + RevisionName of a specific revision to which to send this portion of + traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: |- + Tag is optionally used to expose a dedicated url for referencing + this target exclusively. + type: string + url: + description: |- + URL displays the URL for accessing named traffic targets. URL is displayed in + status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and + a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string + status: + description: ServiceStatus represents the Status stanza of the Service resource. + type: object + properties: + address: + description: Address holds the information needed for a Route to be the target of an event. + type: object + properties: + CACerts: + description: |- + CACerts is the Certification Authority (CA) certificates in PEM format + according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + audience: + description: Audience is the OIDC audience for this address. + type: string + name: + description: Name is the name of the address. + type: string + url: + type: string + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + latestCreatedRevisionName: + description: |- + LatestCreatedRevisionName is the last revision that was created from this + Configuration. It might not be ready yet, for that use LatestReadyRevisionName. + type: string + latestReadyRevisionName: + description: |- + LatestReadyRevisionName holds the name of the latest Revision stamped out + from this Configuration that has had its "Ready" condition become "True". + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + traffic: + description: |- + Traffic holds the configured traffic distribution. + These entries will always contain RevisionName references. + When ConfigurationName appears in the spec, this will hold the + LatestReadyRevisionName that we last observed. + type: array + items: + description: TrafficTarget holds a single entry of the routing table for a Route. + type: object + properties: + configurationName: + description: |- + ConfigurationName of a configuration to whose latest revision we will send + this portion of traffic. When the "status.latestReadyRevisionName" of the + referenced configuration changes, we will automatically migrate traffic + from the prior "latest ready" revision to the new one. This field is never + set in Route's status, only its spec. This is mutually exclusive with + RevisionName. + type: string + latestRevision: + description: |- + LatestRevision may be optionally provided to indicate that the latest + ready Revision of the Configuration should be used for this traffic + target. When provided LatestRevision must be true if RevisionName is + empty; it must be false when RevisionName is non-empty. + type: boolean + percent: + description: |- + Percent indicates that percentage based routing should be used and + the value indicates the percent of traffic that is be routed to this + Revision or Configuration. `0` (zero) mean no traffic, `100` means all + traffic. + When percentage based routing is being used the follow rules apply: + - the sum of all percent values must equal 100 + - when not specified, the implied value for `percent` is zero for + that particular Revision or Configuration + type: integer + format: int64 + revisionName: + description: |- + RevisionName of a specific revision to which to send this portion of + traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: |- + Tag is optionally used to expose a dedicated url for referencing + this target exclusively. + type: string + url: + description: |- + URL displays the URL for accessing named traffic targets. URL is displayed in + status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and + a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string + url: + description: |- + URL holds the url that will distribute traffic over the provided traffic targets. + It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} + type: string + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: images.caching.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.14.0" + knative.dev/crd-install: "true" +spec: + group: caching.internal.knative.dev + names: + kind: Image + plural: images + singular: image + categories: + - knative-internal + - caching + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: |- + Image is a Knative abstraction that encapsulates the interface by which Knative + components express a desire to have a particular image cached. + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec holds the desired state of the Image (from the client). + type: object + required: + - image + properties: + image: + description: Image is the name of the container image url to cache across the cluster. + type: string + imagePullSecrets: + description: |- + ImagePullSecrets contains the names of the Kubernetes Secrets containing login + information used by the Pods which will run this container. + type: array + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + type: object + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + x-kubernetes-map-type: atomic + serviceAccountName: + description: |- + ServiceAccountName is the name of the Kubernetes ServiceAccount as which the Pods + will run this container. This is potentially used to authenticate the image pull + if the service account has attached pull secrets. For more information: + https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account + type: string + status: + description: Status communicates the observed state of the Image (from the controller). + type: object + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + additionalPrinterColumns: + - name: Image + type: string + jsonPath: .spec.image + +--- diff --git a/cmd/operator/kodata/knative-serving/1.10.6/2-serving-core.yaml b/cmd/operator/kodata/knative-serving/1.14.0/2-serving-core.yaml similarity index 56% rename from cmd/operator/kodata/knative-serving/1.10.6/2-serving-core.yaml rename to cmd/operator/kodata/knative-serving/1.14.0/2-serving-core.yaml index 20f7201442..f2d75aeb9a 100644 --- a/cmd/operator/kodata/knative-serving/1.10.6/2-serving-core.yaml +++ b/cmd/operator/kodata/knative-serving/1.14.0/2-serving-core.yaml @@ -18,7 +18,56 @@ metadata: name: knative-serving labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" + +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-serving-activator + namespace: knative-serving + labels: + serving.knative.dev/controller: "true" + app.kubernetes.io/version: "1.14.0" + app.kubernetes.io/name: knative-serving +rules: + - apiGroups: [""] + resources: ["configmaps", "secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + resourceNames: ["routing-serving-certs", "knative-serving-certs"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-serving-activator-cluster + labels: + serving.knative.dev/controller: "true" + app.kubernetes.io/version: "1.14.0" + app.kubernetes.io/name: knative-serving +rules: + - apiGroups: [""] + resources: ["services", "endpoints"] + verbs: ["get", "list", "watch"] + - apiGroups: ["serving.knative.dev"] + resources: ["revisions"] + verbs: ["get", "list", "watch"] --- # Copyright 2019 The Knative Authors @@ -43,7 +92,7 @@ metadata: # (which should be identical, but isn't guaranteed to be installed alongside serving). name: knative-serving-aggregated-addressable-resolver labels: - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-serving aggregationRule: clusterRoleSelectors: @@ -55,7 +104,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-addressable-resolver labels: - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-serving # Labeled to facilitate aggregated cluster roles that act on Addressables. duck.knative.dev/addressable: "true" @@ -94,7 +143,7 @@ metadata: name: knative-serving-namespaced-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-serving rules: - apiGroups: ["serving.knative.dev"] @@ -110,7 +159,7 @@ metadata: name: knative-serving-namespaced-edit labels: rbac.authorization.k8s.io/aggregate-to-edit: "true" - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-serving rules: - apiGroups: ["serving.knative.dev"] @@ -126,7 +175,7 @@ metadata: name: knative-serving-namespaced-view labels: rbac.authorization.k8s.io/aggregate-to-view: "true" - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-serving rules: - apiGroups: ["serving.knative.dev", "networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] @@ -154,7 +203,7 @@ metadata: name: knative-serving-core labels: serving.knative.dev/controller: "true" - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-serving rules: - apiGroups: [""] @@ -208,7 +257,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-podspecable-binding labels: - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-serving # Labeled to facilitate aggregated cluster roles that act on PodSpecables. duck.knative.dev/podspecable: "true" @@ -247,7 +296,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -255,7 +304,7 @@ metadata: name: knative-serving-admin labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" aggregationRule: clusterRoleSelectors: - matchLabels: @@ -268,7 +317,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" subjects: - kind: ServiceAccount name: controller @@ -285,7 +334,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" subjects: - kind: ServiceAccount name: controller @@ -294,6 +343,51 @@ roleRef: kind: ClusterRole name: knative-serving-aggregated-addressable-resolver apiGroup: rbac.authorization.k8s.io +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: activator + namespace: knative-serving + labels: + app.kubernetes.io/component: activator + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.14.0" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: knative-serving-activator + namespace: knative-serving + labels: + app.kubernetes.io/component: activator + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.14.0" +subjects: + - kind: ServiceAccount + name: activator + namespace: knative-serving +roleRef: + kind: Role + name: knative-serving-activator + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-serving-activator-cluster + labels: + app.kubernetes.io/component: activator + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.14.0" +subjects: + - kind: ServiceAccount + name: activator + namespace: knative-serving +roleRef: + kind: ClusterRole + name: knative-serving-activator-cluster + apiGroup: rbac.authorization.k8s.io --- # Copyright 2018 The Knative Authors @@ -316,7 +410,7 @@ metadata: name: images.caching.internal.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" knative.dev/crd-install: "true" spec: group: caching.internal.knative.dev @@ -336,14 +430,25 @@ spec: status: {} schema: openAPIV3Schema: - description: Image is a Knative abstraction that encapsulates the interface by which Knative components express a desire to have a particular image cached. + description: |- + Image is a Knative abstraction that encapsulates the interface by which Knative + components express a desire to have a particular image cached. type: object properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -357,25 +462,40 @@ spec: description: Image is the name of the container image url to cache across the cluster. type: string imagePullSecrets: - description: ImagePullSecrets contains the names of the Kubernetes Secrets containing login information used by the Pods which will run this container. + description: |- + ImagePullSecrets contains the names of the Kubernetes Secrets containing login + information used by the Pods which will run this container. type: array items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. type: object properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string x-kubernetes-map-type: atomic serviceAccountName: - description: 'ServiceAccountName is the name of the Kubernetes ServiceAccount as which the Pods will run this container. This is potentially used to authenticate the image pull if the service account has attached pull secrets. For more information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account' + description: |- + ServiceAccountName is the name of the Kubernetes ServiceAccount as which the Pods + will run this container. This is potentially used to authenticate the image pull + if the service account has attached pull secrets. For more information: + https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account type: string status: description: Status communicates the observed state of the Image (from the controller). type: object properties: annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. type: object additionalProperties: type: string @@ -383,14 +503,19 @@ spec: description: Conditions the latest available observations of a resource's current state. type: array items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties type: object required: - status - type properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). type: string message: description: A human readable message indicating details about the transition. @@ -399,7 +524,9 @@ spec: description: The reason for the condition's last transition. type: string severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. type: string status: description: Status of the condition, one of True, False, Unknown. @@ -408,7 +535,9 @@ spec: description: Type of condition. type: string observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. type: integer format: int64 additionalPrinterColumns: @@ -416,6 +545,22 @@ spec: type: string jsonPath: .spec.image +--- +apiVersion: networking.internal.knative.dev/v1alpha1 +kind: Certificate +metadata: + annotations: + networking.knative.dev/certificate.class: cert-manager.certificate.networking.knative.dev + labels: + networking.knative.dev/certificate-type: system-internal + name: routing-serving-certs + namespace: knative-serving +spec: + dnsNames: + - kn-routing + - data-plane.knative.dev # for reverse-compatibility with net-* implementations that do not work with multi-SANs + secretName: routing-serving-certs + --- # Copyright 2020 The Knative Authors # @@ -438,7 +583,7 @@ metadata: labels: app.kubernetes.io/name: knative-serving app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -450,26 +595,42 @@ spec: status: {} schema: openAPIV3Schema: - description: Certificate is responsible for provisioning a SSL certificate for the given hosts. It is a Knative abstraction for various SSL certificate provisioning solutions (such as cert-manager or self-signed SSL certificate). + description: |- + Certificate is responsible for provisioning a SSL certificate for the + given hosts. It is a Knative abstraction for various SSL certificate + provisioning solutions (such as cert-manager or self-signed SSL certificate). type: object properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: 'Spec is the desired state of the Certificate. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + description: |- + Spec is the desired state of the Certificate. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status type: object required: - dnsNames - secretName properties: dnsNames: - description: DNSNames is a list of DNS names the Certificate could support. The wildcard format of DNSNames (e.g. *.default.example.com) is supported. + description: |- + DNSNames is a list of DNS names the Certificate could support. + The wildcard format of DNSNames (e.g. *.default.example.com) is supported. type: array items: type: string @@ -480,11 +641,17 @@ spec: description: SecretName is the name of the secret resource to store the SSL certificate in. type: string status: - description: 'Status is the current state of the Certificate. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + description: |- + Status is the current state of the Certificate. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status type: object properties: annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. type: object additionalProperties: type: string @@ -492,14 +659,19 @@ spec: description: Conditions the latest available observations of a resource's current state. type: array items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties type: object required: - status - type properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). type: string message: description: A human readable message indicating details about the transition. @@ -508,7 +680,9 @@ spec: description: The reason for the condition's last transition. type: string severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. type: string status: description: Status of the condition, one of True, False, Unknown. @@ -517,10 +691,14 @@ spec: description: Type of condition. type: string http01Challenges: - description: HTTP01Challenges is a list of HTTP01 challenges that need to be fulfilled in order to get the TLS certificate.. + description: |- + HTTP01Challenges is a list of HTTP01 challenges that need to be fulfilled + in order to get the TLS certificate.. type: array items: - description: HTTP01Challenge defines the status of a HTTP01 challenge that a certificate needs to fulfill. + description: |- + HTTP01Challenge defines the status of a HTTP01 challenge that a certificate needs + to fulfill. type: object properties: serviceName: @@ -539,11 +717,15 @@ spec: description: URL is the URL that the HTTP01 challenge is expected to serve on. type: string notAfter: - description: The expiration time of the TLS certificate stored in the secret named by this resource in spec.secretName. + description: |- + The expiration time of the TLS certificate stored in the secret named + by this resource in spec.secretName. type: string format: date-time observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. type: integer format: int64 additionalPrinterColumns: @@ -587,7 +769,7 @@ metadata: name: configurations.serving.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" knative.dev/crd-install: "true" duck.knative.dev/podspecable: "true" spec: @@ -625,14 +807,28 @@ spec: jsonPath: ".status.conditions[?(@.type=='Ready')].reason" schema: openAPIV3Schema: - description: 'Configuration represents the "floating HEAD" of a linear history of Revisions. Users create new Revisions by updating the Configuration''s spec. The "latest created" revision''s name is available under status, as is the "latest ready" revision''s name. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#configuration' + description: |- + Configuration represents the "floating HEAD" of a linear history of Revisions. + Users create new Revisions by updating the Configuration's spec. + The "latest created" revision's name is available under status, as is the + "latest ready" revision's name. + See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#configuration type: object properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -678,28 +874,54 @@ spec: description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. type: boolean containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. + description: |- + ContainerConcurrency specifies the maximum allowed in-flight (concurrent) + requests per container of the Revision. Defaults to `0` which means + concurrency to the application is not limited, and the system decides the + target concurrency for the autoscaler. type: integer format: int64 containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. type: array items: description: A single application container that you want to run within a pod. type: object properties: args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell type: array items: type: string command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell type: array items: type: string env: - description: List of environment variables to set in the container. Cannot be updated. + description: |- + List of environment variables to set in the container. + Cannot be updated. type: array items: description: EnvVar represents an environment variable present in a Container. @@ -711,7 +933,16 @@ spec: description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment variable's value. Cannot be used if value is not empty. @@ -727,7 +958,10 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key must be defined @@ -753,14 +987,23 @@ spec: description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must be defined type: boolean x-kubernetes-map-type: atomic envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. type: array items: description: EnvFromSource represents the source of a set of ConfigMaps @@ -771,7 +1014,10 @@ spec: type: object properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap must be defined @@ -785,20 +1031,36 @@ spec: type: object properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret must be defined type: boolean x-kubernetes-map-type: atomic image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. type: string imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images type: string livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes type: object properties: exec: @@ -806,20 +1068,47 @@ spec: type: object properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. type: array items: type: string failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. type: integer format: int32 + grpc: + description: GRPC specifies an action involving a GRPC port. + type: object + required: + - port + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string httpGet: description: HTTPGet specifies the http request to perform. type: object properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. @@ -832,7 +1121,9 @@ spec: - value properties: name: - description: The header field name + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -841,16 +1132,23 @@ spec: description: Path to access on the HTTP server. type: string port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. anyOf: - type: integer - type: string x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. type: string initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes type: integer format: int32 periodSeconds: @@ -858,7 +1156,9 @@ spec: type: integer format: int32 successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. type: integer format: int32 tcpSocket: @@ -869,20 +1169,36 @@ spec: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. anyOf: - type: integer - type: string x-kubernetes-int-or-string: true timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes type: integer format: int32 name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. type: string ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. type: array items: description: ContainerPort represents a network port in a single container. @@ -891,14 +1207,21 @@ spec: - containerPort properties: containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. type: integer format: int32 name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. type: string protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". type: string default: TCP x-kubernetes-list-map-keys: @@ -906,7 +1229,11 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes type: object properties: exec: @@ -914,20 +1241,47 @@ spec: type: object properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. type: array items: type: string failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. type: integer format: int32 + grpc: + description: GRPC specifies an action involving a GRPC port. + type: object + required: + - port + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string httpGet: description: HTTPGet specifies the http request to perform. type: object properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. @@ -940,7 +1294,9 @@ spec: - value properties: name: - description: The header field name + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -949,16 +1305,23 @@ spec: description: Path to access on the HTTP server. type: string port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. anyOf: - type: integer - type: string x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. type: string initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes type: integer format: int32 periodSeconds: @@ -966,7 +1329,9 @@ spec: type: integer format: int32 successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. type: integer format: int32 tcpSocket: @@ -977,21 +1342,59 @@ spec: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. anyOf: - type: integer - type: string x-kubernetes-int-or-string: true timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes type: integer format: int32 resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + type: array + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + type: object + required: + - name + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object additionalProperties: pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ @@ -1000,7 +1403,11 @@ spec: - type: string x-kubernetes-int-or-string: true requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object additionalProperties: pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ @@ -1009,14 +1416,27 @@ spec: - type: string x-kubernetes-int-or-string: true securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ type: object properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. type: boolean capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. type: object properties: add: @@ -1032,39 +1452,89 @@ spec: description: Capability represent POSIX capabilities type type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. type: integer format: int64 runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. type: integer format: int64 seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. type: object required: - type properties: localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. type: string type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. type: string terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. type: string terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. type: string volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. type: array items: description: VolumeMount describes a mounting of a Volume within a container. @@ -1074,19 +1544,29 @@ spec: - name properties: mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. type: string name: description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). type: string workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. type: string dnsConfig: description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig @@ -1106,22 +1586,46 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. + description: |- + IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed + to stay open while not receiving any bytes from the user's application. If + unspecified, a system default will be provided. type: integer format: int64 imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod type: array items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. type: object properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string x-kubernetes-map-type: atomic initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' + description: |- + List of initialization containers belonging to the pod. + Init containers are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and is handled according + to its restartPolicy. The name for an init container or normal container must be + unique among all containers. + Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. + The resourceRequirements of an init container are taken into account during scheduling + by finding the highest request/limit for each resource type, and then using the max of + of that value or the sum of the normal containers. Limits are applied to init containers + in a similar fashion. + Init containers cannot currently be added or removed. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ type: array items: description: This is accessible behind a feature flag - kubernetes.podspec-init-containers @@ -1137,7 +1641,10 @@ spec: type: string x-kubernetes-preserve-unknown-fields: true responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. + description: |- + ResponseStartTimeoutSeconds is the maximum duration in seconds that the request + routing layer will wait for a request delivered to a container to begin + sending any network traffic. type: integer format: int64 runtimeClassName: @@ -1153,10 +1660,19 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ type: string + shareProcessNamespace: + description: This is accessible behind a feature flag - kubernetes.podspec-shareproccessnamespace + type: boolean + x-kubernetes-preserve-unknown-fields: true timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. + description: |- + TimeoutSeconds is the maximum duration in seconds that the request instance + is allowed to respond to a request. If unspecified, a system default will + be provided. type: integer format: int64 tolerations: @@ -1174,7 +1690,9 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes type: array items: description: Volume represents a named volume in a pod that may be accessed by any container in the pod. @@ -1187,11 +1705,25 @@ spec: type: object properties: defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. type: integer format: int32 items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. type: array items: description: Maps a string key to a path within a volume. @@ -1204,14 +1736,27 @@ spec: description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. type: integer format: int32 path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap or its keys must be defined @@ -1222,7 +1767,10 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string persistentVolumeClaim: description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim @@ -1233,7 +1781,13 @@ spec: type: object properties: defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. type: integer format: int32 sources: @@ -1248,7 +1802,14 @@ spec: type: object properties: items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. type: array items: description: Maps a string key to a path within a volume. @@ -1261,14 +1822,27 @@ spec: description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. type: integer format: int32 path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap or its keys must be defined @@ -1301,14 +1875,22 @@ spec: type: string x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. type: integer format: int32 path: description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. type: object required: - resource @@ -1332,7 +1914,14 @@ spec: type: object properties: items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. type: array items: description: Maps a string key to a path within a volume. @@ -1345,14 +1934,27 @@ spec: description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. type: integer format: int32 path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional field specify whether the Secret or its key must be defined @@ -1365,25 +1967,53 @@ spec: - path properties: audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. type: string expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. type: integer format: int64 path: - description: path is the path relative to the mount point of the file to project the token into. + description: |- + path is the path relative to the mount point of the file to project the + token into. type: string secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret type: object properties: defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. type: integer format: int32 items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. type: array items: description: Maps a string key to a path within a volume. @@ -1396,24 +2026,40 @@ spec: description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. type: integer format: int32 path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. type: string optional: description: optional field specify whether the Secret or its keys must be defined type: boolean secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret type: string status: description: ConfigurationStatus communicates the observed state of the Configuration (from the controller). type: object properties: annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. type: object additionalProperties: type: string @@ -1421,14 +2067,19 @@ spec: description: Conditions the latest available observations of a resource's current state. type: array items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties type: object required: - status - type properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). type: string message: description: A human readable message indicating details about the transition. @@ -1437,7 +2088,9 @@ spec: description: The reason for the condition's last transition. type: string severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. type: string status: description: Status of the condition, one of True, False, Unknown. @@ -1446,13 +2099,19 @@ spec: description: Type of condition. type: string latestCreatedRevisionName: - description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. + description: |- + LatestCreatedRevisionName is the last revision that was created from this + Configuration. It might not be ready yet, for that use LatestReadyRevisionName. type: string latestReadyRevisionName: - description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". + description: |- + LatestReadyRevisionName holds the name of the latest Revision stamped out + from this Configuration that has had its "Ready" condition become "True". type: string observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. type: integer format: int64 @@ -1478,7 +2137,7 @@ metadata: labels: app.kubernetes.io/name: knative-serving app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -1494,21 +2153,34 @@ spec: type: object properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: 'Spec is the desired state of the ClusterDomainClaim. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + description: |- + Spec is the desired state of the ClusterDomainClaim. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status type: object required: - namespace properties: namespace: - description: Namespace is the namespace which is allowed to create a DomainMapping using this ClusterDomainClaim's name. + description: |- + Namespace is the namespace which is allowed to create a DomainMapping + using this ClusterDomainClaim's name. type: string names: kind: ClusterDomainClaim @@ -1542,14 +2214,14 @@ metadata: name: domainmappings.serving.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" knative.dev/crd-install: "true" spec: group: serving.knative.dev versions: - name: v1beta1 served: true - storage: false + storage: true subresources: status: {} additionalPrinterColumns: @@ -1568,21 +2240,43 @@ spec: type: object properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + description: |- + Spec is the desired state of the DomainMapping. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status type: object required: - ref properties: ref: - description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." + description: |- + Ref specifies the target of the Domain Mapping. + + + The object identified by the Ref must be an Addressable with a URL of the + form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, + and `{name}` and `{namespace}` are the name and namespace of a Kubernetes + Service. + + + This contract is satisfied by Knative types such as Knative Services and + Knative Routes, and by Kubernetes Services. type: object required: - kind @@ -1595,16 +2289,25 @@ spec: description: API version of the referent. type: string group: - description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' + description: |- + Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. + Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086 type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + This is optional field, it gets defaulted to the object holding it if left out. type: string tls: description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. @@ -1616,7 +2319,9 @@ spec: description: SecretName is the name of the existing secret used to terminate TLS traffic. type: string status: - description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + description: |- + Status is the current state of the DomainMapping. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status type: object properties: address: @@ -1624,121 +2329,12 @@ spec: type: object properties: CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. - type: string - name: - description: Name is the name of the address. - type: string - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - additionalProperties: - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - url: - description: URL is the URL of this DomainMapping. - type: string - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: DomainMapping is a mapping from a custom hostname to an Addressable. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - ref - properties: - ref: - description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." - type: object - required: - - kind - - name - properties: - address: - description: Address points to a specific Address Name. - type: string - apiVersion: - description: API version of the referent. - type: string - group: - description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - tls: - description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. - type: object - required: - - secretName - properties: - secretName: - description: SecretName is the name of the existing secret used to terminate TLS traffic. + description: |- + CACerts is the Certification Authority (CA) certificates in PEM format + according to https://www.rfc-editor.org/rfc/rfc7468. type: string - status: - description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - address: - description: Address holds the information needed for a DomainMapping to be the target of an event. - type: object - properties: - CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + audience: + description: Audience is the OIDC audience for this address. type: string name: description: Name is the name of the address. @@ -1746,7 +2342,11 @@ spec: url: type: string annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. type: object additionalProperties: type: string @@ -1754,14 +2354,19 @@ spec: description: Conditions the latest available observations of a resource's current state. type: array items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties type: object required: - status - type properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). type: string message: description: A human readable message indicating details about the transition. @@ -1770,7 +2375,9 @@ spec: description: The reason for the condition's last transition. type: string severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. type: string status: description: Status of the condition, one of True, False, Unknown. @@ -1779,22 +2386,14 @@ spec: description: Type of condition. type: string observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. type: integer format: int64 url: description: URL is the URL of this DomainMapping. type: string - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" names: kind: DomainMapping plural: domainmappings @@ -1829,7 +2428,7 @@ metadata: labels: app.kubernetes.io/name: knative-serving app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -1841,61 +2440,116 @@ spec: status: {} schema: openAPIV3Schema: - description: "Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable URLs, load balance traffic, offer name based virtual hosting, etc. \n This is heavily based on K8s Ingress https://godoc.org/k8s.io/api/networking/v1beta1#Ingress which some highlighted modifications." + description: |- + Ingress is a collection of rules that allow inbound connections to reach the endpoints defined + by a backend. An Ingress can be configured to give services externally-reachable URLs, load + balance traffic, offer name based virtual hosting, etc. + + + This is heavily based on K8s Ingress https://godoc.org/k8s.io/api/networking/v1beta1#Ingress + which some highlighted modifications. type: object properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: 'Spec is the desired state of the Ingress. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + description: |- + Spec is the desired state of the Ingress. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status type: object properties: httpOption: - description: 'HTTPOption is the option of HTTP. It has the following two values: `HTTPOptionEnabled`, `HTTPOptionRedirected`' + description: |- + HTTPOption is the option of HTTP. It has the following two values: + `HTTPOptionEnabled`, `HTTPOptionRedirected` type: string rules: description: A list of host rules used to configure the Ingress. type: array items: - description: IngressRule represents the rules mapping the paths under a specified host to the related backend services. Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching IngressRuleValue. + description: |- + IngressRule represents the rules mapping the paths under a specified host to + the related backend services. Incoming requests are first evaluated for a host + match, then routed to the backend associated with the matching IngressRuleValue. type: object properties: hosts: - description: 'Host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the "host" part of the URI as defined in the RFC: 1. IPs are not allowed. Currently a rule value can only apply to the IP in the Spec of the parent . 2. The `:` delimiter is not respected because ports are not allowed. Currently the port of an Ingress is implicitly :80 for http and :443 for https. Both these may change in the future. If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue. If multiple matching Hosts were provided, the first rule will take precedent.' + description: |- + Host is the fully qualified domain name of a network host, as defined + by RFC 3986. Note the following deviations from the "host" part of the + URI as defined in the RFC: + 1. IPs are not allowed. Currently a rule value can only apply to the + IP in the Spec of the parent . + 2. The `:` delimiter is not respected because ports are not allowed. + Currently the port of an Ingress is implicitly :80 for http and + :443 for https. + Both these may change in the future. + If the host is unspecified, the Ingress routes all traffic based on the + specified IngressRuleValue. + If multiple matching Hosts were provided, the first rule will take precedent. type: array items: type: string http: - description: HTTP represents a rule to apply against incoming requests. If the rule is satisfied, the request is routed to the specified backend. + description: |- + HTTP represents a rule to apply against incoming requests. If the + rule is satisfied, the request is routed to the specified backend. type: object required: - paths properties: paths: - description: "A collection of paths that map requests to backends. \n If they are multiple matching paths, the first match takes precedence." + description: |- + A collection of paths that map requests to backends. + + + If they are multiple matching paths, the first match takes precedence. type: array items: - description: HTTPIngressPath associates a path regex with a backend. Incoming URLs matching the path are forwarded to the backend. + description: |- + HTTPIngressPath associates a path regex with a backend. Incoming URLs matching + the path are forwarded to the backend. type: object required: - splits properties: appendHeaders: - description: "AppendHeaders allow specifying additional HTTP headers to add before forwarding a request to the destination service. \n NOTE: This differs from K8s Ingress which doesn't allow header appending." + description: |- + AppendHeaders allow specifying additional HTTP headers to add + before forwarding a request to the destination service. + + + NOTE: This differs from K8s Ingress which doesn't allow header appending. type: object additionalProperties: type: string headers: - description: Headers defines header matching rules which is a map from a header name to HeaderMatch which specify a matching condition. When a request matched with all the header matching rules, the request is routed by the corresponding ingress rule. If it is empty, the headers are not used for matching + description: |- + Headers defines header matching rules which is a map from a header name + to HeaderMatch which specify a matching condition. + When a request matched with all the header matching rules, + the request is routed by the corresponding ingress rule. + If it is empty, the headers are not used for matching type: object additionalProperties: - description: HeaderMatch represents a matching value of Headers in HTTPIngressPath. Currently, only the exact matching is supported. + description: |- + HeaderMatch represents a matching value of Headers in HTTPIngressPath. + Currently, only the exact matching is supported. type: object required: - exact @@ -1903,13 +2557,25 @@ spec: exact: type: string path: - description: Path represents a literal prefix to which this rule should apply. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/'. If unspecified, the path defaults to a catch all sending traffic to the backend. + description: |- + Path represents a literal prefix to which this rule should apply. + Currently it can contain characters disallowed from the conventional + "path" part of a URL as defined by RFC 3986. Paths must begin with + a '/'. If unspecified, the path defaults to a catch all sending + traffic to the backend. type: string rewriteHost: - description: "RewriteHost rewrites the incoming request's host header. \n This field is currently experimental and not supported by all Ingress implementations." + description: |- + RewriteHost rewrites the incoming request's host header. + + + This field is currently experimental and not supported by all Ingress + implementations. type: string splits: - description: Splits defines the referenced service endpoints to which the traffic will be forwarded to. + description: |- + Splits defines the referenced service endpoints to which the traffic + will be forwarded to. type: array items: description: IngressBackendSplit describes all endpoints for a given service and port. @@ -1920,18 +2586,32 @@ spec: - servicePort properties: appendHeaders: - description: "AppendHeaders allow specifying additional HTTP headers to add before forwarding a request to the destination service. \n NOTE: This differs from K8s Ingress which doesn't allow header appending." + description: |- + AppendHeaders allow specifying additional HTTP headers to add + before forwarding a request to the destination service. + + + NOTE: This differs from K8s Ingress which doesn't allow header appending. type: object additionalProperties: type: string percent: - description: "Specifies the split percentage, a number between 0 and 100. If only one split is specified, we default to 100. \n NOTE: This differs from K8s Ingress to allow percentage split." + description: |- + Specifies the split percentage, a number between 0 and 100. If + only one split is specified, we default to 100. + + + NOTE: This differs from K8s Ingress to allow percentage split. type: integer serviceName: description: Specifies the name of the referenced service. type: string serviceNamespace: - description: "Specifies the namespace of the referenced service. \n NOTE: This differs from K8s Ingress to allow routing to different namespaces." + description: |- + Specifies the namespace of the referenced service. + + + NOTE: This differs from K8s Ingress to allow routing to different namespaces. type: string servicePort: description: Specifies the port of the referenced service. @@ -1940,17 +2620,28 @@ spec: - type: string x-kubernetes-int-or-string: true visibility: - description: Visibility signifies whether this rule should `ClusterLocal`. If it's not specified then it defaults to `ExternalIP`. + description: |- + Visibility signifies whether this rule should `ClusterLocal`. If it's not + specified then it defaults to `ExternalIP`. type: string tls: - description: 'TLS configuration. Currently Ingress only supports a single TLS port: 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI.' + description: |- + TLS configuration. Currently Ingress only supports a single TLS + port: 443. If multiple members of this list specify different hosts, they + will be multiplexed on the same port according to the hostname specified + through the SNI TLS extension, if the ingress controller fulfilling the + ingress supports SNI. type: array items: description: IngressTLS describes the transport layer security associated with an Ingress. type: object properties: hosts: - description: Hosts is a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified. + description: |- + Hosts is a list of hosts included in the TLS certificate. The values in + this list must match the name/s used in the tlsSecret. Defaults to the + wildcard host setting for the loadbalancer controller fulfilling this + Ingress, if left unspecified. type: array items: type: string @@ -1958,14 +2649,24 @@ spec: description: SecretName is the name of the secret used to terminate SSL traffic. type: string secretNamespace: - description: SecretNamespace is the namespace of the secret used to terminate SSL traffic. If not set the namespace should be assumed to be the same as the Ingress. If set the secret should have the same namespace as the Ingress otherwise the behaviour is undefined and not supported. + description: |- + SecretNamespace is the namespace of the secret used to terminate SSL traffic. + If not set the namespace should be assumed to be the same as the Ingress. + If set the secret should have the same namespace as the Ingress otherwise + the behaviour is undefined and not supported. type: string status: - description: 'Status is the current state of the Ingress. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + description: |- + Status is the current state of the Ingress. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status type: object properties: annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. type: object additionalProperties: type: string @@ -1973,14 +2674,19 @@ spec: description: Conditions the latest available observations of a resource's current state. type: array items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties type: object required: - status - type properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). type: string message: description: A human readable message indicating details about the transition. @@ -1989,7 +2695,9 @@ spec: description: The reason for the condition's last transition. type: string severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. type: string status: description: Status of the condition, one of True, False, Unknown. @@ -1998,7 +2706,9 @@ spec: description: Type of condition. type: string observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. type: integer format: int64 privateLoadBalancer: @@ -2006,20 +2716,33 @@ spec: type: object properties: ingress: - description: Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points. + description: |- + Ingress is a list containing ingress points for the load-balancer. + Traffic intended for the service should be sent to these ingress points. type: array items: - description: 'LoadBalancerIngressStatus represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.' + description: |- + LoadBalancerIngressStatus represents the status of a load-balancer ingress point: + traffic intended for the service should be sent to an ingress point. type: object properties: domain: - description: Domain is set for load-balancer ingress points that are DNS based (typically AWS load-balancers) + description: |- + Domain is set for load-balancer ingress points that are DNS based + (typically AWS load-balancers) type: string domainInternal: - description: "DomainInternal is set if there is a cluster-local DNS name to access the Ingress. \n NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local DNS name to allow routing in case of not having a mesh." + description: |- + DomainInternal is set if there is a cluster-local DNS name to access the Ingress. + + + NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local + DNS name to allow routing in case of not having a mesh. type: string ip: - description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers) + description: |- + IP is set for load-balancer ingress points that are IP based + (typically GCE or OpenStack load-balancers) type: string meshOnly: description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. @@ -2029,20 +2752,33 @@ spec: type: object properties: ingress: - description: Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points. + description: |- + Ingress is a list containing ingress points for the load-balancer. + Traffic intended for the service should be sent to these ingress points. type: array items: - description: 'LoadBalancerIngressStatus represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.' + description: |- + LoadBalancerIngressStatus represents the status of a load-balancer ingress point: + traffic intended for the service should be sent to an ingress point. type: object properties: domain: - description: Domain is set for load-balancer ingress points that are DNS based (typically AWS load-balancers) + description: |- + Domain is set for load-balancer ingress points that are DNS based + (typically AWS load-balancers) type: string domainInternal: - description: "DomainInternal is set if there is a cluster-local DNS name to access the Ingress. \n NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local DNS name to allow routing in case of not having a mesh." + description: |- + DomainInternal is set if there is a cluster-local DNS name to access the Ingress. + + + NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local + DNS name to allow routing in case of not having a mesh. type: string ip: - description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers) + description: |- + IP is set for load-balancer ingress points that are IP based + (typically GCE or OpenStack load-balancers) type: string meshOnly: description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. @@ -2089,7 +2825,7 @@ metadata: name: metrics.autoscaling.internal.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" knative.dev/crd-install: "true" spec: group: autoscaling.internal.knative.dev @@ -2120,10 +2856,19 @@ spec: type: object properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -2151,7 +2896,11 @@ spec: type: object properties: annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. type: object additionalProperties: type: string @@ -2159,14 +2908,19 @@ spec: description: Conditions the latest available observations of a resource's current state. type: array items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties type: object required: - status - type properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). type: string message: description: A human readable message indicating details about the transition. @@ -2175,7 +2929,9 @@ spec: description: The reason for the condition's last transition. type: string severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. type: string status: description: Status of the condition, one of True, False, Unknown. @@ -2184,7 +2940,9 @@ spec: description: Type of condition. type: string observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. type: integer format: int64 @@ -2211,7 +2969,7 @@ metadata: name: podautoscalers.autoscaling.internal.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" knative.dev/crd-install: "true" spec: group: autoscaling.internal.knative.dev @@ -2247,14 +3005,27 @@ spec: jsonPath: ".status.conditions[?(@.type=='Ready')].reason" schema: openAPIV3Schema: - description: 'PodAutoscaler is a Knative abstraction that encapsulates the interface by which Knative components instantiate autoscalers. This definition is an abstraction that may be backed by multiple definitions. For more information, see the Knative Pluggability presentation: https://docs.google.com/presentation/d/19vW9HFZ6Puxt31biNZF3uLRejDmu82rxJIk1cWmxF7w/edit' + description: |- + PodAutoscaler is a Knative abstraction that encapsulates the interface by which Knative + components instantiate autoscalers. This definition is an abstraction that may be backed + by multiple definitions. For more information, see the Knative Pluggability presentation: + https://docs.google.com/presentation/d/19vW9HFZ6Puxt31biNZF3uLRejDmu82rxJIk1cWmxF7w/edit type: object properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -2266,27 +3037,38 @@ spec: - scaleTargetRef properties: containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means unlimited concurrency. + description: |- + ContainerConcurrency specifies the maximum allowed + in-flight (concurrent) requests per container of the Revision. + Defaults to `0` which means unlimited concurrency. type: integer format: int64 protocolType: description: The application-layer protocol. Matches `ProtocolType` inferred from the revision spec. type: string reachability: - description: Reachability specifies whether or not the `ScaleTargetRef` can be reached (ie. has a route). Defaults to `ReachabilityUnknown` + description: |- + Reachability specifies whether or not the `ScaleTargetRef` can be reached (ie. has a route). + Defaults to `ReachabilityUnknown` type: string scaleTargetRef: - description: ScaleTargetRef defines the /scale-able resource that this PodAutoscaler is responsible for quickly right-sizing. + description: |- + ScaleTargetRef defines the /scale-able resource that this PodAutoscaler + is responsible for quickly right-sizing. type: object properties: apiVersion: description: API version of the referent. type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string x-kubernetes-map-type: atomic status: @@ -2301,7 +3083,11 @@ spec: type: integer format: int32 annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. type: object additionalProperties: type: string @@ -2309,14 +3095,19 @@ spec: description: Conditions the latest available observations of a resource's current state. type: array items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties type: object required: - status - type properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). type: string message: description: A human readable message indicating details about the transition. @@ -2325,7 +3116,9 @@ spec: description: The reason for the condition's last transition. type: string severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. type: string status: description: Status of the condition, one of True, False, Unknown. @@ -2338,14 +3131,20 @@ spec: type: integer format: int32 metricsServiceName: - description: MetricsServiceName is the K8s Service name that provides revision metrics. The service is managed by the PA object. + description: |- + MetricsServiceName is the K8s Service name that provides revision metrics. + The service is managed by the PA object. type: string observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. type: integer format: int64 serviceName: - description: ServiceName is the K8s Service name that serves the revision, scaled by this PA. The service is created and owned by the ServerlessService object owned by this PA. + description: |- + ServiceName is the K8s Service name that serves the revision, scaled by this PA. + The service is created and owned by the ServerlessService object owned by this PA. type: string --- @@ -2371,7 +3170,7 @@ metadata: name: revisions.serving.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" knative.dev/crd-install: "true" spec: group: serving.knative.dev @@ -2416,14 +3215,29 @@ spec: jsonPath: ".status.desiredReplicas" schema: openAPIV3Schema: - description: "Revision is an immutable snapshot of code and configuration. A revision references a container image. Revisions are created by updates to a Configuration. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#revision" + description: |- + Revision is an immutable snapshot of code and configuration. A revision + references a container image. Revisions are created by updates to a + Configuration. + + + See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#revision type: object properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -2441,28 +3255,54 @@ spec: description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. type: boolean containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. + description: |- + ContainerConcurrency specifies the maximum allowed in-flight (concurrent) + requests per container of the Revision. Defaults to `0` which means + concurrency to the application is not limited, and the system decides the + target concurrency for the autoscaler. type: integer format: int64 containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. type: array items: description: A single application container that you want to run within a pod. type: object properties: args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell type: array items: type: string command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell type: array items: type: string env: - description: List of environment variables to set in the container. Cannot be updated. + description: |- + List of environment variables to set in the container. + Cannot be updated. type: array items: description: EnvVar represents an environment variable present in a Container. @@ -2474,7 +3314,16 @@ spec: description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment variable's value. Cannot be used if value is not empty. @@ -2490,7 +3339,10 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key must be defined @@ -2516,14 +3368,23 @@ spec: description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must be defined type: boolean x-kubernetes-map-type: atomic envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. type: array items: description: EnvFromSource represents the source of a set of ConfigMaps @@ -2534,7 +3395,10 @@ spec: type: object properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap must be defined @@ -2548,20 +3412,36 @@ spec: type: object properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret must be defined type: boolean x-kubernetes-map-type: atomic image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. type: string imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images type: string livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes type: object properties: exec: @@ -2569,20 +3449,47 @@ spec: type: object properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. type: array items: type: string failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. type: integer format: int32 + grpc: + description: GRPC specifies an action involving a GRPC port. + type: object + required: + - port + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string httpGet: description: HTTPGet specifies the http request to perform. type: object properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. @@ -2595,7 +3502,9 @@ spec: - value properties: name: - description: The header field name + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -2604,16 +3513,23 @@ spec: description: Path to access on the HTTP server. type: string port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. anyOf: - type: integer - type: string x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. type: string initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes type: integer format: int32 periodSeconds: @@ -2621,7 +3537,9 @@ spec: type: integer format: int32 successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. type: integer format: int32 tcpSocket: @@ -2632,20 +3550,36 @@ spec: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. anyOf: - type: integer - type: string x-kubernetes-int-or-string: true timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes type: integer format: int32 name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. type: string ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. type: array items: description: ContainerPort represents a network port in a single container. @@ -2654,14 +3588,21 @@ spec: - containerPort properties: containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. type: integer format: int32 name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. type: string protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". type: string default: TCP x-kubernetes-list-map-keys: @@ -2669,7 +3610,11 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes type: object properties: exec: @@ -2677,20 +3622,47 @@ spec: type: object properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. type: array items: type: string failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. type: integer format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. + grpc: + description: GRPC specifies an action involving a GRPC port. + type: object + required: + - port + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + httpGet: + description: HTTPGet specifies the http request to perform. type: object properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. @@ -2703,7 +3675,9 @@ spec: - value properties: name: - description: The header field name + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -2712,16 +3686,23 @@ spec: description: Path to access on the HTTP server. type: string port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. anyOf: - type: integer - type: string x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. type: string initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes type: integer format: int32 periodSeconds: @@ -2729,7 +3710,9 @@ spec: type: integer format: int32 successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. type: integer format: int32 tcpSocket: @@ -2740,21 +3723,59 @@ spec: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. anyOf: - type: integer - type: string x-kubernetes-int-or-string: true timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes type: integer format: int32 resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + type: array + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + type: object + required: + - name + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object additionalProperties: pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ @@ -2763,7 +3784,11 @@ spec: - type: string x-kubernetes-int-or-string: true requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object additionalProperties: pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ @@ -2772,14 +3797,27 @@ spec: - type: string x-kubernetes-int-or-string: true securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ type: object properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. type: boolean capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. type: object properties: add: @@ -2795,39 +3833,89 @@ spec: description: Capability represent POSIX capabilities type type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. type: integer format: int64 runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. type: integer format: int64 seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. type: object required: - type properties: localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. type: string type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. type: string terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. type: string terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. type: string volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. type: array items: description: VolumeMount describes a mounting of a Volume within a container. @@ -2837,19 +3925,29 @@ spec: - name properties: mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. type: string name: description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). type: string workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. type: string dnsConfig: description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig @@ -2869,22 +3967,46 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. + description: |- + IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed + to stay open while not receiving any bytes from the user's application. If + unspecified, a system default will be provided. type: integer format: int64 imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod type: array items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. type: object properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string x-kubernetes-map-type: atomic initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' + description: |- + List of initialization containers belonging to the pod. + Init containers are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and is handled according + to its restartPolicy. The name for an init container or normal container must be + unique among all containers. + Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. + The resourceRequirements of an init container are taken into account during scheduling + by finding the highest request/limit for each resource type, and then using the max of + of that value or the sum of the normal containers. Limits are applied to init containers + in a similar fashion. + Init containers cannot currently be added or removed. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ type: array items: description: This is accessible behind a feature flag - kubernetes.podspec-init-containers @@ -2900,7 +4022,10 @@ spec: type: string x-kubernetes-preserve-unknown-fields: true responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. + description: |- + ResponseStartTimeoutSeconds is the maximum duration in seconds that the request + routing layer will wait for a request delivered to a container to begin + sending any network traffic. type: integer format: int64 runtimeClassName: @@ -2916,10 +4041,19 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ type: string + shareProcessNamespace: + description: This is accessible behind a feature flag - kubernetes.podspec-shareproccessnamespace + type: boolean + x-kubernetes-preserve-unknown-fields: true timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. + description: |- + TimeoutSeconds is the maximum duration in seconds that the request instance + is allowed to respond to a request. If unspecified, a system default will + be provided. type: integer format: int64 tolerations: @@ -2937,7 +4071,9 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes type: array items: description: Volume represents a named volume in a pod that may be accessed by any container in the pod. @@ -2950,11 +4086,25 @@ spec: type: object properties: defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. type: integer format: int32 items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. type: array items: description: Maps a string key to a path within a volume. @@ -2967,14 +4117,27 @@ spec: description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. type: integer format: int32 path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap or its keys must be defined @@ -2985,7 +4148,10 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string persistentVolumeClaim: description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim @@ -2996,7 +4162,13 @@ spec: type: object properties: defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. type: integer format: int32 sources: @@ -3011,7 +4183,14 @@ spec: type: object properties: items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. type: array items: description: Maps a string key to a path within a volume. @@ -3024,14 +4203,27 @@ spec: description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. type: integer format: int32 path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap or its keys must be defined @@ -3064,14 +4256,22 @@ spec: type: string x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. type: integer format: int32 path: description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. type: object required: - resource @@ -3095,7 +4295,14 @@ spec: type: object properties: items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. type: array items: description: Maps a string key to a path within a volume. @@ -3108,14 +4315,27 @@ spec: description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. type: integer format: int32 path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional field specify whether the Secret or its key must be defined @@ -3128,25 +4348,53 @@ spec: - path properties: audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. type: string expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. type: integer format: int64 path: - description: path is the path relative to the mount point of the file to project the token into. + description: |- + path is the path relative to the mount point of the file to project the + token into. type: string secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret type: object properties: defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. type: integer format: int32 items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. type: array items: description: Maps a string key to a path within a volume. @@ -3159,17 +4407,29 @@ spec: description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. type: integer format: int32 path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. type: string optional: description: optional field specify whether the Secret or its keys must be defined type: boolean secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret type: string status: description: RevisionStatus communicates the observed state of the Revision (from the controller). @@ -3180,7 +4440,11 @@ spec: type: integer format: int32 annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. type: object additionalProperties: type: string @@ -3188,14 +4452,19 @@ spec: description: Conditions the latest available observations of a resource's current state. type: array items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties type: object required: - status - type properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). type: string message: description: A human readable message indicating details about the transition. @@ -3204,7 +4473,9 @@ spec: description: The reason for the condition's last transition. type: string severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. type: string status: description: Status of the condition, one of True, False, Unknown. @@ -3213,7 +4484,13 @@ spec: description: Type of condition. type: string containerStatuses: - description: 'ContainerStatuses is a slice of images present in .Spec.Container[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' + description: |- + ContainerStatuses is a slice of images present in .Spec.Container[*].Image + to their respective digests and their container name. + The digests are resolved during the creation of Revision. + ContainerStatuses holds the container name and image digests + for both serving and non serving containers. + ref: http://bit.ly/image-digests type: array items: description: ContainerStatus holds the information of container name and image digest value @@ -3228,7 +4505,13 @@ spec: type: integer format: int32 initContainerStatuses: - description: 'InitContainerStatuses is a slice of images present in .Spec.InitContainer[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' + description: |- + InitContainerStatuses is a slice of images present in .Spec.InitContainer[*].Image + to their respective digests and their container name. + The digests are resolved during the creation of Revision. + ContainerStatuses holds the container name and image digests + for both serving and non serving containers. + ref: http://bit.ly/image-digests type: array items: description: ContainerStatus holds the information of container name and image digest value @@ -3239,10 +4522,14 @@ spec: name: type: string logUrl: - description: LogURL specifies the generated logging url for this particular revision based on the revision url template specified in the controller's config. + description: |- + LogURL specifies the generated logging url for this particular revision + based on the revision url template specified in the controller's config. type: string observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. type: integer format: int64 @@ -3269,7 +4556,7 @@ metadata: name: routes.serving.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" spec: @@ -3303,14 +4590,29 @@ spec: jsonPath: ".status.conditions[?(@.type=='Ready')].reason" schema: openAPIV3Schema: - description: 'Route is responsible for configuring ingress over a collection of Revisions. Some of the Revisions a Route distributes traffic over may be specified by referencing the Configuration responsible for creating them; in these cases the Route is additionally responsible for monitoring the Configuration for "latest ready revision" changes, and smoothly rolling out latest revisions. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#route' + description: |- + Route is responsible for configuring ingress over a collection of Revisions. + Some of the Revisions a Route distributes traffic over may be specified by + referencing the Configuration responsible for creating them; in these cases + the Route is additionally responsible for monitoring the Configuration for + "latest ready revision" changes, and smoothly rolling out latest revisions. + See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#route type: object properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -3319,30 +4621,57 @@ spec: type: object properties: traffic: - description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. + description: |- + Traffic specifies how to distribute traffic over a collection of + revisions and configurations. type: array items: description: TrafficTarget holds a single entry of the routing table for a Route. type: object properties: configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. + description: |- + ConfigurationName of a configuration to whose latest revision we will send + this portion of traffic. When the "status.latestReadyRevisionName" of the + referenced configuration changes, we will automatically migrate traffic + from the prior "latest ready" revision to the new one. This field is never + set in Route's status, only its spec. This is mutually exclusive with + RevisionName. type: string latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. + description: |- + LatestRevision may be optionally provided to indicate that the latest + ready Revision of the Configuration should be used for this traffic + target. When provided LatestRevision must be true if RevisionName is + empty; it must be false when RevisionName is non-empty. type: boolean percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' + description: |- + Percent indicates that percentage based routing should be used and + the value indicates the percent of traffic that is be routed to this + Revision or Configuration. `0` (zero) mean no traffic, `100` means all + traffic. + When percentage based routing is being used the follow rules apply: + - the sum of all percent values must equal 100 + - when not specified, the implied value for `percent` is zero for + that particular Revision or Configuration type: integer format: int64 revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. + description: |- + RevisionName of a specific revision to which to send this portion of + traffic. This is mutually exclusive with ConfigurationName. type: string tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. + description: |- + Tag is optionally used to expose a dedicated url for referencing + this target exclusively. type: string url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + description: |- + URL displays the URL for accessing named traffic targets. URL is displayed in + status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and + a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) type: string status: description: Status communicates the observed state of the Route (from the controller). @@ -3353,7 +4682,12 @@ spec: type: object properties: CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + description: |- + CACerts is the Certification Authority (CA) certificates in PEM format + according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + audience: + description: Audience is the OIDC audience for this address. type: string name: description: Name is the name of the address. @@ -3361,7 +4695,11 @@ spec: url: type: string annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. type: object additionalProperties: type: string @@ -3369,14 +4707,19 @@ spec: description: Conditions the latest available observations of a resource's current state. type: array items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties type: object required: - status - type properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). type: string message: description: A human readable message indicating details about the transition. @@ -3385,7 +4728,9 @@ spec: description: The reason for the condition's last transition. type: string severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. type: string status: description: Status of the condition, one of True, False, Unknown. @@ -3394,37 +4739,70 @@ spec: description: Type of condition. type: string observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. type: integer format: int64 traffic: - description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. + description: |- + Traffic holds the configured traffic distribution. + These entries will always contain RevisionName references. + When ConfigurationName appears in the spec, this will hold the + LatestReadyRevisionName that we last observed. type: array items: description: TrafficTarget holds a single entry of the routing table for a Route. type: object properties: configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. + description: |- + ConfigurationName of a configuration to whose latest revision we will send + this portion of traffic. When the "status.latestReadyRevisionName" of the + referenced configuration changes, we will automatically migrate traffic + from the prior "latest ready" revision to the new one. This field is never + set in Route's status, only its spec. This is mutually exclusive with + RevisionName. type: string latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. + description: |- + LatestRevision may be optionally provided to indicate that the latest + ready Revision of the Configuration should be used for this traffic + target. When provided LatestRevision must be true if RevisionName is + empty; it must be false when RevisionName is non-empty. type: boolean percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' + description: |- + Percent indicates that percentage based routing should be used and + the value indicates the percent of traffic that is be routed to this + Revision or Configuration. `0` (zero) mean no traffic, `100` means all + traffic. + When percentage based routing is being used the follow rules apply: + - the sum of all percent values must equal 100 + - when not specified, the implied value for `percent` is zero for + that particular Revision or Configuration type: integer format: int64 revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. + description: |- + RevisionName of a specific revision to which to send this portion of + traffic. This is mutually exclusive with ConfigurationName. type: string tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. + description: |- + Tag is optionally used to expose a dedicated url for referencing + this target exclusively. type: string url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + description: |- + URL displays the URL for accessing named traffic targets. URL is displayed in + status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and + a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) type: string url: - description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} + description: |- + URL holds the url that will distribute traffic over the provided traffic targets. + It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} type: string --- @@ -3449,7 +4827,7 @@ metadata: labels: app.kubernetes.io/name: knative-serving app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -3461,19 +4839,34 @@ spec: status: {} schema: openAPIV3Schema: - description: 'ServerlessService is a proxy for the K8s service objects containing the endpoints for the revision, whether those are endpoints of the activator or revision pods. See: https://knative.page.link/naxz for details.' + description: |- + ServerlessService is a proxy for the K8s service objects containing the + endpoints for the revision, whether those are endpoints of the activator or + revision pods. + See: https://knative.page.link/naxz for details. type: object properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: 'Spec is the desired state of the ServerlessService. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + description: |- + Spec is the desired state of the ServerlessService. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status type: object required: - objectRef @@ -3483,44 +4876,75 @@ spec: description: Mode describes the mode of operation of the ServerlessService. type: string numActivators: - description: NumActivators contains number of Activators that this revision should be assigned. O means — assign all. + description: |- + NumActivators contains number of Activators that this revision should be + assigned. + O means — assign all. type: integer format: int32 objectRef: - description: ObjectRef defines the resource that this ServerlessService is responsible for making "serverless". + description: |- + ObjectRef defines the resource that this ServerlessService + is responsible for making "serverless". type: object properties: apiVersion: description: API version of the referent. type: string fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string x-kubernetes-map-type: atomic protocolType: - description: The application-layer protocol. Matches `RevisionProtocolType` set on the owning pa/revision. serving imports networking, so just use string. + description: |- + The application-layer protocol. Matches `RevisionProtocolType` set on the owning pa/revision. + serving imports networking, so just use string. type: string status: - description: 'Status is the current state of the ServerlessService. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + description: |- + Status is the current state of the ServerlessService. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status type: object properties: annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. type: object additionalProperties: type: string @@ -3528,14 +4952,19 @@ spec: description: Conditions the latest available observations of a resource's current state. type: array items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties type: object required: - status - type properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). type: string message: description: A human readable message indicating details about the transition. @@ -3544,7 +4973,9 @@ spec: description: The reason for the condition's last transition. type: string severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. type: string status: description: Status of the condition, one of True, False, Unknown. @@ -3553,14 +4984,20 @@ spec: description: Type of condition. type: string observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. type: integer format: int64 privateServiceName: - description: PrivateServiceName holds the name of a core K8s Service resource that load balances over the user service pods backing this Revision. + description: |- + PrivateServiceName holds the name of a core K8s Service resource that + load balances over the user service pods backing this Revision. type: string serviceName: - description: ServiceName holds the name of a core K8s Service resource that load balances over the pods backing this Revision (activator or revision). + description: |- + ServiceName holds the name of a core K8s Service resource that + load balances over the pods backing this Revision (activator or revision). type: string additionalPrinterColumns: - name: Mode @@ -3615,7 +5052,7 @@ metadata: name: services.serving.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" duck.knative.dev/podspecable: "true" @@ -3657,19 +5094,49 @@ spec: jsonPath: ".status.conditions[?(@.type=='Ready')].reason" schema: openAPIV3Schema: - description: "Service acts as a top-level container that manages a Route and Configuration which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership. Service acts only as an orchestrator of the underlying Routes and Configurations (much as a kubernetes Deployment orchestrates ReplicaSets), and its usage is optional but recommended. \n The Service's controller will track the statuses of its owned Configuration and Route, reflecting their statuses and conditions as its own. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#service" + description: |- + Service acts as a top-level container that manages a Route and Configuration + which implement a network service. Service exists to provide a singular + abstraction which can be access controlled, reasoned about, and which + encapsulates software lifecycle decisions such as rollout policy and + team resource ownership. Service acts only as an orchestrator of the + underlying Routes and Configurations (much as a kubernetes Deployment + orchestrates ReplicaSets), and its usage is optional but recommended. + + + The Service's controller will track the statuses of its owned Configuration + and Route, reflecting their statuses and conditions as its own. + + + See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#service type: object properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: ServiceSpec represents the configuration for the Service object. A Service's specification is the union of the specifications for a Route and Configuration. The Service restricts what can be expressed in these fields, e.g. the Route must reference the provided Configuration; however, these limitations also enable friendlier defaulting, e.g. Route never needs a Configuration name, and may be defaulted to the appropriate "run latest" spec. + description: |- + ServiceSpec represents the configuration for the Service object. + A Service's specification is the union of the specifications for a Route + and Configuration. The Service restricts what can be expressed in these + fields, e.g. the Route must reference the provided Configuration; + however, these limitations also enable friendlier defaulting, + e.g. Route never needs a Configuration name, and may be defaulted to + the appropriate "run latest" spec. type: object properties: template: @@ -3710,28 +5177,54 @@ spec: description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. type: boolean containerConcurrency: - description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. + description: |- + ContainerConcurrency specifies the maximum allowed in-flight (concurrent) + requests per container of the Revision. Defaults to `0` which means + concurrency to the application is not limited, and the system decides the + target concurrency for the autoscaler. type: integer format: int64 containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. type: array items: description: A single application container that you want to run within a pod. type: object properties: args: - description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell type: array items: type: string command: - description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell type: array items: type: string env: - description: List of environment variables to set in the container. Cannot be updated. + description: |- + List of environment variables to set in the container. + Cannot be updated. type: array items: description: EnvVar represents an environment variable present in a Container. @@ -3743,7 +5236,16 @@ spec: description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment variable's value. Cannot be used if value is not empty. @@ -3759,7 +5261,10 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key must be defined @@ -3785,14 +5290,23 @@ spec: description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must be defined type: boolean x-kubernetes-map-type: atomic envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. type: array items: description: EnvFromSource represents the source of a set of ConfigMaps @@ -3803,7 +5317,10 @@ spec: type: object properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap must be defined @@ -3817,20 +5334,36 @@ spec: type: object properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret must be defined type: boolean x-kubernetes-map-type: atomic image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. type: string imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images type: string livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes type: object properties: exec: @@ -3838,20 +5371,47 @@ spec: type: object properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. type: array items: type: string failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. type: integer format: int32 + grpc: + description: GRPC specifies an action involving a GRPC port. + type: object + required: + - port + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string httpGet: description: HTTPGet specifies the http request to perform. type: object properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. @@ -3864,7 +5424,9 @@ spec: - value properties: name: - description: The header field name + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -3873,16 +5435,23 @@ spec: description: Path to access on the HTTP server. type: string port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. anyOf: - type: integer - type: string x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. type: string initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes type: integer format: int32 periodSeconds: @@ -3890,7 +5459,9 @@ spec: type: integer format: int32 successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. type: integer format: int32 tcpSocket: @@ -3901,20 +5472,36 @@ spec: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. anyOf: - type: integer - type: string x-kubernetes-int-or-string: true timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes type: integer format: int32 name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. type: string ports: - description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. type: array items: description: ContainerPort represents a network port in a single container. @@ -3923,14 +5510,21 @@ spec: - containerPort properties: containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. type: integer format: int32 name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. type: string protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". type: string default: TCP x-kubernetes-list-map-keys: @@ -3938,7 +5532,11 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes type: object properties: exec: @@ -3946,20 +5544,47 @@ spec: type: object properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. type: array items: type: string failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. type: integer format: int32 + grpc: + description: GRPC specifies an action involving a GRPC port. + type: object + required: + - port + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string httpGet: description: HTTPGet specifies the http request to perform. type: object properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. @@ -3972,7 +5597,9 @@ spec: - value properties: name: - description: The header field name + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -3981,16 +5608,23 @@ spec: description: Path to access on the HTTP server. type: string port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. anyOf: - type: integer - type: string x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. type: string initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes type: integer format: int32 periodSeconds: @@ -3998,7 +5632,9 @@ spec: type: integer format: int32 successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. type: integer format: int32 tcpSocket: @@ -4009,21 +5645,59 @@ spec: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. anyOf: - type: integer - type: string x-kubernetes-int-or-string: true timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes type: integer format: int32 resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + type: array + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + type: object + required: + - name + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object additionalProperties: pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ @@ -4032,7 +5706,11 @@ spec: - type: string x-kubernetes-int-or-string: true requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object additionalProperties: pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ @@ -4041,14 +5719,27 @@ spec: - type: string x-kubernetes-int-or-string: true securityContext: - description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ type: object properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. type: boolean capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. type: object properties: add: @@ -4064,39 +5755,89 @@ spec: description: Capability represent POSIX capabilities type type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. type: integer format: int64 runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. type: integer format: int64 seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. type: object required: - type properties: localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. type: string type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. type: string terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. type: string terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. type: string volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. type: array items: description: VolumeMount describes a mounting of a Volume within a container. @@ -4106,19 +5847,29 @@ spec: - name properties: mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. type: string name: description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). type: string workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. type: string dnsConfig: description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig @@ -4138,22 +5889,46 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true idleTimeoutSeconds: - description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided. + description: |- + IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed + to stay open while not receiving any bytes from the user's application. If + unspecified, a system default will be provided. type: integer format: int64 imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod type: array items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. type: object properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string x-kubernetes-map-type: atomic initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' + description: |- + List of initialization containers belonging to the pod. + Init containers are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and is handled according + to its restartPolicy. The name for an init container or normal container must be + unique among all containers. + Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. + The resourceRequirements of an init container are taken into account during scheduling + by finding the highest request/limit for each resource type, and then using the max of + of that value or the sum of the normal containers. Limits are applied to init containers + in a similar fashion. + Init containers cannot currently be added or removed. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ type: array items: description: This is accessible behind a feature flag - kubernetes.podspec-init-containers @@ -4169,7 +5944,10 @@ spec: type: string x-kubernetes-preserve-unknown-fields: true responseStartTimeoutSeconds: - description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic. + description: |- + ResponseStartTimeoutSeconds is the maximum duration in seconds that the request + routing layer will wait for a request delivered to a container to begin + sending any network traffic. type: integer format: int64 runtimeClassName: @@ -4185,10 +5963,19 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ type: string + shareProcessNamespace: + description: This is accessible behind a feature flag - kubernetes.podspec-shareproccessnamespace + type: boolean + x-kubernetes-preserve-unknown-fields: true timeoutSeconds: - description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided. + description: |- + TimeoutSeconds is the maximum duration in seconds that the request instance + is allowed to respond to a request. If unspecified, a system default will + be provided. type: integer format: int64 tolerations: @@ -4206,7 +5993,9 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes type: array items: description: Volume represents a named volume in a pod that may be accessed by any container in the pod. @@ -4219,11 +6008,25 @@ spec: type: object properties: defaultMode: - description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. type: integer format: int32 items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. type: array items: description: Maps a string key to a path within a volume. @@ -4236,14 +6039,27 @@ spec: description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. type: integer format: int32 path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap or its keys must be defined @@ -4254,7 +6070,10 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true name: - description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string persistentVolumeClaim: description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim @@ -4265,7 +6084,13 @@ spec: type: object properties: defaultMode: - description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. type: integer format: int32 sources: @@ -4280,7 +6105,14 @@ spec: type: object properties: items: - description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. type: array items: description: Maps a string key to a path within a volume. @@ -4293,14 +6125,27 @@ spec: description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. type: integer format: int32 path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap or its keys must be defined @@ -4333,14 +6178,22 @@ spec: type: string x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. type: integer format: int32 path: description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. type: object required: - resource @@ -4364,7 +6217,14 @@ spec: type: object properties: items: - description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. type: array items: description: Maps a string key to a path within a volume. @@ -4377,14 +6237,27 @@ spec: description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. type: integer format: int32 path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional field specify whether the Secret or its key must be defined @@ -4397,25 +6270,53 @@ spec: - path properties: audience: - description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. type: string expirationSeconds: - description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. type: integer format: int64 path: - description: path is the path relative to the mount point of the file to project the token into. + description: |- + path is the path relative to the mount point of the file to project the + token into. type: string secret: - description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret type: object properties: defaultMode: - description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. type: integer format: int32 items: - description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. type: array items: description: Maps a string key to a path within a volume. @@ -4428,43 +6329,82 @@ spec: description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. type: integer format: int32 path: - description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. type: string optional: description: optional field specify whether the Secret or its keys must be defined type: boolean secretName: - description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret type: string traffic: - description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. + description: |- + Traffic specifies how to distribute traffic over a collection of + revisions and configurations. type: array items: description: TrafficTarget holds a single entry of the routing table for a Route. type: object properties: configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. + description: |- + ConfigurationName of a configuration to whose latest revision we will send + this portion of traffic. When the "status.latestReadyRevisionName" of the + referenced configuration changes, we will automatically migrate traffic + from the prior "latest ready" revision to the new one. This field is never + set in Route's status, only its spec. This is mutually exclusive with + RevisionName. type: string latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. + description: |- + LatestRevision may be optionally provided to indicate that the latest + ready Revision of the Configuration should be used for this traffic + target. When provided LatestRevision must be true if RevisionName is + empty; it must be false when RevisionName is non-empty. type: boolean percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' + description: |- + Percent indicates that percentage based routing should be used and + the value indicates the percent of traffic that is be routed to this + Revision or Configuration. `0` (zero) mean no traffic, `100` means all + traffic. + When percentage based routing is being used the follow rules apply: + - the sum of all percent values must equal 100 + - when not specified, the implied value for `percent` is zero for + that particular Revision or Configuration type: integer format: int64 revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. + description: |- + RevisionName of a specific revision to which to send this portion of + traffic. This is mutually exclusive with ConfigurationName. type: string tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. + description: |- + Tag is optionally used to expose a dedicated url for referencing + this target exclusively. type: string url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + description: |- + URL displays the URL for accessing named traffic targets. URL is displayed in + status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and + a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) type: string status: description: ServiceStatus represents the Status stanza of the Service resource. @@ -4475,7 +6415,12 @@ spec: type: object properties: CACerts: - description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + description: |- + CACerts is the Certification Authority (CA) certificates in PEM format + according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + audience: + description: Audience is the OIDC audience for this address. type: string name: description: Name is the name of the address. @@ -4483,7 +6428,11 @@ spec: url: type: string annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. type: object additionalProperties: type: string @@ -4491,14 +6440,19 @@ spec: description: Conditions the latest available observations of a resource's current state. type: array items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties type: object required: - status - type properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). type: string message: description: A human readable message indicating details about the transition. @@ -4507,7 +6461,9 @@ spec: description: The reason for the condition's last transition. type: string severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. type: string status: description: Status of the condition, one of True, False, Unknown. @@ -4516,106 +6472,82 @@ spec: description: Type of condition. type: string latestCreatedRevisionName: - description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. + description: |- + LatestCreatedRevisionName is the last revision that was created from this + Configuration. It might not be ready yet, for that use LatestReadyRevisionName. type: string latestReadyRevisionName: - description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". + description: |- + LatestReadyRevisionName holds the name of the latest Revision stamped out + from this Configuration that has had its "Ready" condition become "True". type: string observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. type: integer format: int64 traffic: - description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. + description: |- + Traffic holds the configured traffic distribution. + These entries will always contain RevisionName references. + When ConfigurationName appears in the spec, this will hold the + LatestReadyRevisionName that we last observed. type: array items: description: TrafficTarget holds a single entry of the routing table for a Route. type: object properties: configurationName: - description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. + description: |- + ConfigurationName of a configuration to whose latest revision we will send + this portion of traffic. When the "status.latestReadyRevisionName" of the + referenced configuration changes, we will automatically migrate traffic + from the prior "latest ready" revision to the new one. This field is never + set in Route's status, only its spec. This is mutually exclusive with + RevisionName. type: string latestRevision: - description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. + description: |- + LatestRevision may be optionally provided to indicate that the latest + ready Revision of the Configuration should be used for this traffic + target. When provided LatestRevision must be true if RevisionName is + empty; it must be false when RevisionName is non-empty. type: boolean percent: - description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' + description: |- + Percent indicates that percentage based routing should be used and + the value indicates the percent of traffic that is be routed to this + Revision or Configuration. `0` (zero) mean no traffic, `100` means all + traffic. + When percentage based routing is being used the follow rules apply: + - the sum of all percent values must equal 100 + - when not specified, the implied value for `percent` is zero for + that particular Revision or Configuration type: integer format: int64 revisionName: - description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. + description: |- + RevisionName of a specific revision to which to send this portion of + traffic. This is mutually exclusive with ConfigurationName. type: string tag: - description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. + description: |- + Tag is optionally used to expose a dedicated url for referencing + this target exclusively. type: string url: - description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + description: |- + URL displays the URL for accessing named traffic targets. URL is displayed in + status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and + a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) type: string url: - description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} + description: |- + URL holds the url that will distribute traffic over the provided traffic targets. + It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} type: string ---- -# Copyright 2022 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - # Do not drop -ctrl-ca suffix as control-protocol requires it. - # https://github.com/knative-sandbox/control-protocol/blob/main/pkg/certificates/reconciler/controller.go - name: serving-certs-ctrl-ca - namespace: knative-serving - labels: - serving-certs-ctrl: "data-plane" - networking.internal.knative.dev/certificate-uid: "serving-certs" - -# The data is populated when internal-encryption is enabled. ---- -apiVersion: v1 -kind: Secret -metadata: - name: knative-serving-certs - namespace: knative-serving - labels: - serving-certs-ctrl: "data-plane" - networking.internal.knative.dev/certificate-uid: "serving-certs" - -# The data is populated when internal-encryption is enabled. ---- -apiVersion: v1 -kind: Secret -metadata: - name: control-serving-certs - namespace: knative-serving - labels: - serving-certs-ctrl: "control-plane" - networking.internal.knative.dev/certificate-uid: "serving-certs" - -# The data is populated when internal-encryption is enabled. ---- -apiVersion: v1 -kind: Secret -metadata: - name: routing-serving-certs - namespace: knative-serving - labels: - serving-certs-ctrl: "data-plane-routing" - routing-id: "0" - networking.internal.knative.dev/certificate-uid: "serving-certs" -# The data is populated when internal-encryption is enabled. - --- # Copyright 2018 The Knative Authors # @@ -4639,11 +6571,11 @@ metadata: labels: app.kubernetes.io/component: queue-proxy app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" spec: # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:235423c2c0b8bd2ca264afa3acd102a071ad2bff509efe43cb508f759c0c98d8 + image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:a2d67c5fba7f9f1c84329833be1a7b7d824b3d6f954c9efcb0ddb061cd00521c --- # Copyright 2018 The Knative Authors @@ -4668,7 +6600,7 @@ metadata: labels: app.kubernetes.io/component: autoscaler app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" annotations: knative.dev/example-checksum: "47c2487f" data: @@ -4879,9 +6811,9 @@ metadata: labels: app.kubernetes.io/name: knative-serving app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" annotations: - knative.dev/example-checksum: "e7973912" + knative.dev/example-checksum: "5b64ff5c" data: _example: | ################################ @@ -4909,7 +6841,7 @@ data: # This value must be greater than or equal to revision-timeout-seconds. # If omitted, the system default is used (600 seconds). # - # If this value is increased, the activator's terminationGraceTimeSeconds + # If this value is increased, the activator's terminationGracePeriodSeconds # should also be increased to prevent in-flight requests being disrupted. max-revision-timeout-seconds: "600" # 10 minutes @@ -5034,13 +6966,13 @@ metadata: labels: app.kubernetes.io/name: knative-serving app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" annotations: - knative.dev/example-checksum: "410041a0" + knative.dev/example-checksum: "ed77183a" data: # This is the Go import path for the binary that is containerized # and substituted here. - queue-sidecar-image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:235423c2c0b8bd2ca264afa3acd102a071ad2bff509efe43cb508f759c0c98d8 + queue-sidecar-image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:a2d67c5fba7f9f1c84329833be1a7b7d824b3d6f954c9efcb0ddb061cd00521c _example: |- ################################ # # @@ -5071,15 +7003,18 @@ data: queue-sidecar-cpu-request: "25m" # Sets the queue proxy's CPU limit. - # If omitted, no value is specified and the system default is used. + # If omitted, a default value (currently "1000m"), is used when + # `queueproxy.resource-defaults` is set to `Enabled`. queue-sidecar-cpu-limit: "1000m" # Sets the queue proxy's memory request. - # If omitted, no value is specified and the system default is used. + # If omitted, a default value (currently "400Mi"), is used when + # `queueproxy.resource-defaults` is set to `Enabled`. queue-sidecar-memory-request: "400Mi" # Sets the queue proxy's memory limit. - # If omitted, no value is specified and the system default is used. + # If omitted, a default value (currently "800Mi"), is used when + # `queueproxy.resource-defaults` is set to `Enabled`. queue-sidecar-memory-limit: "800Mi" # Sets the queue proxy's ephemeral storage request. @@ -5126,7 +7061,7 @@ metadata: labels: app.kubernetes.io/name: knative-serving app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" annotations: knative.dev/example-checksum: "26c09de5" data: @@ -5191,9 +7126,9 @@ metadata: labels: app.kubernetes.io/name: knative-serving app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" annotations: - knative.dev/example-checksum: "d3565159" + knative.dev/example-checksum: "632d47dd" data: _example: |- ################################ @@ -5221,9 +7156,15 @@ data: # Indicates whether multi container support is enabled # # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#multi-containers + # See: https://knative.dev/docs/serving/configuration/feature-flags/#multiple-containers multi-container: "enabled" + # Indicates whether multi container probing is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/configuration/feature-flags/#multiple-container-probing + multi-container-probing: "disabled" + # Indicates whether Kubernetes affinity support is enabled # # WARNING: Cannot safely be disabled once enabled. @@ -5297,6 +7238,12 @@ data: # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-security-context kubernetes.podspec-securitycontext: "disabled" + # Indicated whether sharing the process namespace via ShareProcessNamespace pod spec is allowed. + # This can be especially useful for sharing data from images directly between sidecars + # + # See: https://knative.dev/docs/serving/configuration/feature-flags/#kubernetes-share-process-namespace + kubernetes.podspec-shareprocessnamespace: "disabled" + # Indicates whether Kubernetes PriorityClassName support is enabled # # WARNING: Cannot safely be disabled once enabled. @@ -5373,6 +7320,9 @@ data: # NOTE THAT THIS IS AN EXPERIMENTAL / ALPHA FEATURE queueproxy.mount-podinfo: "disabled" + # Default queue proxy resource requests and limits to good values for most cases if set. + queueproxy.resource-defaults: "disabled" + --- # Copyright 2018 The Knative Authors # @@ -5396,7 +7346,7 @@ metadata: labels: app.kubernetes.io/name: knative-serving app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" annotations: knative.dev/example-checksum: "aa3813a8" data: @@ -5496,7 +7446,7 @@ metadata: labels: app.kubernetes.io/name: knative-serving app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" annotations: knative.dev/example-checksum: "f4b71f57" data: @@ -5556,11 +7506,11 @@ metadata: name: config-logging namespace: knative-serving labels: - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/component: logging app.kubernetes.io/name: knative-serving annotations: - knative.dev/example-checksum: "b0f3c6f2" + knative.dev/example-checksum: "53fda05f" data: _example: | ################################ @@ -5614,6 +7564,8 @@ data: loglevel.net-certmanager-controller: "info" loglevel.net-istio-controller: "info" loglevel.net-contour-controller: "info" + loglevel.net-kourier-controller: "info" + loglevel.net-gateway-api-controller: "info" --- # Copyright 2018 The Knative Authors @@ -5638,9 +7590,9 @@ metadata: labels: app.kubernetes.io/name: knative-serving app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" annotations: - knative.dev/example-checksum: "73d96d1b" + knative.dev/example-checksum: "0573e07d" data: _example: | ################################ @@ -5691,7 +7643,7 @@ data: # namespace-wildcard-cert-selector: {} # # Useful labels include the "kubernetes.io/metadata.name" label to - # avoid provisioning a certifcate for the "kube-system" namespaces. + # avoid provisioning a certificate for the "kube-system" namespaces. # Use the following selector to match pre-1.0 behavior of using # "networking.knative.dev/disableWildcardCert" to exclude namespaces: # @@ -5706,7 +7658,7 @@ data: # value is "{{.Name}}.{{.Namespace}}.{{.Domain}}". # # Valid variables defined in the template include Name, Namespace, Domain, - # Labels, and Annotations. Name will be the result of the tagTemplate + # Labels, and Annotations. Name will be the result of the tag-template # below, if a tag is specified for the route. # # Changing this value might be necessary when the extra levels in @@ -5726,22 +7678,51 @@ data: # would be {Name}-{Namespace}.foo.{Domain} domain-template: "{{.Name}}.{{.Namespace}}.{{.Domain}}" - # tagTemplate specifies the golang text template string to use + # tag-template specifies the golang text template string to use # when constructing the DNS name for "tags" within the traffic blocks # of Routes and Configuration. This is used in conjunction with the - # domainTemplate above to determine the full URL for the tag. + # domain-template above to determine the full URL for the tag. tag-template: "{{.Tag}}-{{.Name}}" - # Controls whether TLS certificates are automatically provisioned and - # installed in the Knative ingress to terminate external TLS connection. - # 1. Enabled: enabling auto-TLS feature. - # 2. Disabled: disabling auto-TLS feature. + # auto-tls is deprecated and replaced by external-domain-tls auto-tls: "Disabled" + # Controls whether TLS certificates are automatically provisioned and + # installed in the Knative ingress to terminate TLS connections + # for cluster external domains (like: app.example.com) + # - Enabled: enables the TLS certificate provisioning feature for cluster external domains. + # - Disabled: disables the TLS certificate provisioning feature for cluster external domains. + external-domain-tls: "Disabled" + + # Controls weather TLS certificates are automatically provisioned and + # installed in the Knative ingress to terminate TLS connections + # for cluster local domains (like: app.namespace.svc.) + # - Enabled: enables the TLS certificate provisioning feature for cluster cluster-local domains. + # - Disabled: disables the TLS certificate provisioning feature for cluster cluster local domains. + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + cluster-local-domain-tls: "Disabled" + + # internal-encryption is deprecated and replaced by system-internal-tls + internal-encryption: "false" + + # system-internal-tls controls weather TLS encryption is used for connections between + # the internal components of Knative: + # - ingress to activator + # - ingress to queue-proxy + # - activator to queue-proxy + # + # Possible values for this flag are: + # - Enabled: enables the TLS certificate provisioning feature for cluster cluster-local domains. + # - Disabled: disables the TLS certificate provisioning feature for cluster cluster local domains. + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + system-internal-tls: "Disabled" + # Controls the behavior of the HTTP endpoint for the Knative ingress. - # It requires autoTLS to be enabled. - # 1. Enabled: The Knative ingress will be able to serve HTTP connection. - # 2. Redirected: The Knative ingress will send a 301 redirect for all + # It requires auto-tls to be enabled. + # - Enabled: The Knative ingress will be able to serve HTTP connection. + # - Redirected: The Knative ingress will send a 301 redirect for all # http connections, asking the clients to use HTTPS. # # "Disabled" option is deprecated. @@ -5785,22 +7766,12 @@ data: # - "disabled": always use Pod IPs and do not fall back to Cluster IP on failure. mesh-compatibility-mode: "auto" - # Defines the scheme used for external URLs if autoTLS is not enabled. + # Defines the scheme used for external URLs if auto-tls is not enabled. # This can be used for making Knative report all URLs as "HTTPS" for example, if you're # fronting Knative with an external loadbalancer that deals with TLS termination and # Knative doesn't know about that otherwise. default-external-scheme: "http" - # internal-encryption indicates whether internal traffic is encrypted or not. - # If this is "true", the following traffic are encrypted: - # - ingress to activator - # - ingress to queue-proxy - # - activator to queue-proxy - # - # NOTE: This flag is in an alpha state and is mostly here to enable internal testing - # for now. Use with caution. - internal-encryption: "false" - --- # Copyright 2018 The Knative Authors # @@ -5824,9 +7795,9 @@ metadata: labels: app.kubernetes.io/name: knative-serving app.kubernetes.io/component: observability - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" annotations: - knative.dev/example-checksum: "fed4756e" + knative.dev/example-checksum: "54abd711" data: _example: | ################################ @@ -5899,11 +7870,22 @@ data: # It supports either prometheus (the default) or opencensus. metrics.backend-destination: prometheus + # metrics.reporting-period-seconds specifies the global metrics reporting period for control and data plane components. + # If a zero or negative value is passed the default reporting period is used (10 secs). + # If the attribute is not specified a default value is used per metrics backend. + # For the prometheus backend the default reporting period is 5s while for opencensus it is 60s. + metrics.reporting-period-seconds: "5" + # metrics.request-metrics-backend-destination specifies the request metrics # destination. It enables queue proxy to send request metrics. # Currently supported values: prometheus (the default), opencensus. metrics.request-metrics-backend-destination: prometheus + # metrics.request-metrics-reporting-period-seconds specifies the request metrics reporting period in sec at queue proxy. + # If a zero or negative value is passed the default reporting period is used (10 secs). + # If the attribute is not specified, it is overridden by the value of metrics.reporting-period-seconds. + metrics.request-metrics-reporting-period-seconds: "5" + # profiling.enable indicates whether it is allowed to retrieve runtime profiling data from # the pods via an HTTP server in the format expected by the pprof visualization tool. When # enabled, the Knative Serving pods expose the profiling data on an alternate HTTP port 8008. @@ -5933,7 +7915,7 @@ metadata: labels: app.kubernetes.io/name: knative-serving app.kubernetes.io/component: tracing - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" annotations: knative.dev/example-checksum: "26614636" data: @@ -5990,7 +7972,7 @@ metadata: labels: app.kubernetes.io/component: activator app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" spec: minReplicas: 1 maxReplicas: 20 @@ -6018,7 +8000,7 @@ metadata: labels: app.kubernetes.io/component: activator app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" spec: minAvailable: 80% selector: @@ -6047,7 +8029,7 @@ metadata: namespace: knative-serving labels: app.kubernetes.io/component: activator - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-serving spec: selector: @@ -6061,14 +8043,14 @@ spec: role: activator app.kubernetes.io/component: activator app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" spec: - serviceAccountName: controller + serviceAccountName: activator containers: - name: activator # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/activator@sha256:cf1514926bce0f3b7e3ebf7dcd6e06afab8860cb4ee7509c8595469df1b3a134 + image: gcr.io/knative-releases/knative.dev/serving/cmd/activator@sha256:aa234903dbbe93fd093f49bf16e02b8c1d68492e49344a2d8f6a7b1c0cb4fb05 # The numbers are based on performance test results from # https://github.com/knative/serving/issues/1625#issuecomment-511930023 resources: @@ -6122,17 +8104,11 @@ spec: readinessProbe: httpGet: port: 8012 - httpHeaders: - - name: k-kubelet-probe - value: "activator" periodSeconds: 5 failureThreshold: 5 livenessProbe: httpGet: port: 8012 - httpHeaders: - - name: k-kubelet-probe - value: "activator" periodSeconds: 10 failureThreshold: 12 initialDelaySeconds: 15 @@ -6153,7 +8129,7 @@ metadata: labels: app: activator app.kubernetes.io/component: activator - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-serving spec: selector: @@ -6200,7 +8176,7 @@ metadata: labels: app.kubernetes.io/component: autoscaler app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" spec: replicas: 1 selector: @@ -6216,7 +8192,7 @@ spec: app: autoscaler app.kubernetes.io/component: autoscaler app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" spec: # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: @@ -6233,7 +8209,7 @@ spec: - name: autoscaler # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler@sha256:fd4de65e03bc813714fd52cfd505807bd4dacb95c8636733b414d7b5a74028e9 + image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler@sha256:8d06dbb02dea9e9e53205921f2351f931d69f6fe2db40483f3055391a2b9a406 resources: requests: cpu: 100m @@ -6280,15 +8256,9 @@ spec: readinessProbe: httpGet: port: 8080 - httpHeaders: - - name: k-kubelet-probe - value: "autoscaler" livenessProbe: httpGet: port: 8080 - httpHeaders: - - name: k-kubelet-probe - value: "autoscaler" failureThreshold: 6 --- apiVersion: v1 @@ -6298,7 +8268,7 @@ metadata: app: autoscaler app.kubernetes.io/component: autoscaler app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" name: autoscaler namespace: knative-serving spec: @@ -6339,7 +8309,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" spec: selector: matchLabels: @@ -6350,7 +8320,7 @@ spec: app: controller app.kubernetes.io/component: controller app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" spec: # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: @@ -6367,7 +8337,7 @@ spec: - name: controller # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/controller@sha256:ab2a2f2b7ed9de56f57712a281fc49bf5da944203614cfbf411869e223b8398b + image: gcr.io/knative-releases/knative.dev/serving/cmd/controller@sha256:4983fd526025611041f53aad19f7413082c9dd929c39d3f2fdf9a11c395fec05 resources: requests: cpu: 100m @@ -6429,7 +8399,7 @@ metadata: app: controller app.kubernetes.io/component: controller app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" name: controller namespace: knative-serving spec: @@ -6459,251 +8429,6 @@ spec: # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: apps/v1 -kind: Deployment -metadata: - name: domain-mapping - namespace: knative-serving - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" -spec: - selector: - matchLabels: - app: domain-mapping - template: - metadata: - labels: - app: domain-mapping - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: domain-mapping - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: domain-mapping - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping@sha256:61bd02ca85161b01ebc7e073b29d0adab98d1bde533e46f3b32a8ba43df55a2e - resources: - requests: - cpu: 30m - memory: 40Mi - limits: - cpu: 300m - memory: 400Mi - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - livenessProbe: - httpGet: - path: /health - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 6 - readinessProbe: - httpGet: - path: /readiness - port: probes - scheme: HTTP - periodSeconds: 5 - failureThreshold: 3 - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: probes - containerPort: 8080 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: domainmapping-webhook - namespace: knative-serving - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" -spec: - selector: - matchLabels: - app: domainmapping-webhook - role: domainmapping-webhook - template: - metadata: - labels: - app: domainmapping-webhook - role: domainmapping-webhook - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: domainmapping-webhook - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: domainmapping-webhook - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping-webhook@sha256:92fdeca65e708e70a981c99dbb63ae8c995917e5047bf76e61815dcc75db15c1 - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 500m - memory: 500Mi - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: WEBHOOK_PORT - value: "8443" - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: https-webhook - containerPort: 8443 - readinessProbe: - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - livenessProbe: - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - failureThreshold: 6 - initialDelaySeconds: 20 - # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently - # high value that we respect whatever value it has configured for the lame duck grace period. - terminationGracePeriodSeconds: 300 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - role: domainmapping-webhook - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" - name: domainmapping-webhook - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: https-webhook - port: 443 - targetPort: 8443 - selector: - app: domainmapping-webhook - role: domainmapping-webhook - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: @@ -6712,7 +8437,7 @@ metadata: labels: app.kubernetes.io/component: webhook app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" spec: minReplicas: 1 maxReplicas: 5 @@ -6738,7 +8463,7 @@ metadata: labels: app.kubernetes.io/component: webhook app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" spec: minAvailable: 80% selector: @@ -6767,7 +8492,7 @@ metadata: namespace: knative-serving labels: app.kubernetes.io/component: webhook - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-serving spec: selector: @@ -6780,7 +8505,7 @@ spec: app: webhook role: webhook app.kubernetes.io/component: webhook - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-serving spec: # To avoid node becoming SPOF, spread our replicas to different nodes. @@ -6798,7 +8523,7 @@ spec: - name: webhook # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/webhook@sha256:ac19da8b5d0e3418f216ce09ef713c2fa4eee1231a811a849dfd61587f864cdc + image: gcr.io/knative-releases/knative.dev/serving/cmd/webhook@sha256:a35ba4f27cdd30312c56e83e4e98996700b04eaa33c449cae6d0344741fc7fec resources: requests: cpu: 100m @@ -6847,17 +8572,11 @@ spec: httpGet: scheme: HTTPS port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" livenessProbe: periodSeconds: 1 httpGet: scheme: HTTPS port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" failureThreshold: 6 initialDelaySeconds: 20 # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently @@ -6868,9 +8587,10 @@ apiVersion: v1 kind: Service metadata: labels: + app: webhook role: webhook app.kubernetes.io/component: webhook - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" app.kubernetes.io/name: knative-serving name: webhook namespace: knative-serving @@ -6912,7 +8632,7 @@ metadata: labels: app.kubernetes.io/component: webhook app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -6954,7 +8674,7 @@ metadata: labels: app.kubernetes.io/component: webhook app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -6986,123 +8706,6 @@ webhooks: - revisions - routes - services - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: webhook.domainmapping.serving.knative.dev - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: domainmapping-webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: webhook.domainmapping.serving.knative.dev - timeoutSeconds: 10 - rules: - - apiGroups: - - serving.knative.dev - apiVersions: - - "*" - operations: - - CREATE - - UPDATE - scope: "*" - resources: - - domainmappings - - domainmappings/status - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: domainmapping-webhook-certs - namespace: knative-serving - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" -# The data is populated at install time. - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validation.webhook.domainmapping.serving.knative.dev - labels: - app.kubernetes.io/component: domain-mapping - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: domainmapping-webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: validation.webhook.domainmapping.serving.knative.dev - timeoutSeconds: 10 - rules: - - apiGroups: - - serving.knative.dev - apiVersions: - - "*" - operations: - - CREATE - - UPDATE - - DELETE - scope: "*" - resources: - domainmappings - domainmappings/status @@ -7128,7 +8731,7 @@ metadata: labels: app.kubernetes.io/component: webhook app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -7161,6 +8764,8 @@ webhooks: - revisions - routes - services + - domainmappings + - domainmappings/status --- # Copyright 2020 The Knative Authors @@ -7185,7 +8790,7 @@ metadata: labels: app.kubernetes.io/component: webhook app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.6" + app.kubernetes.io/version: "1.14.0" # The data is populated at install time. --- diff --git a/cmd/operator/kodata/knative-serving/1.10.4/3-serving-hpa.yaml b/cmd/operator/kodata/knative-serving/1.14.0/3-serving-hpa.yaml similarity index 94% rename from cmd/operator/kodata/knative-serving/1.10.4/3-serving-hpa.yaml rename to cmd/operator/kodata/knative-serving/1.14.0/3-serving-hpa.yaml index 9b4f5a7885..83da27b11c 100644 --- a/cmd/operator/kodata/knative-serving/1.10.4/3-serving-hpa.yaml +++ b/cmd/operator/kodata/knative-serving/1.14.0/3-serving-hpa.yaml @@ -21,7 +21,7 @@ metadata: autoscaling.knative.dev/autoscaler-provider: hpa app.kubernetes.io/component: autoscaler-hpa app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" spec: selector: matchLabels: @@ -32,7 +32,7 @@ spec: app: autoscaler-hpa app.kubernetes.io/component: autoscaler-hpa app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" spec: # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: @@ -49,7 +49,7 @@ spec: - name: autoscaler-hpa # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler-hpa@sha256:e7ef03e0307343666db567441f6da11564b7da3f98496436e9d883aca97b6c46 + image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler-hpa@sha256:4d90b3f67684b3d3d540202add69bb40e96cd40900742e357bd4a0e47911466d resources: requests: cpu: 30m @@ -108,7 +108,7 @@ metadata: autoscaling.knative.dev/autoscaler-provider: hpa app.kubernetes.io/component: autoscaler-hpa app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.10.4" + app.kubernetes.io/version: "1.14.0" name: autoscaler-hpa namespace: knative-serving spec: diff --git a/cmd/operator/kodata/knative-serving/1.10.3/4-serving-post-install-jobs.yaml b/cmd/operator/kodata/knative-serving/1.14.0/4-serving-post-install-jobs.yaml similarity index 87% rename from cmd/operator/kodata/knative-serving/1.10.3/4-serving-post-install-jobs.yaml rename to cmd/operator/kodata/knative-serving/1.14.0/4-serving-post-install-jobs.yaml index 15dbed349c..6ba564b4e0 100644 --- a/cmd/operator/kodata/knative-serving/1.10.3/4-serving-post-install-jobs.yaml +++ b/cmd/operator/kodata/knative-serving/1.14.0/4-serving-post-install-jobs.yaml @@ -1,6 +1,6 @@ --- -# /tmp/knative.xmQxTYdJ/tmp.sJhoRkMo6k/serving-storage-version-migration.yaml +# /tmp/knative.eZtnBuZ4/tmp.2uHySd01aO/serving-storage-version-migration.yaml # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -24,7 +24,7 @@ metadata: app: storage-version-migration-serving app.kubernetes.io/name: knative-serving app.kubernetes.io/component: storage-version-migration-job - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" spec: ttlSecondsAfterFinished: 600 backoffLimit: 10 @@ -36,7 +36,7 @@ spec: app: storage-version-migration-serving app.kubernetes.io/name: knative-serving app.kubernetes.io/component: storage-version-migration-job - app.kubernetes.io/version: "1.10.3" + app.kubernetes.io/version: "1.14.0" spec: serviceAccountName: controller restartPolicy: OnFailure @@ -44,12 +44,13 @@ spec: - name: migrate # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-releases/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:d398758c97b8cf2f2bd9b92188bab1c581805bd414b1a05734c64fedb95ca0da + image: gcr.io/knative-releases/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:377888a0b7ba3887609cdbb1a603e67ce949203d394688826e19c81a405dc1b0 args: - "services.serving.knative.dev" - "configurations.serving.knative.dev" - "revisions.serving.knative.dev" - "routes.serving.knative.dev" + - "domainmappings.serving.knative.dev" resources: requests: cpu: 100m diff --git a/hack/update-codegen.sh b/hack/update-codegen.sh index 188ae6d5bf..e823ad671d 100755 --- a/hack/update-codegen.sh +++ b/hack/update-codegen.sh @@ -22,7 +22,7 @@ source $(dirname $0)/../vendor/knative.dev/hack/codegen-library.sh # If we run with -mod=vendor here, then generate-groups.sh looks for vendor files in the wrong place. export GOFLAGS=-mod= -readonly RELEASE_VERSION="v1.13" +readonly RELEASE_VERSION="v1.14" boilerplate="${REPO_ROOT_DIR}/hack/boilerplate/boilerplate.go.txt" diff --git a/pkg/reconciler/knativeserving/security/securityguard.go b/pkg/reconciler/knativeserving/security/securityguard.go index 4a77e0c1fd..f207e84fac 100644 --- a/pkg/reconciler/knativeserving/security/securityguard.go +++ b/pkg/reconciler/knativeserving/security/securityguard.go @@ -33,10 +33,10 @@ import ( var ( // SecurityGuardVersion is the hash map to maintain the relationship between knative version and the security guard version SecurityGuardVersion = map[string]string{ + "v1.14": "0.6", "v1.13": "0.6", "v1.12": "0.6", "v1.11": "0.6", - "v1.10": "0.6", } // QueueProxyMountPodInfoKey is the key for the QueueProxyMountPodInfo diff --git a/test/e2e-common.sh b/test/e2e-common.sh index 13d74c3cc3..150b1c9dfe 100755 --- a/test/e2e-common.sh +++ b/test/e2e-common.sh @@ -23,9 +23,9 @@ readonly PREVIOUS_SERVING_RELEASE_VERSION="1.13" readonly PREVIOUS_EVENTING_RELEASE_VERSION="1.13" # The target serving/eventing release to upgrade, installed by the operator. It can be a release available under # kodata or an incoming new release. This value should be in the semantic format of major.minor. -readonly TARGET_RELEASE_VERSION="latest" +readonly TARGET_RELEASE_VERSION="1.14" # This is the branch name of knative repos, where we run the upgrade tests. -readonly KNATIVE_REPO_BRANCH="${PULL_BASE_REF}" +readonly KNATIVE_REPO_BRANCH="release-1.13" # Namespaces used for tests # This environment variable TEST_NAMESPACE defines the namespace to install Knative Serving. export TEST_NAMESPACE="${TEST_NAMESPACE:-knative-operator-testing}"