kubeflow
/
manifests
mirror of https://github.com/kubeflow/manifests.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update Knative to 0.22.1 (#1965) 

* serving: Update to v0.22.1

Fetch the yamls from:
1. https://github.com/knative/serving/releases/download/v0.22.1/serving-core.yaml
2. https://github.com/knative-sandbox/net-istio/releases/download/v0.23.1/net-istio.yaml
3. https://github.com/knative/serving/releases/download/v0.22.1/serving-post-install-jobs.yaml

Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>

* serving: Remove comments with yq

Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>

* serving: Remove anchors and aliases

Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>

* serving: Remove knative-ingress-gateway Gateway

Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>

* serving: Update post-install job

Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>

* eventing: Update to v0.22.1

Use yamls from https://github.com/knative/eventing/releases/tag/v0.22.1

Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>

* eventing: Remove all comments with yq

Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>

* eventing: Remove aliases and anchors

Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>

* eventing: Update post-install job

Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>

* kustomization: Fix namespace and commonLabels

Don't explicitly set the namespace in the kustomization, since there are
resources like the knative-local-gateway Service that need to be applied
in other namespaces.

Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>

* Update the README

Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>

* remove vim .swp file

Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>

* review: Use string keys to work with kustomize 4.2

Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>
This commit is contained in:
Kimonas Sotirchos 2021-08-23 21:08:57 +03:00 committed by GitHub
parent 9c12ae8094
commit 82c56ed2d5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 4731 additions and 1259 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
common/knative/README.md
View File

@ -4,8 +4,8 @@
The manifests for Knative Serving are based off the following:
- [Knative serving (v0.17.4)](https://github.com/knative/serving/releases/download/v0.17.4/serving-core.yaml)
- [Knative ingress controller for Istio (v0.17.1)](https://github.com/knative-sandbox/net-istio/releases/download/v0.17.1/net-istio.yaml)
- [Knative serving (v0.22.1)](https://github.com/knative/serving/releases/download/v0.22.1/serving-core.yaml)
- [Knative ingress controller for Istio (v0.22.1)](https://github.com/knative-sandbox/net-istio/releases/download/v0.22.1/net-istio.yaml)
1. Download the knative-serving manifests with the following commands:
@ -13,9 +13,9 @@ The manifests for Knative Serving are based off the following:
```sh
# No need to install serving-crds.
# See: https://github.com/knative/serving/issues/9945
wget -O knative-serving/base/upstream/serving-core.yaml 'https://github.com/knative/serving/releases/download/v0.17.4/serving-core.yaml'
wget -O knative-serving/base/upstream/net-istio.yaml 'https://github.com/knative-sandbox/net-istio/releases/download/v0.17.1/net-istio.yaml'
wget -O knative-serving-post-install-jobs/base/serving-post-install-jobs.yaml https://github.com/knative/serving/releases/download/v0.17.4/serving-post-install-jobs.yaml
wget -O knative-serving/base/upstream/serving-core.yaml 'https://github.com/knative/serving/releases/download/v0.22.1/serving-core.yaml'
wget -O knative-serving/base/upstream/net-istio.yaml 'https://github.com/knative-sandbox/net-istio/releases/download/v0.22.1/net-istio.yaml'
wget -O knative-serving-post-install-jobs/base/serving-post-install-jobs.yaml https://github.com/knative/serving/releases/download/v0.22.1/serving-post-install-jobs.yaml
```
1. Remove all comments, since `yq` does not handle them correctly. See:
@ -57,27 +57,30 @@ The manifests for Knative Serving are based off the following:
### Changes from upstream
- In `knative-serving-install/base/upstream/net-istio.yaml`, the `knative-ingress-gateway` Gateway is removed since we use the Kubeflow gateway.
- In `knative-serving/base/upstream/net-istio.yaml`, the `knative-ingress-gateway` Gateway is removed since we use the Kubeflow gateway.
- In `config-istio`, the Knative gateway is set to use `gateway.kubeflow.kubeflow-gateway`.
- In `config-deployment`, `progressDeadline` is set to `600s` as sometimes large models need longer than
the default of `120s` to start the containers.
- In `knative-serving/base/upstream/net-istio.yaml` we explicitly changed the
`portLevelMtls.8443` keys to be string. This was necessary to make these
manifests work with kustomize 4.2 https://github.com/kubernetes-sigs/kustomize/issues/3446
## Knative-Eventing
The manifests for Knative Eventing are based off the the [v0.17.9 release](https://github.com/knative/eventing/releases/tag/v0.17.9).
The manifests for Knative Eventing are based off the the [v0.22.1 release](https://github.com/knative/eventing/releases/tag/v0.22.1).
- [Eventing Core](https://github.com/knative/eventing/releases/download/v0.17.9/eventing-core.yaml)
- [In-Memory Channel](https://github.com/knative/eventing/releases/download/v0.17.9/in-memory-channel.yaml)
- [MT Channel Broker](https://github.com/knative/eventing/releases/download/v0.17.9/mt-channel-broker.yaml)
- [Eventing Core](https://github.com/knative/eventing/releases/download/v0.22.1/eventing-core.yaml)
- [In-Memory Channel](https://github.com/knative/eventing/releases/download/v0.22.1/in-memory-channel.yaml)
- [MT Channel Broker](https://github.com/knative/eventing/releases/download/v0.22.1/mt-channel-broker.yaml)
1. Download the knative-serving manifests with the following commands:
```sh
wget -O knative-eventing/base/upstream/eventing-core.yaml 'https://github.com/knative/eventing/releases/download/v0.17.9/eventing-core.yaml'
wget -O knative-eventing/base/upstream/in-memory-channel.yaml 'https://github.com/knative/eventing/releases/download/v0.17.9/in-memory-channel.yaml'
wget -O knative-eventing/base/upstream/mt-channel-broker.yaml 'https://github.com/knative/eventing/releases/download/v0.17.9/mt-channel-broker.yaml'
wget -O knative-eventing-post-install-jobs/base/eventing-post-install-jobs.yaml https://github.com/knative/eventing/releases/download/v0.17.9/eventing-post-install-jobs.yaml
wget -O knative-eventing/base/upstream/eventing-core.yaml 'https://github.com/knative/eventing/releases/download/v0.22.1/eventing-core.yaml'
wget -O knative-eventing/base/upstream/in-memory-channel.yaml 'https://github.com/knative/eventing/releases/download/v0.22.1/in-memory-channel.yaml'
wget -O knative-eventing/base/upstream/mt-channel-broker.yaml 'https://github.com/knative/eventing/releases/download/v0.22.1/mt-channel-broker.yaml'
wget -O knative-eventing-post-install-jobs/base/eventing-post-install-jobs.yaml https://github.com/knative/eventing/releases/download/v0.22.1/eventing-post-install-jobs.yaml
```
1. Remove all comments, since `yq` does not handle them correctly. See:

96
common/knative/knative-eventing-post-install-jobs/base/eventing-post-install-jobs.yaml
View File

@ -1,10 +1,48 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: knative-eventing-post-install-job-role
labels:
eventing.knative.dev/release: "v0.22.1"
rules:
- apiGroups:
- "apiextensions.k8s.io"
resources:
- "customresourcedefinitions"
- "customresourcedefinitions/status"
verbs:
- "get"
- "list"
- "update"
- "patch"
- "watch"
- apiGroups:
- "sources.knative.dev"
resources:
- "pingsources"
verbs:
- "get"
- "list"
- "create"
- "update"
- "delete"
- "patch"
- "watch"
- apiGroups:
- ""
resources:
- "namespaces"
verbs:
- "get"
- "list"
---
apiVersion: batch/v1
kind: Job
metadata:
name: v0.17.0-pingsource-cleanup
name: v0.22.0-pingsource-cleanup
namespace: knative-eventing
labels:
eventing.knative.dev/release: "v0.17.9"
eventing.knative.dev/release: "v0.22.1"
spec:
ttlSecondsAfterFinished: 600
template:
@ -12,15 +50,65 @@ spec:
annotations:
sidecar.istio.io/inject: "false"
spec:
serviceAccountName: eventing-controller
serviceAccountName: knative-eventing-post-install-job
restartPolicy: Never
containers:
- name: pingsource
image: gcr.io/knative-releases/knative.dev/eventing/cmd/v0.17/pingsource-cleanup@sha256:b015e21c06c0f70d8805eddd89fdf545bddc105af23d91e83f0374d1da51e811
image: gcr.io/knative-releases/knative.dev/eventing/cmd/v0.22/pingsource-cleanup@sha256:837b8d5cfe38afa297d25e7aed30ec8df80f721a084d4fdcc614d65afde4c528
env:
- name: SYSTEM_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: knative-eventing-post-install-job
namespace: knative-eventing
labels:
eventing.knative.dev/release: "v0.22.1"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: knative-eventing-post-install-job-role-binding
labels:
eventing.knative.dev/release: "v0.22.1"
subjects:
- kind: ServiceAccount
name: knative-eventing-post-install-job
namespace: knative-eventing
roleRef:
kind: ClusterRole
name: knative-eventing-post-install-job-role
apiGroup: rbac.authorization.k8s.io
---
apiVersion: batch/v1
kind: Job
metadata:
name: v0.21-storage-version-migration
namespace: knative-eventing
labels:
app: "storage-version-migration"
eventing.knative.dev/release: "v0.22.1"
spec:
ttlSecondsAfterFinished: 600
backoffLimit: 10
template:
metadata:
labels:
app: "storage-version-migration"
eventing.knative.dev/release: "v0.22.1"
annotations:
sidecar.istio.io/inject: "false"
spec:
serviceAccountName: knative-eventing-post-install-job
restartPolicy: OnFailure
containers:
- name: migrate
image: gcr.io/knative-releases/knative.dev/eventing/vendor/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:ef150a99d5b18781746d3934f181a766b27a975cb7593d9283fbd040e9ebfe5b
args:
- "pingsources.sources.knative.dev"
---

3455
common/knative/knative-eventing/base/upstream/eventing-core.yaml
View File

File diff suppressed because it is too large Load Diff

468
common/knative/knative-eventing/base/upstream/in-memory-channel.yaml
View File

@ -4,7 +4,7 @@ metadata:
name: config-imc-event-dispatcher
namespace: knative-eventing
labels:
eventing.knative.dev/release: "v0.17.9"
eventing.knative.dev/release: "v0.22.1"
data:
MaxIdleConnections: "1000"
MaxIdleConnectionsPerHost: "100"
@ -14,7 +14,7 @@ kind: ClusterRole
metadata:
name: imc-addressable-resolver
labels:
eventing.knative.dev/release: "v0.17.9"
eventing.knative.dev/release: "v0.22.1"
duck.knative.dev/addressable: "true"
rules:
- apiGroups:
@ -32,7 +32,7 @@ kind: ClusterRole
metadata:
name: imc-channelable-manipulator
labels:
eventing.knative.dev/release: "v0.17.9"
eventing.knative.dev/release: "v0.22.1"
duck.knative.dev/channelable: "true"
rules:
- apiGroups:
@ -53,7 +53,7 @@ kind: ClusterRole
metadata:
name: imc-controller
labels:
eventing.knative.dev/release: "v0.17.9"
eventing.knative.dev/release: "v0.22.1"
rules:
- apiGroups:
- messaging.knative.dev
@ -71,6 +71,14 @@ rules:
- inmemorychannels/finalizers
verbs:
- update
- apiGroups:
- messaging.knative.dev
resources:
- inmemorychannels/finalizers
- inmemorychannels/status
- inmemorychannels
verbs:
- patch
- apiGroups:
- ""
resources:
@ -148,12 +156,20 @@ rules:
- update
- patch
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: imc-controller
namespace: knative-eventing
labels:
eventing.knative.dev/release: "v0.22.1"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: imc-dispatcher
labels:
eventing.knative.dev/release: "v0.17.9"
eventing.knative.dev/release: "v0.22.1"
rules:
- apiGroups:
- messaging.knative.dev
@ -182,9 +198,11 @@ rules:
- apiGroups:
- messaging.knative.dev
resources:
- inmemorychannels/finalizers
- inmemorychannels/status
- inmemorychannels
verbs:
- update
- patch
- apiGroups:
- coordination.k8s.io
resources:
@ -203,7 +221,7 @@ metadata:
name: imc-dispatcher
namespace: knative-eventing
labels:
eventing.knative.dev/release: "v0.17.9"
eventing.knative.dev/release: "v0.22.1"
messaging.knative.dev/channel: in-memory-channel
messaging.knative.dev/role: dispatcher
spec:
@ -222,22 +240,14 @@ metadata:
name: imc-dispatcher
namespace: knative-eventing
labels:
eventing.knative.dev/release: "v0.17.9"
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: imc-controller
namespace: knative-eventing
labels:
eventing.knative.dev/release: "v0.17.9"
eventing.knative.dev/release: "v0.22.1"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: imc-controller
labels:
eventing.knative.dev/release: "v0.17.9"
eventing.knative.dev/release: "v0.22.1"
subjects:
- kind: ServiceAccount
name: imc-controller
@ -252,7 +262,7 @@ kind: ClusterRoleBinding
metadata:
name: imc-dispatcher
labels:
eventing.knative.dev/release: "v0.17.9"
eventing.knative.dev/release: "v0.22.1"
subjects:
- kind: ServiceAccount
name: imc-dispatcher
@ -267,7 +277,7 @@ kind: CustomResourceDefinition
metadata:
name: inmemorychannels.messaging.knative.dev
labels:
eventing.knative.dev/release: "v0.17.9"
eventing.knative.dev/release: "v0.22.1"
knative.dev/crd-install: "true"
messaging.knative.dev/subscribable: "true"
duck.knative.dev/addressable: "true"
@ -276,13 +286,186 @@ spec:
versions:
- name: v1beta1
served: true
storage: true
storage: false
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
properties:
spec:
description: Spec defines the desired state of the Channel.
type: object
properties:
delivery:
description: DeliverySpec contains the default delivery spec for each subscription to this Channelable. Each subscription delivery spec, if any, overrides this global delivery spec.
type: object
properties:
backoffDelay:
description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*<numberOfRetries>. For exponential policy, backoff delay is backoffDelay*2^<numberOfRetries>.'
type: string
backoffPolicy:
description: BackoffPolicy is the retry backoff policy (linear, exponential).
type: string
deadLetterSink:
description: DeadLetterSink is the sink receiving event that could not be sent to a destination.
type: object
properties:
ref:
description: Ref points to an Addressable.
type: object
properties:
apiVersion:
description: API version of the referent.
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.'
type: string
uri:
description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.
type: string
retry:
description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink.
type: integer
format: int32
subscribers:
description: This is the list of subscriptions for this subscribable.
type: array
items:
type: object
properties:
delivery:
description: DeliverySpec contains options controlling the event delivery
type: object
properties:
backoffDelay:
description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*<numberOfRetries>. For exponential policy, backoff delay is backoffDelay*2^<numberOfRetries>.'
type: string
backoffPolicy:
description: BackoffPolicy is the retry backoff policy (linear, exponential).
type: string
deadLetterSink:
description: DeadLetterSink is the sink receiving event that could not be sent to a destination.
type: object
properties:
ref:
description: Ref points to an Addressable.
type: object
properties:
apiVersion:
description: API version of the referent.
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.'
type: string
uri:
description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.
type: string
retry:
description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink.
type: integer
format: int32
generation:
description: Generation of the origin of the subscriber with uid:UID.
type: integer
format: int64
replyUri:
description: ReplyURI is the endpoint for the reply
type: string
subscriberUri:
description: SubscriberURI is the endpoint for the subscriber
type: string
uid:
description: UID is used to understand the origin of the subscriber.
type: string
status:
description: Status represents the current state of the Channel. This data may be out of date.
type: object
properties:
address:
type: object
properties:
url:
type: string
annotations:
description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
type: object
x-kubernetes-preserve-unknown-fields: true
conditions:
description: Conditions the latest available observations of a resource's current state.
type: array
items:
type: object
properties:
lastTransitionTime:
description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).
type: string
message:
description: A human readable message indicating details about the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
severity:
description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of condition.
type: string
deadLetterChannel:
description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here.
type: object
properties:
apiVersion:
description: API version of the referent.
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.'
type: string
observedGeneration:
description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.
type: integer
format: int64
subscribers:
description: This is the list of subscription's statuses for this channel.
type: array
items:
type: object
properties:
message:
description: A human readable message indicating details of Ready status.
type: string
observedGeneration:
description: Generation of the origin of the subscriber with uid:UID.
type: integer
format: int64
ready:
description: Status of the subscriber.
type: string
uid:
description: UID is used to understand the origin of the subscriber.
type: string
additionalPrinterColumns:
- name: URL
type: string
@ -298,10 +481,6 @@ spec:
jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason"
- subresources:
status: {}
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
additionalPrinterColumns:
- name: URL
type: string
@ -317,7 +496,184 @@ spec:
jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason"
name: v1
served: true
storage: false
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
description: Spec defines the desired state of the Channel.
type: object
properties:
delivery:
description: DeliverySpec contains the default delivery spec for each subscription to this Channelable. Each subscription delivery spec, if any, overrides this global delivery spec.
type: object
properties:
backoffDelay:
description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*<numberOfRetries>. For exponential policy, backoff delay is backoffDelay*2^<numberOfRetries>.'
type: string
backoffPolicy:
description: BackoffPolicy is the retry backoff policy (linear, exponential).
type: string
deadLetterSink:
description: DeadLetterSink is the sink receiving event that could not be sent to a destination.
type: object
properties:
ref:
description: Ref points to an Addressable.
type: object
properties:
apiVersion:
description: API version of the referent.
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.'
type: string
uri:
description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.
type: string
retry:
description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink.
type: integer
format: int32
subscribers:
description: This is the list of subscriptions for this subscribable.
type: array
items:
type: object
properties:
delivery:
description: DeliverySpec contains options controlling the event delivery
type: object
properties:
backoffDelay:
description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*<numberOfRetries>. For exponential policy, backoff delay is backoffDelay*2^<numberOfRetries>.'
type: string
backoffPolicy:
description: BackoffPolicy is the retry backoff policy (linear, exponential).
type: string
deadLetterSink:
description: DeadLetterSink is the sink receiving event that could not be sent to a destination.
type: object
properties:
ref:
description: Ref points to an Addressable.
type: object
properties:
apiVersion:
description: API version of the referent.
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.'
type: string
uri:
description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.
type: string
retry:
description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink.
type: integer
format: int32
generation:
description: Generation of the origin of the subscriber with uid:UID.
type: integer
format: int64
replyUri:
description: ReplyURI is the endpoint for the reply
type: string
subscriberUri:
description: SubscriberURI is the endpoint for the subscriber
type: string
uid:
description: UID is used to understand the origin of the subscriber.
type: string
status:
description: Status represents the current state of the Channel. This data may be out of date.
type: object
properties:
address:
type: object
properties:
url:
type: string
annotations:
description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
type: object
x-kubernetes-preserve-unknown-fields: true
conditions:
description: Conditions the latest available observations of a resource's current state.
type: array
items:
type: object
properties:
lastTransitionTime:
description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).
type: string
message:
description: A human readable message indicating details about the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
severity:
description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of condition.
type: string
deadLetterChannel:
description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here.
type: object
properties:
apiVersion:
description: API version of the referent.
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.'
type: string
observedGeneration:
description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.
type: integer
format: int64
subscribers:
description: This is the list of subscription's statuses for this channel.
type: array
items:
type: object
properties:
message:
description: A human readable message indicating details of Ready status.
type: string
observedGeneration:
description: Generation of the origin of the subscriber with uid:UID.
type: integer
format: int64
ready:
description: Status of the subscriber.
type: string
uid:
description: UID is used to understand the origin of the subscriber.
type: string
names:
kind: InMemoryChannel
plural: inmemorychannels
@ -345,10 +701,9 @@ metadata:
name: imc-controller
namespace: knative-eventing
labels:
eventing.knative.dev/release: "v0.17.9"
eventing.knative.dev/release: "v0.22.1"
knative.dev/high-availability: "true"
spec:
replicas: 1
selector:
matchLabels:
messaging.knative.dev/channel: in-memory-channel
@ -360,9 +715,10 @@ spec:
messaging.knative.dev/role: controller
spec:
serviceAccountName: imc-controller
enableServiceLinks: false
containers:
- name: controller
image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_controller@sha256:d34ff1c1b15eed32277d5dcf98759ac1128108b90e95a89e0970a7d024f5524f
image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_controller@sha256:904f42a768a9bc64999e7302d2bc7c1c48a08e74a82355cf57be513e6a124b82
env:
- name: CONFIG_LOGGING_NAME
value: config-logging
@ -375,7 +731,11 @@ spec:
fieldRef:
fieldPath: metadata.namespace
- name: DISPATCHER_IMAGE
value: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:179418ba847e759d4b14d593a4e616c277a9b8c379cf151e139adf512e070ddd
value: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:a6983f71c04619928199cc21e07ee6f1e1c87586621bc03b10c9ba1abd92bfa8
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
securityContext:
allowPrivilegeEscalation: false
ports:
@ -390,10 +750,9 @@ metadata:
name: imc-dispatcher
namespace: knative-eventing
labels:
eventing.knative.dev/release: "v0.17.9"
eventing.knative.dev/release: "v0.22.1"
knative.dev/high-availability: "true"
spec:
replicas: 1
selector:
matchLabels:
messaging.knative.dev/channel: in-memory-channel
@ -404,10 +763,40 @@ spec:
messaging.knative.dev/channel: in-memory-channel
messaging.knative.dev/role: dispatcher
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
messaging.knative.dev/channel: in-memory-channel
messaging.knative.dev/role: dispatcher
topologyKey: kubernetes.io/hostname
weight: 100
serviceAccountName: imc-dispatcher
enableServiceLinks: false
containers:
- name: dispatcher
image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:179418ba847e759d4b14d593a4e616c277a9b8c379cf151e139adf512e070ddd
image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:a6983f71c04619928199cc21e07ee6f1e1c87586621bc03b10c9ba1abd92bfa8
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 8080
scheme: HTTP
periodSeconds: 2
successThreshold: 1
timeoutSeconds: 1
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 8080
scheme: HTTP
periodSeconds: 2
successThreshold: 1
timeoutSeconds: 1
initialDelaySeconds: 5
env:
- name: CONFIG_LOGGING_NAME
value: config-logging
@ -419,7 +808,20 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: CONTAINER_NAME
value: dispatcher
- name: MAX_IDLE_CONNS
value: "1000"
- name: MAX_IDLE_CONNS_PER_HOST
value: "1000"
ports:
- containerPort: 8080
name: http
protocol: TCP
- containerPort: 9090
name: metrics
---

54
common/knative/knative-eventing/base/upstream/mt-channel-broker.yaml
View File

@ -3,7 +3,7 @@ kind: ClusterRole
metadata:
name: knative-eventing-mt-channel-broker-controller
labels:
eventing.knative.dev/release: "v0.17.9"
eventing.knative.dev/release: "v0.22.1"
rules:
- apiGroups:
- ""
@ -29,7 +29,7 @@ kind: ClusterRole
metadata:
name: knative-eventing-mt-broker-filter
labels:
eventing.knative.dev/release: "v0.17.9"
eventing.knative.dev/release: "v0.22.1"
rules:
- apiGroups:
- eventing.knative.dev
@ -55,14 +55,14 @@ metadata:
name: mt-broker-filter
namespace: knative-eventing
labels:
eventing.knative.dev/release: "v0.17.9"
eventing.knative.dev/release: "v0.22.1"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: knative-eventing-mt-broker-ingress
labels:
eventing.knative.dev/release: "v0.17.9"
eventing.knative.dev/release: "v0.22.1"
rules:
- apiGroups:
- eventing.knative.dev
@ -87,14 +87,14 @@ metadata:
name: mt-broker-ingress
namespace: knative-eventing
labels:
eventing.knative.dev/release: "v0.17.9"
eventing.knative.dev/release: "v0.22.1"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: eventing-mt-channel-broker-controller
labels:
eventing.knative.dev/release: "v0.17.9"
eventing.knative.dev/release: "v0.22.1"
subjects:
- kind: ServiceAccount
name: eventing-controller
@ -109,7 +109,7 @@ kind: ClusterRoleBinding
metadata:
name: knative-eventing-mt-broker-filter
labels:
eventing.knative.dev/release: "v0.17.9"
eventing.knative.dev/release: "v0.22.1"
subjects:
- kind: ServiceAccount
name: mt-broker-filter
@ -124,7 +124,7 @@ kind: ClusterRoleBinding
metadata:
name: knative-eventing-mt-broker-ingress
labels:
eventing.knative.dev/release: "v0.17.9"
eventing.knative.dev/release: "v0.22.1"
subjects:
- kind: ServiceAccount
name: mt-broker-ingress
@ -140,7 +140,7 @@ metadata:
name: mt-broker-filter
namespace: knative-eventing
labels:
eventing.knative.dev/release: "v0.17.9"
eventing.knative.dev/release: "v0.22.1"
spec:
selector:
matchLabels:
@ -149,13 +149,14 @@ spec:
metadata:
labels:
eventing.knative.dev/brokerRole: filter
eventing.knative.dev/release: "v0.17.9"
eventing.knative.dev/release: "v0.22.1"
spec:
serviceAccountName: mt-broker-filter
enableServiceLinks: false
containers:
- name: filter
terminationMessagePolicy: FallbackToLogsOnError
image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtbroker/filter@sha256:3647e616db340bc572881e04fb0f128de900c817ff12ebdab02383b97da71bc3
image: gcr.io/knative-releases/knative.dev/eventing/cmd/broker/filter@sha256:0e25aa1613a3a1779b3f7b7f863e651e5f37520a7f6808ccad2164cc2b6a9b12
readinessProbe:
failureThreshold: 3
httpGet:
@ -183,7 +184,7 @@ spec:
- containerPort: 8080
name: http
protocol: TCP
- containerPort: 9090
- containerPort: 9092
name: metrics
protocol: TCP
terminationMessagePath: /dev/termination-log
@ -220,7 +221,7 @@ kind: Service
metadata:
labels:
eventing.knative.dev/brokerRole: filter
eventing.knative.dev/release: "v0.17.9"
eventing.knative.dev/release: "v0.22.1"
name: broker-filter
namespace: knative-eventing
spec:
@ -242,7 +243,7 @@ metadata:
name: mt-broker-ingress
namespace: knative-eventing
labels:
eventing.knative.dev/release: "v0.17.9"
eventing.knative.dev/release: "v0.22.1"
spec:
selector:
matchLabels:
@ -251,13 +252,14 @@ spec:
metadata:
labels:
eventing.knative.dev/brokerRole: ingress
eventing.knative.dev/release: "v0.17.9"
eventing.knative.dev/release: "v0.22.1"
spec:
serviceAccountName: mt-broker-ingress
enableServiceLinks: false
containers:
- name: ingress
terminationMessagePolicy: FallbackToLogsOnError
image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtbroker/ingress@sha256:7520fbd1a38e9b2f6ce28b2ef7628c728d252e738b44fdf6b0f6055fa8f4d0d0
image: gcr.io/knative-releases/knative.dev/eventing/cmd/broker/ingress@sha256:cf579f88aa2a37c240e25bb886c1ef5404e326e12c7caf571e49308612243eee
readinessProbe:
failureThreshold: 3
httpGet:
@ -285,7 +287,7 @@ spec:
- containerPort: 8080
name: http
protocol: TCP
- containerPort: 9090
- containerPort: 9092
name: metrics
protocol: TCP
terminationMessagePath: /dev/termination-log
@ -322,7 +324,7 @@ kind: Service
metadata:
labels:
eventing.knative.dev/brokerRole: ingress
eventing.knative.dev/release: "v0.17.9"
eventing.knative.dev/release: "v0.22.1"
name: broker-ingress
namespace: knative-eventing
spec:
@ -344,9 +346,8 @@ metadata:
name: mt-broker-controller
namespace: knative-eventing
labels:
eventing.knative.dev/release: "v0.17.9"
eventing.knative.dev/release: "v0.22.1"
spec:
replicas: 1
selector:
matchLabels:
app: mt-broker-controller
@ -354,7 +355,7 @@ spec:
metadata:
labels:
app: mt-broker-controller
eventing.knative.dev/release: "v0.17.9"
eventing.knative.dev/release: "v0.22.1"
spec:
affinity:
podAntiAffinity:
@ -366,10 +367,11 @@ spec:
topologyKey: kubernetes.io/hostname
weight: 100
serviceAccountName: eventing-controller
enableServiceLinks: false
containers:
- name: mt-broker-controller
terminationMessagePolicy: FallbackToLogsOnError
image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtchannel_broker@sha256:28cbe7aed7e32f34aa124b02f73fe8fd620230d0102574eceee9e0780704690c
image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtchannel_broker@sha256:a2678934d280ea19b0804cc7757d559a0312e2acea221b17a99bd830cd9eeaac
resources:
requests:
cpu: 100m
@ -387,6 +389,10 @@ spec:
value: knative.dev/eventing
- name: BROKER_INJECTION_DEFAULT
value: "false"
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
securityContext:
allowPrivilegeEscalation: false
ports:
@ -401,7 +407,7 @@ metadata:
name: broker-ingress-hpa
namespace: knative-eventing
labels:
eventing.knative.dev/release: "v0.17.9"
eventing.knative.dev/release: "v0.22.1"
spec:
scaleTargetRef:
apiVersion: apps/v1
@ -423,7 +429,7 @@ metadata:
name: broker-filter-hpa
namespace: knative-eventing
labels:
eventing.knative.dev/release: "v0.17.9"
eventing.knative.dev/release: "v0.22.1"
spec:
scaleTargetRef:
apiVersion: apps/v1

4
common/knative/knative-serving-post-install-jobs/base/serving-post-install-jobs.yaml
View File

@ -5,7 +5,7 @@ metadata:
namespace: knative-serving
labels:
app: "storage-version-migration-serving"
serving.knative.dev/release: "v0.17.4"
serving.knative.dev/release: "v0.22.1"
name: storage-version-migration-serving
spec:
ttlSecondsAfterFinished: 600
@ -21,7 +21,7 @@ spec:
restartPolicy: OnFailure
containers:
- name: migrate
image: gcr.io/knative-releases/knative.dev/serving/vendor/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:2a4acab909144b9bd25869f74ff1eaf200d06f0543a20f8659a6c6a0791f275f
image: gcr.io/knative-releases/knative.dev/serving/vendor/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:dce9002c02d7abda2f7d4b656c28029ec172d085bb116f22936cb1e096c3d1c7
args:
- "services.serving.knative.dev"
- "configurations.serving.knative.dev"

21
common/knative/knative-serving/base/istio-authorization-policy.yaml
View File

@ -2,14 +2,12 @@ apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: activator-service
namespace: knative-serving
spec:
action: ALLOW
selector:
matchLabels:
app: activator
app.kubernetes.io/component: knative-serving
app.kubernetes.io/name: knative-serving
kustomize.component: knative
rules:
- {}
---
@ -17,14 +15,12 @@ apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: autoscaler
namespace: knative-serving
spec:
action: ALLOW
selector:
matchLabels:
app: autoscaler
app.kubernetes.io/component: knative-serving
app.kubernetes.io/name: knative-serving
kustomize.component: knative
rules:
- {}
---
@ -32,14 +28,12 @@ apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: controller
namespace: knative-serving
spec:
action: ALLOW
selector:
matchLabels:
app: controller
app.kubernetes.io/component: knative-serving
app.kubernetes.io/name: knative-serving
kustomize.component: knative
rules:
- {}
---
@ -47,13 +41,11 @@ apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: webhook
namespace: knative-serving
spec:
action: ALLOW
selector:
matchLabels:
app.kubernetes.io/component: knative-serving
app.kubernetes.io/name: knative-serving
kustomize.component: knative
role: webhook
rules:
- {}
@ -63,14 +55,12 @@ apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: istio-webhook
namespace: knative-serving
spec:
action: ALLOW
selector:
matchLabels:
app: istio-webhook
kustomize.component: knative
app.kubernetes.io/component: knative-serving
app.kubernetes.io/name: knative-serving
rules:
- {}
---
@ -80,6 +70,7 @@ apiVersion: "networking.istio.io/v1alpha3"
kind: DestinationRule
metadata:
name: knative
namespace: knative-serving
spec:
host: "*.knative-serving.svc.cluster.local"
trafficPolicy:

5
common/knative/knative-serving/base/kustomization.yaml
View File

@ -1,6 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: knative-serving
resources:
- upstream/serving-core.yaml
- upstream/net-istio.yaml
@ -9,10 +8,6 @@ patchesStrategicMerge:
- patches/configmap-patch.yaml
- patches/namespace-injection.yaml
- patches/clusterrole-patch.yaml
commonLabels:
kustomize.component: knative
app.kubernetes.io/component: knative-serving
app.kubernetes.io/name: knative-serving
patches:
- path: patches/sidecar-injection.yaml
target:

116
common/knative/knative-serving/base/upstream/net-istio.yaml
View File

@ -3,39 +3,104 @@ apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: knative-serving-istio
labels:
serving.knative.dev/release: "v0.17.1"
serving.knative.dev/release: "v0.22.1"
serving.knative.dev/controller: "true"
networking.knative.dev/ingress-provider: istio
rules:
- apiGroups: ["networking.istio.io"]
resources: ["virtualservices", "gateways"]
resources: ["virtualservices", "gateways", "destinationrules"]
verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: cluster-local-gateway
name: knative-local-gateway
namespace: knative-serving
labels:
serving.knative.dev/release: "v0.17.1"
serving.knative.dev/release: "v0.22.1"
networking.knative.dev/ingress-provider: istio
spec:
selector:
istio: cluster-local-gateway
istio: ingressgateway
servers:
- port:
number: 80
number: 8081
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: admissionregistration.k8s.io/v1beta1
apiVersion: v1
kind: Service
metadata:
name: knative-local-gateway
namespace: istio-system
labels:
serving.knative.dev/release: "v0.22.1"
networking.knative.dev/ingress-provider: istio
spec:
type: ClusterIP
selector:
istio: ingressgateway
ports:
- name: http2
port: 80
targetPort: 8081
---
apiVersion: "security.istio.io/v1beta1"
kind: "PeerAuthentication"
metadata:
name: "webhook"
namespace: "knative-serving"
labels:
serving.knative.dev/release: "v0.22.1"
networking.knative.dev/ingress-provider: istio
spec:
selector:
matchLabels:
app: webhook
portLevelMtls:
"8443":
mode: PERMISSIVE
---
apiVersion: "security.istio.io/v1beta1"
kind: "PeerAuthentication"
metadata:
name: "domainmapping-webhook"
namespace: "knative-serving"
labels:
serving.knative.dev/release: "v0.22.1"
networking.knative.dev/ingress-provider: istio
spec:
selector:
matchLabels:
app: domainmapping-webhook
portLevelMtls:
"8443":
mode: PERMISSIVE
---
apiVersion: "security.istio.io/v1beta1"
kind: "PeerAuthentication"
metadata:
name: "istio-webhook"
namespace: "knative-serving"
labels:
serving.knative.dev/release: "v0.22.1"
networking.knative.dev/ingress-provider: istio
spec:
selector:
matchLabels:
app: istio-webhook
portLevelMtls:
"8443":
mode: PERMISSIVE
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: webhook.istio.networking.internal.knative.dev
labels:
serving.knative.dev/release: "v0.17.1"
serving.knative.dev/release: "v0.22.1"
networking.knative.dev/ingress-provider: istio
webhooks:
- admissionReviewVersions:
@ -51,12 +116,12 @@ webhooks:
- {key: "serving.knative.dev/configuration", operator: Exists}
name: webhook.istio.networking.internal.knative.dev
---
apiVersion: admissionregistration.k8s.io/v1beta1
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: config.webhook.istio.networking.internal.knative.dev
labels:
serving.knative.dev/release: "v0.17.1"
serving.knative.dev/release: "v0.22.1"
networking.knative.dev/ingress-provider: istio
webhooks:
- admissionReviewVersions:
@ -79,7 +144,7 @@ metadata:
name: istio-webhook-certs
namespace: knative-serving
labels:
serving.knative.dev/release: "v0.17.1"
serving.knative.dev/release: "v0.22.1"
networking.knative.dev/ingress-provider: istio
---
apiVersion: v1
@ -88,7 +153,7 @@ metadata:
name: config-istio
namespace: knative-serving
labels:
serving.knative.dev/release: "v0.17.1"
serving.knative.dev/release: "v0.22.1"
networking.knative.dev/ingress-provider: istio
data:
_example: |
@ -130,11 +195,15 @@ data:
# {{local_gateway_namespace}} is optional; when it is omitted, the system
# will search for the local gateway in the serving system namespace
# `knative-serving`
local-gateway.knative-serving.cluster-local-gateway: "cluster-local-gateway.istio-system.svc.cluster.local"
local-gateway.knative-serving.knative-local-gateway: "knative-local-gateway.istio-system.svc.cluster.local"
# To use only Istio service mesh and no cluster-local-gateway, replace
# To use only Istio service mesh and no knative-local-gateway, replace
# all local-gateway.* entries by the following entry.
local-gateway.mesh: "mesh"
# If true, knative will use the Istio VirtualService's status to determine
# endpoint readiness. Otherwise, probe as usual.
enable-virtualservice-status: "false"
---
apiVersion: apps/v1
kind: Deployment
@ -142,7 +211,7 @@ metadata:
name: networking-istio
namespace: knative-serving
labels:
serving.knative.dev/release: "v0.17.1"
serving.knative.dev/release: "v0.22.1"
networking.knative.dev/ingress-provider: istio
spec:
selector:
@ -155,12 +224,12 @@ spec:
sidecar.istio.io/inject: "false"
labels:
app: networking-istio
serving.knative.dev/release: "v0.17.1"
serving.knative.dev/release: "v0.22.1"
spec:
serviceAccountName: controller
containers:
- name: networking-istio
image: gcr.io/knative-releases/knative.dev/net-istio/cmd/controller@sha256:d641b71dfc38afcbd30121b57f11cb3c489413b93166ae77d724da1b2a5f5759
image: gcr.io/knative-releases/knative.dev/net-istio/cmd/controller@sha256:ff8680da52ef47b8573ebc3393cbfa2f0f14b05c1e02232807f22699adbef57a
resources:
requests:
cpu: 30m
@ -181,6 +250,11 @@ spec:
value: knative.dev/net-istio
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
capabilities:
drop:
- all
ports:
- name: metrics
containerPort: 9090
@ -193,7 +267,7 @@ metadata:
name: istio-webhook
namespace: knative-serving
labels:
serving.knative.dev/release: "v0.17.1"
serving.knative.dev/release: "v0.22.1"
networking.knative.dev/ingress-provider: istio
spec:
selector:
@ -207,12 +281,12 @@ spec:
labels:
app: istio-webhook
role: istio-webhook
serving.knative.dev/release: "v0.17.1"
serving.knative.dev/release: "v0.22.1"
spec:
serviceAccountName: controller
containers:
- name: webhook
image: gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook@sha256:23df9385de0f11ae3bfcdf03ed5e9935342a5433990ef2e515df5b418d978468
image: gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook@sha256:1e371db6b1a9f9265fc7a55d15d98c935c0c28925ffde351fb3b93f331c5a08e
resources:
requests:
cpu: 20m
@ -250,7 +324,7 @@ metadata:
namespace: knative-serving
labels:
role: istio-webhook
serving.knative.dev/release: "v0.17.1"
serving.knative.dev/release: "v0.22.1"
networking.knative.dev/ingress-provider: istio
spec:
ports:

1740
common/knative/knative-serving/base/upstream/serving-core.yaml
View File

File diff suppressed because it is too large Load Diff