knative
/
serving
mirror of https://github.com/knative/serving.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Drop the use dprotaso/controller-tools fork (#15664) 

* Drop the use dprotaso/controller-tools fork

Keeping the fork up to date is not really tenable and it's
fairly complex. We now simply manipulate the resulting
CRD yaml after generation

* go mod tidy

* Prune the allowed scaleTargetRef fields

* allow containers.privileged

* update overrides to include hostPath feature flag

* refactor function for readability

* refactor feature key constants to prevent typos

* drop schema patch config file

* close encoder prior to writing the file
This commit is contained in:
Dave Protasowski 2025-01-09 08:33:19 -05:00 committed by GitHub
parent 8a37b89c19
commit 3216ab31bc
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
11 changed files with 1049 additions and 739 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

243
cmd/schema-tweak/main.go Normal file
View File

@ -0,0 +1,243 @@
/*
Copyright 2024 The Knative Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package main
import (
"bytes"
"fmt"
"io/fs"
"log"
"os"
"path/filepath"
"strings"
"gopkg.in/yaml.v3"
"k8s.io/apimachinery/pkg/util/sets"
)
const resourcesDir = "config/core/300-resources"
func main() {
files, err := os.ReadDir(resourcesDir)
if err != nil {
log.Fatalln("failed to read CRD directory", err)
}
for _, file := range files {
if !strings.HasSuffix(file.Name(), ".yaml") || !file.Type().IsRegular() {
continue
}
processFile(file)
}
}
func processFile(file fs.DirEntry) {
fmt.Println("Processing", file.Name())
filename := filepath.Join(resourcesDir, file.Name())
fbytes, err := os.ReadFile(filename)
if err != nil {
log.Fatalln("failed to read CRD", err)
}
var root yaml.Node
if err := yaml.Unmarshal(fbytes, &root); err != nil {
log.Fatalln("failed to unmarshal CRD", err)
}
buf := bytes.Buffer{}
enc := yaml.NewEncoder(&buf)
enc.SetIndent(2)
// document node => content[0] => crd map
applyOverrides(root.Content[0])
if err = enc.Encode(&root); err != nil {
log.Fatalln("failed to marshal CRD", err)
}
if err = enc.Close(); err != nil {
log.Fatalln("failed to close yaml encoder", err)
}
if err = os.WriteFile(filename, buf.Bytes(), file.Type().Perm()); err != nil {
log.Fatalln("failed to write CRD", err)
}
}
func applyOverrides(root *yaml.Node) {
for _, override := range overrides {
crdName := stringValue(root, "metadata.name")
if crdName != override.crdName {
continue
}
versions := arrayValue(root, "spec.versions")
for _, version := range versions {
for _, entry := range override.entries {
schemaNode := mapValue(version, "schema.openAPIV3Schema")
applyOverrideEntry(schemaNode, entry)
}
}
}
}
func applyOverrideEntry(node *yaml.Node, entry entry) {
for _, segment := range strings.Split(entry.path, ".") {
node = children(node)
node = mapValue(node, segment)
if node == nil {
log.Fatalf("node at path %q not found\n", entry.path)
}
}
if node.Kind != yaml.MappingNode {
log.Fatalf("node at path %q not a mapping node\n", entry.path)
}
if entry.description != "" {
setString(node, "description", entry.description)
}
switch dataType(node) {
case "array":
case "object":
default:
// if we're at a leaf node then other operations are a noop
return
}
dropRequiredFields(node, entry.dropRequired)
filterAllowedFields(node, entry.allowedFields, entry.featureFlagFields)
updateFeatureFlags(node, entry.featureFlagFields)
if entry.dropListType {
deleteKey(node, "x-kubernetes-list-map-keys")
deleteKey(node, "x-kubernetes-list-type")
}
}
func updateFeatureFlags(node *yaml.Node, features []flagField) {
node = children(node)
for _, feature := range features {
propNode := mapValue(node, feature.name)
updateFeatureFlagProperty(propNode, feature)
}
}
func updateFeatureFlagProperty(root *yaml.Node, f flagField) {
desc := fmt.Sprintf("This is accessible behind a feature flag - %s", f.flag)
setString(root, "description", desc)
node := root
switch dataType(root) {
case "array":
node = items(root)
setString(root, "items.description", desc)
deleteKeysExcluding(node, "description", "type", "x-kubernetes-map-type")
deleteKeysExcluding(root, "description", "type", "items")
case "object":
if mapValue(node, "properties") == nil {
// no child elements - so probably a map or dual type (int||str)
return
}
deleteKeysExcluding(node, "description", "type", "x-kubernetes-map-type")
default:
return
}
node.Content = append(node.Content,
&yaml.Node{
Kind: yaml.ScalarNode,
Tag: "!!str",
Style: yaml.FlowStyle,
Value: "x-kubernetes-preserve-unknown-fields",
},
&yaml.Node{
Kind: yaml.ScalarNode,
Tag: "!!bool",
Style: yaml.FlowStyle,
Value: "true",
},
)
}
func filterAllowedFields(node *yaml.Node, allowed sets.Set[string], features []flagField) {
allowed = allowed.Clone()
for _, feature := range features {
allowed.Insert(feature.name)
}
if allowed.Len() == 0 {
return
}
propNode := children(node)
keysToDelete := sets.Set[string]{}
for i := 0; i < len(propNode.Content); i += 2 {
keyNode := propNode.Content[i]
if !allowed.Has(keyNode.Value) {
keysToDelete.Insert(keyNode.Value)
}
}
for _, key := range keysToDelete.UnsortedList() {
deleteKey(propNode, key)
}
}
func dropRequiredFields(node *yaml.Node, fields sets.Set[string]) {
dataType := dataType(node)
switch dataType {
case "array":
node = items(node)
}
required := arrayValue(node, "required")
if len(required) == 0 {
deleteKey(node, "required")
return
}
for i := 0; i < len(required); i++ {
if fields.Has(required[i].Value) {
required = append(required[:i], required[i+1:]...)
break
}
}
if len(required) == 0 {
deleteKey(node, "required")
} else {
setArray(node, "required", required)
}
}

423
cmd/schema-tweak/overrides.go Normal file
View File

@ -0,0 +1,423 @@
/*
Copyright 2024 The Knative Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package main
import (
"fmt"
"reflect"
"strings"
"k8s.io/apimachinery/pkg/util/sets"
"knative.dev/serving/pkg/apis/config"
v1 "knative.dev/serving/pkg/apis/serving/v1"
)
type override struct {
crdName string
entries []entry
}
type entry struct {
path string
description string
allowedFields sets.Set[string]
featureFlagFields []flagField
dropRequired sets.Set[string]
// Drops list-type
// x-kubernetes-list-map-keys:
// - name
// x-kubernetes-list-type: map
dropListType bool
}
type flagField struct {
name string
flag string
}
var overrides = []override{{
crdName: "services.serving.knative.dev",
entries: revSpecOverrides("spec.template.spec"),
}, {
crdName: "configurations.serving.knative.dev",
entries: revSpecOverrides("spec.template.spec"),
}, {
crdName: "revisions.serving.knative.dev",
entries: revSpecOverrides("spec"),
}, {
crdName: "podautoscalers.autoscaling.internal.knative.dev",
entries: []entry{{
path: "spec.scaleTargetRef",
allowedFields: sets.New(
"apiVersion",
"kind",
"name",
),
}},
}}
func revSpecOverrides(prefixPath string) []entry {
entries := []entry{{
allowedFields: sets.New(
"automountServiceAccountToken",
"containers",
"enableServiceLinks",
"imagePullSecrets",
"serviceAccountName",
"volumes",
).Insert(revisionSpecFields()...),
featureFlagFields: []flagField{
{name: "affinity", flag: config.FeaturePodSpecAffinity},
{name: "dnsConfig", flag: config.FeaturePodSpecDNSConfig},
{name: "dnsPolicy", flag: config.FeaturePodSpecDNSPolicy},
{name: "hostAliases", flag: config.FeaturePodSpecHostAliases},
{name: "hostIPC", flag: config.FeaturePodSpecHostIPC},
{name: "hostNetwork", flag: config.FeaturePodSpecHostNetwork},
{name: "hostPID", flag: config.FeaturePodSpecHostPID},
{name: "initContainers", flag: config.FeaturePodSpecInitContainers},
{name: "nodeSelector", flag: config.FeaturePodSpecNodeSelector},
{name: "priorityClassName", flag: config.FeaturePodSpecPriorityClassName},
{name: "runtimeClassName", flag: config.FeaturePodSpecRuntimeClassName},
{name: "schedulerName", flag: config.FeaturePodSpecSchedulerName},
{name: "securityContext", flag: config.FeaturePodSpecSecurityContext},
{name: "shareProcessNamespace", flag: config.FeaturePodSpecShareProcessNamespace},
{name: "tolerations", flag: config.FeaturePodSpecTolerations},
{name: "topologySpreadConstraints", flag: config.FeaturePodSpecTopologySpreadConstraints},
},
}, {
path: "containers",
dropListType: true,
dropRequired: sets.New("name"),
allowedFields: sets.New(
"args",
"command",
"env",
"envFrom",
"image",
"imagePullPolicy",
"livenessProbe",
"name",
"ports",
"readinessProbe",
"resources",
"securityContext",
"startupProbe",
"terminationMessagePath",
"terminationMessagePolicy",
"volumeMounts",
"workingDir",
),
}, {
path: "containers.ports",
dropListType: true,
dropRequired: sets.New("containerPort"),
allowedFields: sets.New(
"containerPort",
"name",
"protocol",
),
}, {
path: "containers.securityContext",
allowedFields: sets.New(
"allowPrivilegeEscalation",
"capabilities",
"privileged",
"readOnlyRootFilesystem",
"runAsGroup",
"runAsNonRoot",
"runAsUser",
"seccompProfile",
),
}, {
path: "containers.securityContext.privileged",
description: "Run container in privileged mode. This can only be set to explicitly to 'false'",
}, {
path: "containers.securityContext.capabilities",
allowedFields: sets.New(
"add",
"drop",
),
}, {
path: "containers.securityContext.capabilities.add",
description: fmt.Sprintf("This is accessible behind a feature flag - %s",
config.FeatureContainerSpecAddCapabilities),
}, {
path: "containers.resources",
allowedFields: sets.New(
"limits",
"requests",
),
}, {
path: "containers.env",
allowedFields: sets.New(
"name",
"value",
"valueFrom",
),
}, {
path: "containers.env.valueFrom",
allowedFields: sets.New(
"configMapKeyRef",
"secretKeyRef",
),
featureFlagFields: []flagField{{
name: "fieldRef",
flag: config.FeaturePodSpecFieldRef,
}, {
name: "resourceFieldRef",
flag: config.FeaturePodSpecFieldRef,
}},
}, {
path: "containers.env.valueFrom.configMapKeyRef",
allowedFields: sets.New(
"name",
"key",
"optional",
),
}, {
path: "containers.env.valueFrom.secretKeyRef",
allowedFields: sets.New(
"name",
"key",
"optional",
),
}, {
path: "containers.envFrom",
allowedFields: sets.New(
"prefix",
"configMapRef",
"secretRef",
),
}, {
path: "containers.envFrom.configMapRef",
allowedFields: sets.New(
"name",
"optional",
),
}, {
path: "containers.envFrom.secretRef",
allowedFields: sets.New(
"name",
"optional",
),
}, {
path: "enableServiceLinks",
description: "EnableServiceLinks indicates whether information about" +
"services should be injected into pod's environment variables, " +
"matching the syntax of Docker links. Optional: Knative defaults this to false.",
}, {
path: "containers.volumeMounts",
allowedFields: sets.New(
"name",
"readOnly",
"mountPath",
"subPath",
),
}, {
path: "volumes",
allowedFields: sets.New(
"name",
"secret",
"configMap",
"projected",
),
featureFlagFields: []flagField{{
name: "emptyDir",
flag: config.FeaturePodSpecEmptyDir,
}, {
name: "persistentVolumeClaim",
flag: config.FeaturePodSpecPVClaim,
}, {
name: "hostPath",
flag: config.FeaturePodSpecHostPath,
}},
}, {
path: "volumes.secret",
allowedFields: sets.New(
"defaultMode",
"items",
"optional",
"secretName",
),
}, {
path: "volumes.secret.items",
allowedFields: sets.New(
"key",
"path",
"mode",
),
}, {
path: "volumes.configMap",
allowedFields: sets.New(
"defaultMode",
"items",
"optional",
"name",
),
}, {
path: "volumes.configMap.items",
allowedFields: sets.New(
"key",
"path",
"mode",
),
}, {
path: "volumes.projected",
allowedFields: sets.New(
"defaultMode",
"sources",
),
}, {
path: "volumes.projected.sources",
allowedFields: sets.New(
// "clusterTrustBundle",
"configMap",
"downwardAPI",
"secret",
"serviceAccountToken",
),
}, {
path: "volumes.projected.sources.configMap",
allowedFields: sets.New(
"items",
"name",
"optional",
),
}, {
path: "volumes.projected.sources.configMap.items",
allowedFields: sets.New(
"key",
"path",
"mode",
),
}, {
path: "volumes.projected.sources.secret",
allowedFields: sets.New(
"items",
"name",
"optional",
),
}, {
path: "volumes.projected.sources.secret.items",
allowedFields: sets.New(
"key",
"path",
"mode",
),
}, {
path: "volumes.projected.sources.serviceAccountToken",
allowedFields: sets.New(
"audience",
"expirationSeconds",
"path",
),
}, {
path: "volumes.projected.sources.downwardAPI",
allowedFields: sets.New(
"items",
),
}, {
path: "volumes.projected.sources.downwardAPI.items",
allowedFields: sets.New(
"path",
"fieldRef",
"mode",
"resourceFieldRef",
),
}}
probes := []string{"livenessProbe", "readinessProbe", "startupProbe"}
for _, probe := range probes {
entries = append(entries, entry{
path: fmt.Sprintf("containers.%s", probe),
allowedFields: sets.New(
"initialDelaySeconds",
"timeoutSeconds",
"periodSeconds",
"successThreshold",
"failureThreshold",
// probe handlers
"httpGet",
"exec",
"tcpSocket",
"grpc",
),
})
entries = append(entries, entry{
path: fmt.Sprintf("containers.%s.periodSeconds", probe),
description: "How often (in seconds) to perform the probe.",
}, entry{
path: fmt.Sprintf("containers.%s.httpGet", probe),
dropRequired: sets.New("port"),
allowedFields: sets.New(
"host",
"httpHeaders",
"path",
"port",
"scheme",
),
}, entry{
path: fmt.Sprintf("containers.%s.exec", probe),
allowedFields: sets.New("command"),
}, entry{
path: fmt.Sprintf("containers.%s.tcpSocket", probe),
dropRequired: sets.New("port"),
allowedFields: sets.New(
"host",
"port",
),
}, entry{
path: fmt.Sprintf("containers.%s.grpc", probe),
dropRequired: sets.New("port"),
allowedFields: sets.New(
"port",
"service",
),
})
}
for i := range entries {
if entries[i].path == "" {
entries[i].path = prefixPath
} else {
entries[i].path = prefixPath + "." + entries[i].path
}
}
return entries
}
func revisionSpecFields() []string {
var (
fields []string
revType = reflect.TypeOf(v1.RevisionSpec{})
)
for i := 0; i < revType.NumField(); i++ {
if revType.Field(i).Name == "PodSpec" {
continue
}
jsonTag := revType.Field(i).Tag.Get("json")
fields = append(fields, strings.Split(jsonTag, ",")[0])
}
return fields
}

154
cmd/schema-tweak/yaml.go Normal file
View File

@ -0,0 +1,154 @@
/*
Copyright 2024 The Knative Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package main
import (
"log"
"strings"
"gopkg.in/yaml.v3"
"k8s.io/apimachinery/pkg/util/sets"
)
func mapValue(node *yaml.Node, path string) *yaml.Node {
segments := strings.Split(path, ".")
outer:
for _, segment := range segments {
if node.Kind != yaml.MappingNode {
log.Panicf("node at segment %q not a mapping node\n", segment)
}
for i := 0; i < len(node.Content); i += 2 {
keyNode := node.Content[i]
valueNode := node.Content[i+1]
if keyNode.Value == segment {
node = valueNode
continue outer
}
}
return nil
}
return node
}
func stringValue(node *yaml.Node, path string) string {
if path != "" {
node = mapValue(node, path)
}
if node == nil {
log.Panicf("node at path %q not found\n", path)
}
if node.Kind != yaml.ScalarNode {
log.Panicf("node at path %q not a scalar node\n", path)
}
if node.ShortTag() != "!!str" {
log.Panicf("node at path %q not a string node\n", path)
}
return node.Value
}
func arrayValue(node *yaml.Node, path string) []*yaml.Node {
node = mapValue(node, path)
if node == nil {
return nil
}
if node.Kind != yaml.SequenceNode {
log.Panicf("node at path %q not a sequence node\n", path)
}
return node.Content
}
func setArray(node *yaml.Node, path string, values []*yaml.Node) {
node = mapValue(node, path)
if node.Kind != yaml.SequenceNode {
log.Panicf("node at path %q not a sequence node\n", path)
}
node.Content = values
}
func deleteKey(node *yaml.Node, key string) {
if node.Kind != yaml.MappingNode {
log.Panicf("node is not mapping node")
}
for i := 0; i < len(node.Content); i += 2 {
keyNode := node.Content[i]
if keyNode.Value == key {
node.Content = append(node.Content[:i], node.Content[i+2:]...)
return
}
}
}
func children(node *yaml.Node) *yaml.Node {
dataType := dataType(node)
switch dataType {
case "object":
return properties(node)
case "array":
return properties(items(node))
default:
log.Panicf("node has no children")
return nil
}
}
func properties(node *yaml.Node) *yaml.Node {
return mapValue(node, "properties")
}
func items(node *yaml.Node) *yaml.Node {
return mapValue(node, "items")
}
func dataType(node *yaml.Node) string {
return stringValue(node, "type")
}
func setString(node *yaml.Node, path, value string) {
if path != "" {
node = mapValue(node, path)
}
node.Value = value
}
func deleteKeysExcluding(node *yaml.Node, keys ...string) {
keySet := sets.New(keys...)
for i := 0; i < len(node.Content); i += 2 {
keyNode := node.Content[i]
if !keySet.Has(keyNode.Value) {
node.Content = append(node.Content[:i], node.Content[i+2:]...)
i -= 2 // reset index
}
}
}

168
config/core/300-resources/configuration.yaml
View File

@ -216,9 +216,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
default: ""
optional:
@ -226,15 +224,17 @@ spec:
type: boolean
x-kubernetes-map-type: atomic
fieldRef:
description: This is accessible behind a feature flag - kubernetes.podspec-fieldref
description: |-
This is accessible behind a feature flag - kubernetes.podspec-fieldref
type: object
x-kubernetes-preserve-unknown-fields: true
x-kubernetes-map-type: atomic
x-kubernetes-preserve-unknown-fields: true
resourceFieldRef:
description: This is accessible behind a feature flag - kubernetes.podspec-fieldref
description: |-
This is accessible behind a feature flag - kubernetes.podspec-fieldref
type: object
x-kubernetes-preserve-unknown-fields: true
x-kubernetes-map-type: atomic
x-kubernetes-preserve-unknown-fields: true
secretKeyRef:
description: Selects a key of a secret in the pod's namespace
type: object
@ -250,9 +250,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
default: ""
optional:
@ -285,9 +283,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
default: ""
optional:
@ -307,9 +303,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
default: ""
optional:
@ -364,8 +358,6 @@ spec:
grpc:
description: GRPC specifies an action involving a GRPC port.
type: object
required:
- port
properties:
port:
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@ -376,9 +368,9 @@ spec:
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
type: string
default: ""
httpGet:
description: HTTPGet specifies the http request to perform.
type: object
@ -431,7 +423,8 @@ spec:
type: integer
format: int32
periodSeconds:
description: How often (in seconds) to perform the probe.
description: |-
How often (in seconds) to perform the probe.
type: integer
format: int32
successThreshold:
@ -482,8 +475,6 @@ spec:
items:
description: ContainerPort represents a network port in a single container.
type: object
required:
- containerPort
properties:
containerPort:
description: |-
@ -503,10 +494,6 @@ spec:
Defaults to "TCP".
type: string
default: TCP
x-kubernetes-list-map-keys:
- containerPort
- protocol
x-kubernetes-list-type: map
readinessProbe:
description: |-
Periodic probe of container service readiness.
@ -539,8 +526,6 @@ spec:
grpc:
description: GRPC specifies an action involving a GRPC port.
type: object
required:
- port
properties:
port:
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@ -551,9 +536,9 @@ spec:
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
type: string
default: ""
httpGet:
description: HTTPGet specifies the http request to perform.
type: object
@ -606,7 +591,8 @@ spec:
type: integer
format: int32
periodSeconds:
description: How often (in seconds) to perform the probe.
description: |-
How often (in seconds) to perform the probe.
type: integer
format: int32
successThreshold:
@ -645,33 +631,6 @@ spec:
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
properties:
claims:
description: |-
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
type: array
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
type: object
required:
- name
properties:
name:
description: |-
Name must match the name of one entry in pod.spec.resourceClaims of
the Pod where this field is used. It makes that resource available
inside a container.
type: string
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
description: |-
Limits describes the maximum amount of compute resources allowed.
@ -736,10 +695,7 @@ spec:
x-kubernetes-list-type: atomic
privileged:
description: |-
Run container in privileged mode.
Processes in privileged containers are essentially equivalent to root on the host.
Defaults to false.
Note that this field cannot be set when spec.os.name is windows.
Run container in privileged mode. This can only be set to explicitly to 'false'
type: boolean
readOnlyRootFilesystem:
description: |-
@ -796,7 +752,6 @@ spec:
type indicates which kind of seccomp profile will be applied.
Valid options are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
@ -836,8 +791,6 @@ spec:
grpc:
description: GRPC specifies an action involving a GRPC port.
type: object
required:
- port
properties:
port:
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@ -848,9 +801,9 @@ spec:
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
type: string
default: ""
httpGet:
description: HTTPGet specifies the http request to perform.
type: object
@ -903,7 +856,8 @@ spec:
type: integer
format: int32
periodSeconds:
description: How often (in seconds) to perform the probe.
description: |-
How often (in seconds) to perform the probe.
type: integer
format: int32
successThreshold:
@ -996,34 +950,39 @@ spec:
Cannot be updated.
type: string
dnsConfig:
description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig
description: |-
This is accessible behind a feature flag - kubernetes.podspec-dnsconfig
type: object
x-kubernetes-preserve-unknown-fields: true
dnsPolicy:
description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy
description: |-
This is accessible behind a feature flag - kubernetes.podspec-dnspolicy
type: string
enableServiceLinks:
description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.'
description: |-
EnableServiceLinks indicates whether information aboutservices should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.
type: boolean
hostAliases:
description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases
description: |-
This is accessible behind a feature flag - kubernetes.podspec-hostaliases
type: array
items:
description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases
description: |-
This is accessible behind a feature flag - kubernetes.podspec-hostaliases
type: object
x-kubernetes-preserve-unknown-fields: true
hostIPC:
description: This is accessible behind a feature flag - kubernetes.podspec-hostipc
description: |-
This is accessible behind a feature flag - kubernetes.podspec-hostipc
type: boolean
x-kubernetes-preserve-unknown-fields: true
hostNetwork:
description: This is accessible behind a feature flag - kubernetes.podspec-hostnetwork
description: |-
This is accessible behind a feature flag - kubernetes.podspec-hostnetwork
type: boolean
x-kubernetes-preserve-unknown-fields: true
hostPID:
description: This is accessible behind a feature flag - kubernetes.podspec-hostpid
description: |-
This is accessible behind a feature flag - kubernetes.podspec-hostpid
type: boolean
x-kubernetes-preserve-unknown-fields: true
idleTimeoutSeconds:
description: |-
IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed
@ -1049,9 +1008,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
default: ""
x-kubernetes-map-type: atomic
@ -1060,33 +1017,23 @@ spec:
x-kubernetes-list-type: map
initContainers:
description: |-
List of initialization containers belonging to the pod.
Init containers are executed in order prior to containers being started. If any
init container fails, the pod is considered to have failed and is handled according
to its restartPolicy. The name for an init container or normal container must be
unique among all containers.
Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
The resourceRequirements of an init container are taken into account during scheduling
by finding the highest request/limit for each resource type, and then using the max of
of that value or the sum of the normal containers. Limits are applied to init containers
in a similar fashion.
Init containers cannot currently be added or removed.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
This is accessible behind a feature flag - kubernetes.podspec-init-containers
type: array
items:
description: This is accessible behind a feature flag - kubernetes.podspec-init-containers
type: object
x-kubernetes-preserve-unknown-fields: true
nodeSelector:
description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector
description: |-
This is accessible behind a feature flag - kubernetes.podspec-nodeselector
type: object
x-kubernetes-preserve-unknown-fields: true
additionalProperties:
type: string
x-kubernetes-map-type: atomic
priorityClassName:
description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname
description: |-
This is accessible behind a feature flag - kubernetes.podspec-priorityclassname
type: string
x-kubernetes-preserve-unknown-fields: true
responseStartTimeoutSeconds:
description: |-
ResponseStartTimeoutSeconds is the maximum duration in seconds that the request
@ -1095,15 +1042,16 @@ spec:
type: integer
format: int64
runtimeClassName:
description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname
description: |-
This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname
type: string
x-kubernetes-preserve-unknown-fields: true
schedulerName:
description: This is accessible behind a feature flag - kubernetes.podspec-schedulername
description: |-
This is accessible behind a feature flag - kubernetes.podspec-schedulername
type: string
x-kubernetes-preserve-unknown-fields: true
securityContext:
description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext
description: |-
This is accessible behind a feature flag - kubernetes.podspec-securitycontext
type: object
x-kubernetes-preserve-unknown-fields: true
serviceAccountName:
@ -1112,9 +1060,9 @@ spec:
More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
type: string
shareProcessNamespace:
description: This is accessible behind a feature flag - kubernetes.podspec-shareproccessnamespace
description: |-
This is accessible behind a feature flag - kubernetes.podspec-shareprocessnamespace
type: boolean
x-kubernetes-preserve-unknown-fields: true
timeoutSeconds:
description: |-
TimeoutSeconds is the maximum duration in seconds that the request instance
@ -1126,12 +1074,13 @@ spec:
description: This is accessible behind a feature flag - kubernetes.podspec-tolerations
type: array
items:
description: This is accessible behind a feature flag - kubernetes.podspec-tolerations
description: |-
This is accessible behind a feature flag - kubernetes.podspec-tolerations
type: object
x-kubernetes-preserve-unknown-fields: true
x-kubernetes-list-type: atomic
topologySpreadConstraints:
description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints
description: |-
This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints
type: array
items:
description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints
@ -1207,9 +1156,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
default: ""
optional:
@ -1217,11 +1164,13 @@ spec:
type: boolean
x-kubernetes-map-type: atomic
emptyDir:
description: This is accessible behind a feature flag - kubernetes.podspec-emptydir
description: |-
This is accessible behind a feature flag - kubernetes.podspec-volumes-emptydir
type: object
x-kubernetes-preserve-unknown-fields: true
hostPath:
description: This is accessible behind a feature flag - kubernetes.podspec-hostpath
description: |-
This is accessible behind a feature flag - kubernetes.podspec-volumes-hostpath
type: object
x-kubernetes-preserve-unknown-fields: true
name:
@ -1231,7 +1180,8 @@ spec:
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
persistentVolumeClaim:
description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim
description: |-
This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim
type: object
x-kubernetes-preserve-unknown-fields: true
projected:
@ -1303,9 +1253,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
default: ""
optional:
@ -1422,9 +1370,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
default: ""
optional:

2
config/core/300-resources/domain-mapping.yaml
View File

@ -72,13 +72,11 @@ spec:
description: |-
Ref specifies the target of the Domain Mapping.
The object identified by the Ref must be an Addressable with a URL of the
form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain,
and `{name}` and `{namespace}` are the name and namespace of a Kubernetes
Service.
This contract is satisfied by Knative types such as Knative Services and
Knative Routes, and by Kubernetes Services.
type: object

169
config/core/300-resources/revision.yaml
View File

@ -67,7 +67,6 @@ spec:
references a container image. Revisions are created by updates to a
Configuration.
See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#revision
type: object
properties:
@ -193,9 +192,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
default: ""
optional:
@ -203,15 +200,17 @@ spec:
type: boolean
x-kubernetes-map-type: atomic
fieldRef:
description: This is accessible behind a feature flag - kubernetes.podspec-fieldref
description: |-
This is accessible behind a feature flag - kubernetes.podspec-fieldref
type: object
x-kubernetes-preserve-unknown-fields: true
x-kubernetes-map-type: atomic
x-kubernetes-preserve-unknown-fields: true
resourceFieldRef:
description: This is accessible behind a feature flag - kubernetes.podspec-fieldref
description: |-
This is accessible behind a feature flag - kubernetes.podspec-fieldref
type: object
x-kubernetes-preserve-unknown-fields: true
x-kubernetes-map-type: atomic
x-kubernetes-preserve-unknown-fields: true
secretKeyRef:
description: Selects a key of a secret in the pod's namespace
type: object
@ -227,9 +226,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
default: ""
optional:
@ -262,9 +259,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
default: ""
optional:
@ -284,9 +279,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
default: ""
optional:
@ -341,8 +334,6 @@ spec:
grpc:
description: GRPC specifies an action involving a GRPC port.
type: object
required:
- port
properties:
port:
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@ -353,9 +344,9 @@ spec:
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
type: string
default: ""
httpGet:
description: HTTPGet specifies the http request to perform.
type: object
@ -408,7 +399,8 @@ spec:
type: integer
format: int32
periodSeconds:
description: How often (in seconds) to perform the probe.
description: |-
How often (in seconds) to perform the probe.
type: integer
format: int32
successThreshold:
@ -459,8 +451,6 @@ spec:
items:
description: ContainerPort represents a network port in a single container.
type: object
required:
- containerPort
properties:
containerPort:
description: |-
@ -480,10 +470,6 @@ spec:
Defaults to "TCP".
type: string
default: TCP
x-kubernetes-list-map-keys:
- containerPort
- protocol
x-kubernetes-list-type: map
readinessProbe:
description: |-
Periodic probe of container service readiness.
@ -516,8 +502,6 @@ spec:
grpc:
description: GRPC specifies an action involving a GRPC port.
type: object
required:
- port
properties:
port:
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@ -528,9 +512,9 @@ spec:
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
type: string
default: ""
httpGet:
description: HTTPGet specifies the http request to perform.
type: object
@ -583,7 +567,8 @@ spec:
type: integer
format: int32
periodSeconds:
description: How often (in seconds) to perform the probe.
description: |-
How often (in seconds) to perform the probe.
type: integer
format: int32
successThreshold:
@ -622,33 +607,6 @@ spec:
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
properties:
claims:
description: |-
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
type: array
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
type: object
required:
- name
properties:
name:
description: |-
Name must match the name of one entry in pod.spec.resourceClaims of
the Pod where this field is used. It makes that resource available
inside a container.
type: string
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
description: |-
Limits describes the maximum amount of compute resources allowed.
@ -713,10 +671,7 @@ spec:
x-kubernetes-list-type: atomic
privileged:
description: |-
Run container in privileged mode.
Processes in privileged containers are essentially equivalent to root on the host.
Defaults to false.
Note that this field cannot be set when spec.os.name is windows.
Run container in privileged mode. This can only be set to explicitly to 'false'
type: boolean
readOnlyRootFilesystem:
description: |-
@ -773,7 +728,6 @@ spec:
type indicates which kind of seccomp profile will be applied.
Valid options are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
@ -813,8 +767,6 @@ spec:
grpc:
description: GRPC specifies an action involving a GRPC port.
type: object
required:
- port
properties:
port:
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@ -825,9 +777,9 @@ spec:
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
type: string
default: ""
httpGet:
description: HTTPGet specifies the http request to perform.
type: object
@ -880,7 +832,8 @@ spec:
type: integer
format: int32
periodSeconds:
description: How often (in seconds) to perform the probe.
description: |-
How often (in seconds) to perform the probe.
type: integer
format: int32
successThreshold:
@ -973,34 +926,39 @@ spec:
Cannot be updated.
type: string
dnsConfig:
description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig
description: |-
This is accessible behind a feature flag - kubernetes.podspec-dnsconfig
type: object
x-kubernetes-preserve-unknown-fields: true
dnsPolicy:
description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy
description: |-
This is accessible behind a feature flag - kubernetes.podspec-dnspolicy
type: string
enableServiceLinks:
description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.'
description: |-
EnableServiceLinks indicates whether information aboutservices should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.
type: boolean
hostAliases:
description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases
description: |-
This is accessible behind a feature flag - kubernetes.podspec-hostaliases
type: array
items:
description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases
description: |-
This is accessible behind a feature flag - kubernetes.podspec-hostaliases
type: object
x-kubernetes-preserve-unknown-fields: true
hostIPC:
description: This is accessible behind a feature flag - kubernetes.podspec-hostipc
description: |-
This is accessible behind a feature flag - kubernetes.podspec-hostipc
type: boolean
x-kubernetes-preserve-unknown-fields: true
hostNetwork:
description: This is accessible behind a feature flag - kubernetes.podspec-hostnetwork
description: |-
This is accessible behind a feature flag - kubernetes.podspec-hostnetwork
type: boolean
x-kubernetes-preserve-unknown-fields: true
hostPID:
description: This is accessible behind a feature flag - kubernetes.podspec-hostpid
description: |-
This is accessible behind a feature flag - kubernetes.podspec-hostpid
type: boolean
x-kubernetes-preserve-unknown-fields: true
idleTimeoutSeconds:
description: |-
IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed
@ -1026,9 +984,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
default: ""
x-kubernetes-map-type: atomic
@ -1037,33 +993,23 @@ spec:
x-kubernetes-list-type: map
initContainers:
description: |-
List of initialization containers belonging to the pod.
Init containers are executed in order prior to containers being started. If any
init container fails, the pod is considered to have failed and is handled according
to its restartPolicy. The name for an init container or normal container must be
unique among all containers.
Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
The resourceRequirements of an init container are taken into account during scheduling
by finding the highest request/limit for each resource type, and then using the max of
of that value or the sum of the normal containers. Limits are applied to init containers
in a similar fashion.
Init containers cannot currently be added or removed.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
This is accessible behind a feature flag - kubernetes.podspec-init-containers
type: array
items:
description: This is accessible behind a feature flag - kubernetes.podspec-init-containers
type: object
x-kubernetes-preserve-unknown-fields: true
nodeSelector:
description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector
description: |-
This is accessible behind a feature flag - kubernetes.podspec-nodeselector
type: object
x-kubernetes-preserve-unknown-fields: true
additionalProperties:
type: string
x-kubernetes-map-type: atomic
priorityClassName:
description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname
description: |-
This is accessible behind a feature flag - kubernetes.podspec-priorityclassname
type: string
x-kubernetes-preserve-unknown-fields: true
responseStartTimeoutSeconds:
description: |-
ResponseStartTimeoutSeconds is the maximum duration in seconds that the request
@ -1072,15 +1018,16 @@ spec:
type: integer
format: int64
runtimeClassName:
description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname
description: |-
This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname
type: string
x-kubernetes-preserve-unknown-fields: true
schedulerName:
description: This is accessible behind a feature flag - kubernetes.podspec-schedulername
description: |-
This is accessible behind a feature flag - kubernetes.podspec-schedulername
type: string
x-kubernetes-preserve-unknown-fields: true
securityContext:
description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext
description: |-
This is accessible behind a feature flag - kubernetes.podspec-securitycontext
type: object
x-kubernetes-preserve-unknown-fields: true
serviceAccountName:
@ -1089,9 +1036,9 @@ spec:
More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
type: string
shareProcessNamespace:
description: This is accessible behind a feature flag - kubernetes.podspec-shareproccessnamespace
description: |-
This is accessible behind a feature flag - kubernetes.podspec-shareprocessnamespace
type: boolean
x-kubernetes-preserve-unknown-fields: true
timeoutSeconds:
description: |-
TimeoutSeconds is the maximum duration in seconds that the request instance
@ -1103,12 +1050,13 @@ spec:
description: This is accessible behind a feature flag - kubernetes.podspec-tolerations
type: array
items:
description: This is accessible behind a feature flag - kubernetes.podspec-tolerations
description: |-
This is accessible behind a feature flag - kubernetes.podspec-tolerations
type: object
x-kubernetes-preserve-unknown-fields: true
x-kubernetes-list-type: atomic
topologySpreadConstraints:
description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints
description: |-
This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints
type: array
items:
description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints
@ -1184,9 +1132,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
default: ""
optional:
@ -1194,11 +1140,13 @@ spec:
type: boolean
x-kubernetes-map-type: atomic
emptyDir:
description: This is accessible behind a feature flag - kubernetes.podspec-emptydir
description: |-
This is accessible behind a feature flag - kubernetes.podspec-volumes-emptydir
type: object
x-kubernetes-preserve-unknown-fields: true
hostPath:
description: This is accessible behind a feature flag - kubernetes.podspec-hostpath
description: |-
This is accessible behind a feature flag - kubernetes.podspec-volumes-hostpath
type: object
x-kubernetes-preserve-unknown-fields: true
name:
@ -1208,7 +1156,8 @@ spec:
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
persistentVolumeClaim:
description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim
description: |-
This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim
type: object
x-kubernetes-preserve-unknown-fields: true
projected:
@ -1280,9 +1229,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
default: ""
optional:
@ -1399,9 +1346,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
default: ""
optional:

170
config/core/300-resources/service.yaml
View File

@ -71,11 +71,9 @@ spec:
underlying Routes and Configurations (much as a kubernetes Deployment
orchestrates ReplicaSets), and its usage is optional but recommended.
The Service's controller will track the statuses of its owned Configuration
and Route, reflecting their statuses and conditions as its own.
See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#service
type: object
properties:
@ -236,9 +234,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
default: ""
optional:
@ -246,15 +242,17 @@ spec:
type: boolean
x-kubernetes-map-type: atomic
fieldRef:
description: This is accessible behind a feature flag - kubernetes.podspec-fieldref
description: |-
This is accessible behind a feature flag - kubernetes.podspec-fieldref
type: object
x-kubernetes-preserve-unknown-fields: true
x-kubernetes-map-type: atomic
x-kubernetes-preserve-unknown-fields: true
resourceFieldRef:
description: This is accessible behind a feature flag - kubernetes.podspec-fieldref
description: |-
This is accessible behind a feature flag - kubernetes.podspec-fieldref
type: object
x-kubernetes-preserve-unknown-fields: true
x-kubernetes-map-type: atomic
x-kubernetes-preserve-unknown-fields: true
secretKeyRef:
description: Selects a key of a secret in the pod's namespace
type: object
@ -270,9 +268,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
default: ""
optional:
@ -305,9 +301,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
default: ""
optional:
@ -327,9 +321,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
default: ""
optional:
@ -384,8 +376,6 @@ spec:
grpc:
description: GRPC specifies an action involving a GRPC port.
type: object
required:
- port
properties:
port:
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@ -396,9 +386,9 @@ spec:
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
type: string
default: ""
httpGet:
description: HTTPGet specifies the http request to perform.
type: object
@ -451,7 +441,8 @@ spec:
type: integer
format: int32
periodSeconds:
description: How often (in seconds) to perform the probe.
description: |-
How often (in seconds) to perform the probe.
type: integer
format: int32
successThreshold:
@ -502,8 +493,6 @@ spec:
items:
description: ContainerPort represents a network port in a single container.
type: object
required:
- containerPort
properties:
containerPort:
description: |-
@ -523,10 +512,6 @@ spec:
Defaults to "TCP".
type: string
default: TCP
x-kubernetes-list-map-keys:
- containerPort
- protocol
x-kubernetes-list-type: map
readinessProbe:
description: |-
Periodic probe of container service readiness.
@ -559,8 +544,6 @@ spec:
grpc:
description: GRPC specifies an action involving a GRPC port.
type: object
required:
- port
properties:
port:
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@ -571,9 +554,9 @@ spec:
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
type: string
default: ""
httpGet:
description: HTTPGet specifies the http request to perform.
type: object
@ -626,7 +609,8 @@ spec:
type: integer
format: int32
periodSeconds:
description: How often (in seconds) to perform the probe.
description: |-
How often (in seconds) to perform the probe.
type: integer
format: int32
successThreshold:
@ -665,33 +649,6 @@ spec:
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
properties:
claims:
description: |-
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
type: array
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
type: object
required:
- name
properties:
name:
description: |-
Name must match the name of one entry in pod.spec.resourceClaims of
the Pod where this field is used. It makes that resource available
inside a container.
type: string
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
description: |-
Limits describes the maximum amount of compute resources allowed.
@ -756,10 +713,7 @@ spec:
x-kubernetes-list-type: atomic
privileged:
description: |-
Run container in privileged mode.
Processes in privileged containers are essentially equivalent to root on the host.
Defaults to false.
Note that this field cannot be set when spec.os.name is windows.
Run container in privileged mode. This can only be set to explicitly to 'false'
type: boolean
readOnlyRootFilesystem:
description: |-
@ -816,7 +770,6 @@ spec:
type indicates which kind of seccomp profile will be applied.
Valid options are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
@ -856,8 +809,6 @@ spec:
grpc:
description: GRPC specifies an action involving a GRPC port.
type: object
required:
- port
properties:
port:
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@ -868,9 +819,9 @@ spec:
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
type: string
default: ""
httpGet:
description: HTTPGet specifies the http request to perform.
type: object
@ -923,7 +874,8 @@ spec:
type: integer
format: int32
periodSeconds:
description: How often (in seconds) to perform the probe.
description: |-
How often (in seconds) to perform the probe.
type: integer
format: int32
successThreshold:
@ -1016,34 +968,39 @@ spec:
Cannot be updated.
type: string
dnsConfig:
description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig
description: |-
This is accessible behind a feature flag - kubernetes.podspec-dnsconfig
type: object
x-kubernetes-preserve-unknown-fields: true
dnsPolicy:
description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy
description: |-
This is accessible behind a feature flag - kubernetes.podspec-dnspolicy
type: string
enableServiceLinks:
description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.'
description: |-
EnableServiceLinks indicates whether information aboutservices should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.
type: boolean
hostAliases:
description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases
description: |-
This is accessible behind a feature flag - kubernetes.podspec-hostaliases
type: array
items:
description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases
description: |-
This is accessible behind a feature flag - kubernetes.podspec-hostaliases
type: object
x-kubernetes-preserve-unknown-fields: true
hostIPC:
description: This is accessible behind a feature flag - kubernetes.podspec-hostipc
description: |-
This is accessible behind a feature flag - kubernetes.podspec-hostipc
type: boolean
x-kubernetes-preserve-unknown-fields: true
hostNetwork:
description: This is accessible behind a feature flag - kubernetes.podspec-hostnetwork
description: |-
This is accessible behind a feature flag - kubernetes.podspec-hostnetwork
type: boolean
x-kubernetes-preserve-unknown-fields: true
hostPID:
description: This is accessible behind a feature flag - kubernetes.podspec-hostpid
description: |-
This is accessible behind a feature flag - kubernetes.podspec-hostpid
type: boolean
x-kubernetes-preserve-unknown-fields: true
idleTimeoutSeconds:
description: |-
IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed
@ -1069,9 +1026,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
default: ""
x-kubernetes-map-type: atomic
@ -1080,33 +1035,23 @@ spec:
x-kubernetes-list-type: map
initContainers:
description: |-
List of initialization containers belonging to the pod.
Init containers are executed in order prior to containers being started. If any
init container fails, the pod is considered to have failed and is handled according
to its restartPolicy. The name for an init container or normal container must be
unique among all containers.
Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
The resourceRequirements of an init container are taken into account during scheduling
by finding the highest request/limit for each resource type, and then using the max of
of that value or the sum of the normal containers. Limits are applied to init containers
in a similar fashion.
Init containers cannot currently be added or removed.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
This is accessible behind a feature flag - kubernetes.podspec-init-containers
type: array
items:
description: This is accessible behind a feature flag - kubernetes.podspec-init-containers
type: object
x-kubernetes-preserve-unknown-fields: true
nodeSelector:
description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector
description: |-
This is accessible behind a feature flag - kubernetes.podspec-nodeselector
type: object
x-kubernetes-preserve-unknown-fields: true
additionalProperties:
type: string
x-kubernetes-map-type: atomic
priorityClassName:
description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname
description: |-
This is accessible behind a feature flag - kubernetes.podspec-priorityclassname
type: string
x-kubernetes-preserve-unknown-fields: true
responseStartTimeoutSeconds:
description: |-
ResponseStartTimeoutSeconds is the maximum duration in seconds that the request
@ -1115,15 +1060,16 @@ spec:
type: integer
format: int64
runtimeClassName:
description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname
description: |-
This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname
type: string
x-kubernetes-preserve-unknown-fields: true
schedulerName:
description: This is accessible behind a feature flag - kubernetes.podspec-schedulername
description: |-
This is accessible behind a feature flag - kubernetes.podspec-schedulername
type: string
x-kubernetes-preserve-unknown-fields: true
securityContext:
description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext
description: |-
This is accessible behind a feature flag - kubernetes.podspec-securitycontext
type: object
x-kubernetes-preserve-unknown-fields: true
serviceAccountName:
@ -1132,9 +1078,9 @@ spec:
More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
type: string
shareProcessNamespace:
description: This is accessible behind a feature flag - kubernetes.podspec-shareproccessnamespace
description: |-
This is accessible behind a feature flag - kubernetes.podspec-shareprocessnamespace
type: boolean
x-kubernetes-preserve-unknown-fields: true
timeoutSeconds:
description: |-
TimeoutSeconds is the maximum duration in seconds that the request instance
@ -1146,12 +1092,13 @@ spec:
description: This is accessible behind a feature flag - kubernetes.podspec-tolerations
type: array
items:
description: This is accessible behind a feature flag - kubernetes.podspec-tolerations
description: |-
This is accessible behind a feature flag - kubernetes.podspec-tolerations
type: object
x-kubernetes-preserve-unknown-fields: true
x-kubernetes-list-type: atomic
topologySpreadConstraints:
description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints
description: |-
This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints
type: array
items:
description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints
@ -1227,9 +1174,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
default: ""
optional:
@ -1237,11 +1182,13 @@ spec:
type: boolean
x-kubernetes-map-type: atomic
emptyDir:
description: This is accessible behind a feature flag - kubernetes.podspec-emptydir
description: |-
This is accessible behind a feature flag - kubernetes.podspec-volumes-emptydir
type: object
x-kubernetes-preserve-unknown-fields: true
hostPath:
description: This is accessible behind a feature flag - kubernetes.podspec-hostpath
description: |-
This is accessible behind a feature flag - kubernetes.podspec-volumes-hostpath
type: object
x-kubernetes-preserve-unknown-fields: true
name:
@ -1251,7 +1198,8 @@ spec:
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
persistentVolumeClaim:
description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim
description: |-
This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim
type: object
x-kubernetes-preserve-unknown-fields: true
projected:
@ -1323,9 +1271,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
default: ""
optional:
@ -1442,9 +1388,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
default: ""
optional:

2
go.mod
View File

@ -27,6 +27,7 @@ require (
golang.org/x/time v0.6.0
google.golang.org/api v0.183.0
google.golang.org/grpc v1.68.0
gopkg.in/yaml.v3 v3.0.1
k8s.io/api v0.30.3
k8s.io/apiextensions-apiserver v0.30.3
k8s.io/apimachinery v0.30.3
@ -152,7 +153,6 @@ require (
google.golang.org/protobuf v1.35.2 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/gengo v0.0.0-20240404160639-a0386bf69313 // indirect
k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70 // indirect
k8s.io/klog v1.0.0 // indirect

351
hack/schemapatch-config.yaml
View File

@ -1,351 +0,0 @@
# This is the config file for schema generation via controller-tool's schemapatch
# command. It's used by update-schemas.sh.
k8s.io/api/core/v1.Volume:
fieldMask:
- Name
- VolumeSource
k8s.io/api/core/v1.VolumeSource:
fieldMask:
- Secret
- ConfigMap
- Projected
# Following are behind feature flags
- EmptyDir
- PersistentVolumeClaim
- HostPath
k8s.io/api/core/v1.PersistentVolumeClaimVolumeSource:
description: "This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim"
additionalMarkers:
# Part of a feature flag - so we want to omit the schema and preserve unknown fields
- kubebuilder:validation:DropProperties
- kubebuilder:pruning:PreserveUnknownFields
k8s.io/api/core/v1.EmptyDirVolumeSource:
description: "This is accessible behind a feature flag - kubernetes.podspec-emptydir"
additionalMarkers:
# Part of a feature flag - so we want to omit the schema and preserve unknown fields
- kubebuilder:validation:DropProperties
- kubebuilder:pruning:PreserveUnknownFields
k8s.io/api/core/v1.HostPathVolumeSource:
description: "This is accessible behind a feature flag - kubernetes.podspec-hostpath"
additionalMarkers:
# Part of a feature flag - so we want to omit the schema and preserve unknown fields
- kubebuilder:validation:DropProperties
- kubebuilder:pruning:PreserveUnknownFields
k8s.io/api/core/v1.VolumeProjection:
fieldMask:
- Secret
- ConfigMap
- ServiceAccountToken
- DownwardAPI
k8s.io/api/core/v1.ConfigMapProjection:
fieldMask:
- LocalObjectReference
- Items
- Optional
k8s.io/api/core/v1.SecretProjection:
fieldMask:
- LocalObjectReference
- Items
- Optional
k8s.io/api/core/v1.ServiceAccountTokenProjection:
fieldMask:
- Audience
- ExpirationSeconds
- Path
k8s.io/api/core/v1.KeyToPath:
fieldMask:
- Key
- Path
- Mode
k8s.io/api/core/v1.PodSpec:
fieldMask:
- ServiceAccountName
- Containers
- Volumes
- ImagePullSecrets
- EnableServiceLinks
- AutomountServiceAccountToken
# Properties behind feature flags
- Affinity
- DNSConfig
- DNSPolicy
- HostAliases
- InitContainers
- NodeSelector
- PriorityClassName
- HostIPC
- HostPID
- HostNetwork
- RuntimeClassName
- SchedulerName
- SecurityContext
- ShareProcessNamespace
- Tolerations
- TopologySpreadConstraints
fieldOverrides:
Affinity:
description: "This is accessible behind a feature flag - kubernetes.podspec-affinity"
additionalMarkers:
# Part of a feature flag - so we want to omit the schema and preserve unknown fields
- kubebuilder:validation:DropProperties
- kubebuilder:pruning:PreserveUnknownFields
DNSPolicy:
description: "This is accessible behind a feature flag - kubernetes.podspec-dnspolicy"
DNSConfig:
description: "This is accessible behind a feature flag - kubernetes.podspec-dnsconfig"
additionalMarkers:
# Part of a feature flag - so we want to omit the schema and preserve unknown fields
- kubebuilder:validation:DropProperties
- kubebuilder:pruning:PreserveUnknownFields
EnableServiceLinks:
description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.'
HostAliases:
description: "This is accessible behind a feature flag - kubernetes.podspec-hostaliases"
additionalMarkers:
- kubebuilder:validation:DropListMapMarkers
itemOverride:
description: "This is accessible behind a feature flag - kubernetes.podspec-hostaliases"
additionalMarkers:
# # Part of a feature flag - so we want to omit the schema and preserve unknown fields
- kubebuilder:validation:DropProperties
- kubebuilder:pruning:PreserveUnknownFields
Containers:
additionalMarkers:
- kubebuilder:validation:DropListMapMarkers
InitContainers:
additionalMarkers:
- kubebuilder:validation:DropListMapMarkers
itemOverride:
description: "This is accessible behind a feature flag - kubernetes.podspec-init-containers"
additionalMarkers:
# Part of a feature flag - so we want to omit the schema and preserve unknown fields
- kubebuilder:validation:DropProperties
- kubebuilder:pruning:PreserveUnknownFields
NodeSelector:
description: "This is accessible behind a feature flag - kubernetes.podspec-nodeselector"
additionalMarkers:
# Part of a feature flag - so we want to omit the schema and preserve unknown fields
- kubebuilder:validation:DropProperties
- kubebuilder:pruning:PreserveUnknownFields
PriorityClassName:
description: "This is accessible behind a feature flag - kubernetes.podspec-priorityclassname"
additionalMarkers:
# Part of a feature flag - so we want to omit the schema and preserve unknown fields
- kubebuilder:validation:DropProperties
- kubebuilder:pruning:PreserveUnknownFields
RuntimeClassName:
description: "This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname"
additionalMarkers:
# Part of a feature flag - so we want to omit the schema and preserve unknown fields
- kubebuilder:validation:DropProperties
- kubebuilder:pruning:PreserveUnknownFields
SchedulerName:
description: "This is accessible behind a feature flag - kubernetes.podspec-schedulername"
additionalMarkers:
# Part of a feature flag - so we want to omit the schema and preserve unknown fields
- kubebuilder:validation:DropProperties
- kubebuilder:pruning:PreserveUnknownFields
SecurityContext:
description: "This is accessible behind a feature flag - kubernetes.podspec-securitycontext"
additionalMarkers:
# Part of a feature flag - so we want to omit the schema and preserve unknown fields
- kubebuilder:validation:DropProperties
- kubebuilder:pruning:PreserveUnknownFields
ShareProcessNamespace:
description: "This is accessible behind a feature flag - kubernetes.podspec-shareproccessnamespace"
additionalMarkers:
# Part of a feature flag - so we want to omit the schema and preserve unknown fields
- kubebuilder:validation:DropProperties
- kubebuilder:pruning:PreserveUnknownFields
HostIPC:
description: "This is accessible behind a feature flag - kubernetes.podspec-hostipc"
additionalMarkers:
# Part of a feature flag - so we want to omit the schema and preserve unknown fields
- kubebuilder:validation:DropProperties
- kubebuilder:pruning:PreserveUnknownFields
HostPID:
description: "This is accessible behind a feature flag - kubernetes.podspec-hostpid"
additionalMarkers:
# Part of a feature flag - so we want to omit the schema and preserve unknown fields
- kubebuilder:validation:DropProperties
- kubebuilder:pruning:PreserveUnknownFields
HostNetwork:
description: "This is accessible behind a feature flag - kubernetes.podspec-hostnetwork"
additionalMarkers:
# Part of a feature flag - so we want to omit the schema and preserve unknown fields
- kubebuilder:validation:DropProperties
- kubebuilder:pruning:PreserveUnknownFields
Tolerations:
description: "This is accessible behind a feature flag - kubernetes.podspec-tolerations"
itemOverride:
description: "This is accessible behind a feature flag - kubernetes.podspec-tolerations"
additionalMarkers:
# Part of a feature flag - so we want to omit the schema and preserve unknown fields
- kubebuilder:validation:DropProperties
- kubebuilder:pruning:PreserveUnknownFields
TopologySpreadConstraints:
description: "This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints"
additionalMarkers:
- kubebuilder:validation:DropListMapMarkers
itemOverride:
description: "This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints"
additionalMarkers:
# Part of a feature flag - so we want to omit the schema and preserve unknown fields
- kubebuilder:validation:DropProperties
- kubebuilder:pruning:PreserveUnknownFields
k8s.io/api/core/v1.Container:
fieldMask:
- Name
- Args
- Command
- Env
- WorkingDir
- EnvFrom
- Image
- ImagePullPolicy
- LivenessProbe
- Ports
- ReadinessProbe
- Resources
- SecurityContext
- StartupProbe
- TerminationMessagePath
- TerminationMessagePolicy
- VolumeMounts
fieldOverrides:
Name:
additionalMarkers:
- optional
Ports:
additionalMarkers:
- optional
k8s.io/api/core/v1.VolumeMount:
fieldMask:
- Name
- ReadOnly
- MountPath
- SubPath
k8s.io/api/core/v1.Probe:
fieldMask:
- ProbeHandler
- InitialDelaySeconds
- TimeoutSeconds
- PeriodSeconds
- SuccessThreshold
- FailureThreshold
fieldOverrides:
PeriodSeconds:
description: "How often (in seconds) to perform the probe."
k8s.io/api/core/v1.ProbeHandler:
fieldMask:
- Exec
- HTTPGet
- TCPSocket
- GRPC
k8s.io/api/core/v1.GRPCAction:
fieldMask:
- Port
- Service
k8s.io/api/core/v1.ExecAction:
fieldMask:
- Command
k8s.io/api/core/v1.HTTPGetAction:
fieldMask:
- Host
- Path
- Scheme
- HTTPHeaders
- Port
fieldOverrides:
Port:
additionalMarkers:
- optional
k8s.io/api/core/v1.TCPSocketAction:
fieldMask:
- Host
- Port
fieldOverrides:
Port:
additionalMarkers:
- optional
k8s.io/api/core/v1.ContainerPort:
fieldMask:
- ContainerPort
- Name
- Protocol
k8s.io/api/core/v1.EnvVar:
fieldMask:
- Name
- Value
- ValueFrom
k8s.io/api/core/v1.EnvVarSource:
fieldMask:
- ConfigMapKeyRef
- SecretKeyRef
- FieldRef
- ResourceFieldRef
fieldOverrides:
FieldRef:
description: "This is accessible behind a feature flag - kubernetes.podspec-fieldref"
additionalMarkers:
# Part of a feature flag - so we want to omit the schema and preserve unknown fields
- kubebuilder:validation:DropProperties
- kubebuilder:pruning:PreserveUnknownFields
ResourceFieldRef:
description: "This is accessible behind a feature flag - kubernetes.podspec-fieldref"
additionalMarkers:
# Part of a feature flag - so we want to omit the schema and preserve unknown fields
- kubebuilder:validation:DropProperties
- kubebuilder:pruning:PreserveUnknownFields
k8s.io/api/core/v1.LocalObjectReference:
fieldMask:
- Name
k8s.io/api/core/v1.ConfigMapKeySelectorMask:
fieldMask:
- Key
- Optional
- LocalObjectReference
k8s.io/api/core/v1.SecretKeySelectorMask:
fieldMask:
- Key
- Optional
- LocalObjectReference
k8s.io/api/core/v1.ConfigMapEnvSource:
fieldMask:
- Optional
- LocalObjectReference
k8s.io/api/core/v1.SecretEnvSource:
fieldMask:
- Optional
- LocalObjectReference
k8s.io/api/core/v1.EnvFromSource:
fieldMask:
- Prefix
- ConfigMapRef
- SecretRef
k8s.io/api/core/v1.ResourceRequirementsMask:
fieldMask:
- Limits
- Requests
k8s.io/api/core/v1.SecurityContext:
fieldMask:
- AllowPrivilegeEscalation
- Capabilities
- ReadOnlyRootFilesystem
- RunAsGroup
- RunAsNonRoot
- RunAsUser
- SeccompProfile
- Privileged
k8s.io/api/core/v1.Capabilities:
fieldMask:
- Add
- Drop
fieldOverrides:
Add:
description: "This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities"
k8s.io/api/core/v1.ObjectReference:
fieldMask:
- APIVersion
- Kind
- Name

25
hack/update-schemas.sh
View File

@ -18,27 +18,7 @@ set -o errexit
set -o nounset
set -o pipefail
# Install patched schemagen into a temporary directory.
#
# We need a patched version because
# 1. There's a bug that makes our URL types unusable
# see https://github.com/kubernetes-sigs/controller-tools/issues/560
# 2. We need specialized logic to filter down the surface of PodSpec we allow in Knative.
# The respective config for this is in `schemapatch-config.yaml`
export GOBIN
GOBIN=$(mktemp -d)
export PATH="$GOBIN:$PATH"
(
cd "$GOBIN"
mkdir controller-tools
cd controller-tools
go mod init tools
# Pinned for reproducible builds.
go mod edit -replace=sigs.k8s.io/controller-tools@v0.9.0=github.com/dprotaso/controller-tools@knative
go get -d sigs.k8s.io/controller-tools/cmd/controller-gen@v0.9.0
go install sigs.k8s.io/controller-tools/cmd/controller-gen
)
# Create a backup for every linked CRD.
links=$(find "$(dirname "$0")/../config/core/300-resources" -type l)
@ -46,12 +26,13 @@ for link in $links; do
cp "$link" "$link.bkp"
done
controller-gen \
go run sigs.k8s.io/controller-tools/cmd/controller-gen@v0.16.5 \
schemapatch:manifests=config/core/300-resources,generateEmbeddedObjectMeta=true \
typeOverrides="$(dirname $0)/schemapatch-config.yaml" \
output:dir=config/core/300-resources \
paths=./pkg/apis/...
go run ./cmd/schema-tweak
# Restore linked CRDs.
for link in $links; do
cat "$link.bkp" > "$link"

81
pkg/apis/config/features.go
View File

@ -51,6 +51,32 @@ const (
AllowHTTPFullDuplexFeatureKey = "features.knative.dev/http-full-duplex"
)
// Feature config map keys that are used in schema-tweak
const (
FeatureContainerSpecAddCapabilities = "kubernetes.containerspec-addcapabilities"
FeaturePodSpecAffinity = "kubernetes.podspec-affinity"
FeaturePodSpecDNSConfig = "kubernetes.podspec-dnsconfig"
FeaturePodSpecDNSPolicy = "kubernetes.podspec-dnspolicy"
FeaturePodSpecDryRun = "kubernetes.podspec-dryrun"
FeaturePodSpecEmptyDir = "kubernetes.podspec-volumes-emptydir"
FeaturePodSpecFieldRef = "kubernetes.podspec-fieldref"
FeaturePodSpecHostAliases = "kubernetes.podspec-hostaliases"
FeaturePodSpecHostIPC = "kubernetes.podspec-hostipc"
FeaturePodSpecHostNetwork = "kubernetes.podspec-hostnetwork"
FeaturePodSpecHostPID = "kubernetes.podspec-hostpid"
FeaturePodSpecHostPath = "kubernetes.podspec-volumes-hostpath"
FeaturePodSpecInitContainers = "kubernetes.podspec-init-containers"
FeaturePodSpecNodeSelector = "kubernetes.podspec-nodeselector"
FeaturePodSpecPVClaim = "kubernetes.podspec-persistent-volume-claim"
FeaturePodSpecPriorityClassName = "kubernetes.podspec-priorityclassname"
FeaturePodSpecRuntimeClassName = "kubernetes.podspec-runtimeclassname"
FeaturePodSpecSchedulerName = "kubernetes.podspec-schedulername"
FeaturePodSpecSecurityContext = "kubernetes.podspec-securitycontext"
FeaturePodSpecShareProcessNamespace = "kubernetes.podspec-shareprocessnamespace"
FeaturePodSpecTolerations = "kubernetes.podspec-tolerations"
FeaturePodSpecTopologySpreadConstraints = "kubernetes.podspec-topologyspreadconstraints"
)
func defaultFeaturesConfig() *Features {
return &Features{
MultiContainer: Enabled,
@ -91,37 +117,38 @@ func NewFeaturesConfigFromMap(data map[string]string) (*Features, error) {
nc := defaultFeaturesConfig()
if err := cm.Parse(data,
asFlag("autodetect-http2", &nc.AutoDetectHTTP2),
asFlag("kubernetes.podspec-dryrun", &nc.PodSpecDryRun),
asFlag("kubernetes.podspec-persistent-volume-write", &nc.PodSpecPersistentVolumeWrite),
asFlag("multi-container", &nc.MultiContainer),
asFlag("multi-container-probing", &nc.MultiContainerProbing),
asFlag("kubernetes.podspec-affinity", &nc.PodSpecAffinity),
asFlag("kubernetes.podspec-topologyspreadconstraints", &nc.PodSpecTopologySpreadConstraints),
asFlag("kubernetes.podspec-dryrun", &nc.PodSpecDryRun),
asFlag("kubernetes.podspec-hostaliases", &nc.PodSpecHostAliases),
asFlag("kubernetes.podspec-fieldref", &nc.PodSpecFieldRef),
asFlag("kubernetes.podspec-nodeselector", &nc.PodSpecNodeSelector),
asFlag("kubernetes.podspec-runtimeclassname", &nc.PodSpecRuntimeClassName),
asFlag("kubernetes.podspec-securitycontext", &nc.PodSpecSecurityContext),
asFlag("kubernetes.podspec-shareprocessnamespace", &nc.PodSpecShareProcessNamespace),
asFlag("kubernetes.podspec-hostipc", &nc.PodSpecHostIPC),
asFlag("kubernetes.podspec-priorityclassname", &nc.PodSpecPriorityClassName),
asFlag("kubernetes.podspec-schedulername", &nc.PodSpecSchedulerName),
asFlag("kubernetes.containerspec-addcapabilities", &nc.ContainerSpecAddCapabilities),
asFlag("kubernetes.podspec-tolerations", &nc.PodSpecTolerations),
asFlag("kubernetes.podspec-volumes-emptydir", &nc.PodSpecVolumesEmptyDir),
asFlag("kubernetes.podspec-volumes-hostpath", &nc.PodSpecVolumesHostPath),
asFlag("kubernetes.podspec-hostipc", &nc.PodSpecHostIPC),
asFlag("kubernetes.podspec-hostpid", &nc.PodSpecHostPID),
asFlag("kubernetes.podspec-hostnetwork", &nc.PodSpecHostNetwork),
asFlag("kubernetes.podspec-init-containers", &nc.PodSpecInitContainers),
asFlag("kubernetes.podspec-persistent-volume-claim", &nc.PodSpecPersistentVolumeClaim),
asFlag("kubernetes.podspec-persistent-volume-write", &nc.PodSpecPersistentVolumeWrite),
asFlag("kubernetes.podspec-dnspolicy", &nc.PodSpecDNSPolicy),
asFlag("kubernetes.podspec-dnsconfig", &nc.PodSpecDNSConfig),
asFlag("queueproxy.mount-podinfo", &nc.QueueProxyMountPodInfo),
asFlag("queueproxy.resource-defaults", &nc.QueueProxyResourceDefaults),
asFlag("secure-pod-defaults", &nc.SecurePodDefaults),
asFlag("tag-header-based-routing", &nc.TagHeaderBasedRouting),
asFlag("queueproxy.resource-defaults", &nc.QueueProxyResourceDefaults),
asFlag("queueproxy.mount-podinfo", &nc.QueueProxyMountPodInfo),
asFlag("autodetect-http2", &nc.AutoDetectHTTP2)); err != nil {
asFlag(FeatureContainerSpecAddCapabilities, &nc.ContainerSpecAddCapabilities),
asFlag(FeaturePodSpecAffinity, &nc.PodSpecAffinity),
asFlag(FeaturePodSpecDNSConfig, &nc.PodSpecDNSConfig),
asFlag(FeaturePodSpecDNSPolicy, &nc.PodSpecDNSPolicy),
asFlag(FeaturePodSpecEmptyDir, &nc.PodSpecVolumesEmptyDir),
asFlag(FeaturePodSpecFieldRef, &nc.PodSpecFieldRef),
asFlag(FeaturePodSpecHostAliases, &nc.PodSpecHostAliases),
asFlag(FeaturePodSpecHostIPC, &nc.PodSpecHostIPC),
asFlag(FeaturePodSpecHostIPC, &nc.PodSpecHostIPC),
asFlag(FeaturePodSpecHostNetwork, &nc.PodSpecHostNetwork),
asFlag(FeaturePodSpecHostPID, &nc.PodSpecHostPID),
asFlag(FeaturePodSpecHostPath, &nc.PodSpecVolumesHostPath),
asFlag(FeaturePodSpecInitContainers, &nc.PodSpecInitContainers),
asFlag(FeaturePodSpecNodeSelector, &nc.PodSpecNodeSelector),
asFlag(FeaturePodSpecPVClaim, &nc.PodSpecPersistentVolumeClaim),
asFlag(FeaturePodSpecPriorityClassName, &nc.PodSpecPriorityClassName),
asFlag(FeaturePodSpecRuntimeClassName, &nc.PodSpecRuntimeClassName),
asFlag(FeaturePodSpecSchedulerName, &nc.PodSpecSchedulerName),
asFlag(FeaturePodSpecSecurityContext, &nc.PodSpecSecurityContext),
asFlag(FeaturePodSpecShareProcessNamespace, &nc.PodSpecShareProcessNamespace),
asFlag(FeaturePodSpecTolerations, &nc.PodSpecTolerations),
asFlag(FeaturePodSpecTopologySpreadConstraints, &nc.PodSpecTopologySpreadConstraints),
); err != nil {
return nil, err
}
return nc, nil