From 9ace32d2e43db5b8b84467014bdf8bb7766a78ae Mon Sep 17 00:00:00 2001 From: Stavros Kontopoulos Date: Wed, 1 Jun 2022 14:21:56 +0300 Subject: [PATCH] bump manifests for serving --- ...erless-operator.clusterserviceversion.yaml | 84 +-- olm-catalog/serverless-operator/project.yaml | 6 +- .../kodata/ingress/1.3/0-kourier.yaml | 503 ++++++++++++++++++ .../ingress/1.3/0-networkpolicy-mesh.yaml | 63 +++ .../kodata/ingress/1.3/1-200-clusterrole.yaml | 30 ++ .../kodata/ingress/1.3/1-config-network.yaml | 193 +++++++ .../ingress/1.3/2-400-config-istio.yaml | 78 +++ .../kodata/ingress/1.3/3-500-controller.yaml | 89 ++++ .../ingress/1.3/4-500-webhook-deployment.yaml | 83 +++ .../ingress/1.3/5-500-webhook-secret.yaml | 25 + .../ingress/1.3/6-500-webhook-service.yaml | 40 ++ .../ingress/1.3/7-600-mutating-webhook.yaml | 38 ++ .../ingress/1.3/8-600-validating-webhook.yaml | 39 ++ .../{1.2.0 => 1.3.0}/1-serving-crds.yaml | 58 +- .../{1.2.0 => 1.3.0}/2-serving-core.yaml | 308 ++++++----- .../{1.2.0 => 1.3.0}/3-serving-hpa.yaml | 12 +- .../4-serving-post-install-jobs.yaml | 8 +- .../hack/001-serving-namespace-deletion.patch | 10 +- .../hack/002-openshift-serving-role.patch | 6 +- .../hack/003-serving-pdb.patch | 14 +- .../hack/007-networkpolicy-mesh.patch | 4 +- .../hack/008-kourier-rollout.patch | 8 +- openshift/ci-operator/source-image/Dockerfile | 2 +- 23 files changed, 1445 insertions(+), 256 deletions(-) create mode 100644 openshift-knative-operator/cmd/operator/kodata/ingress/1.3/0-kourier.yaml create mode 100644 openshift-knative-operator/cmd/operator/kodata/ingress/1.3/0-networkpolicy-mesh.yaml create mode 100644 openshift-knative-operator/cmd/operator/kodata/ingress/1.3/1-200-clusterrole.yaml create mode 100644 openshift-knative-operator/cmd/operator/kodata/ingress/1.3/1-config-network.yaml create mode 100644 openshift-knative-operator/cmd/operator/kodata/ingress/1.3/2-400-config-istio.yaml create mode 100644 openshift-knative-operator/cmd/operator/kodata/ingress/1.3/3-500-controller.yaml create mode 100644 openshift-knative-operator/cmd/operator/kodata/ingress/1.3/4-500-webhook-deployment.yaml create mode 100644 openshift-knative-operator/cmd/operator/kodata/ingress/1.3/5-500-webhook-secret.yaml create mode 100644 openshift-knative-operator/cmd/operator/kodata/ingress/1.3/6-500-webhook-service.yaml create mode 100644 openshift-knative-operator/cmd/operator/kodata/ingress/1.3/7-600-mutating-webhook.yaml create mode 100644 openshift-knative-operator/cmd/operator/kodata/ingress/1.3/8-600-validating-webhook.yaml rename openshift-knative-operator/cmd/operator/kodata/knative-serving/{1.2.0 => 1.3.0}/1-serving-crds.yaml (99%) rename openshift-knative-operator/cmd/operator/kodata/knative-serving/{1.2.0 => 1.3.0}/2-serving-core.yaml (97%) rename openshift-knative-operator/cmd/operator/kodata/knative-serving/{1.2.0 => 1.3.0}/3-serving-hpa.yaml (92%) rename openshift-knative-operator/cmd/operator/kodata/knative-serving/{1.2.0 => 1.3.0}/4-serving-post-install-jobs.yaml (91%) diff --git a/olm-catalog/serverless-operator/manifests/serverless-operator.clusterserviceversion.yaml b/olm-catalog/serverless-operator/manifests/serverless-operator.clusterserviceversion.yaml index 706d5d510a..273a89f60f 100644 --- a/olm-catalog/serverless-operator/manifests/serverless-operator.clusterserviceversion.yaml +++ b/olm-catalog/serverless-operator/manifests/serverless-operator.clusterserviceversion.yaml @@ -430,33 +430,33 @@ spec: - name: SERVICE_MONITOR_RBAC_MANIFEST_PATH value: "/var/run/ko/monitoring/rbac-proxy.yaml" - name: "IMAGE_queue-proxy" - value: "registry.ci.openshift.org/openshift/knative-v1.2.0:knative-serving-queue" + value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-queue" - name: "IMAGE_activator" - value: "registry.ci.openshift.org/openshift/knative-v1.2.0:knative-serving-activator" + value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-activator" - name: "IMAGE_autoscaler" - value: "registry.ci.openshift.org/openshift/knative-v1.2.0:knative-serving-autoscaler" + value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-autoscaler" - name: "IMAGE_autoscaler-hpa" - value: "registry.ci.openshift.org/openshift/knative-v1.2.0:knative-serving-autoscaler-hpa" + value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-autoscaler-hpa" - name: "IMAGE_controller__controller" - value: "registry.ci.openshift.org/openshift/knative-v1.2.0:knative-serving-controller" + value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-controller" - name: "IMAGE_webhook__webhook" - value: "registry.ci.openshift.org/openshift/knative-v1.2.0:knative-serving-webhook" + value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-webhook" - name: "IMAGE_domain-mapping" - value: "registry.ci.openshift.org/openshift/knative-v1.2.0:knative-serving-domain-mapping" + value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-domain-mapping" - name: "IMAGE_domainmapping-webhook" - value: "registry.ci.openshift.org/openshift/knative-v1.2.0:knative-serving-domain-mapping-webhook" - - name: "IMAGE_storage-version-migration-serving-serving-1.2.0__migrate" - value: "registry.ci.openshift.org/openshift/knative-v1.2.0:knative-serving-storage-version-migration" + value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-domain-mapping-webhook" + - name: "IMAGE_storage-version-migration-serving-serving-1.3.0__migrate" + value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-storage-version-migration" - name: "IMAGE_kourier-gateway" value: "quay.io/maistra/proxyv2-ubi8:2.1.0" - name: "IMAGE_kourier-control" - value: "registry.ci.openshift.org/openshift/knative-v1.2.0:kourier" + value: "registry.ci.openshift.org/openshift/knative-v1.3.0:kourier" - name: "IMAGE_net-kourier-controller__controller" - value: "registry.ci.openshift.org/openshift/knative-v1.2.0:kourier" + value: "registry.ci.openshift.org/openshift/knative-v1.3.0:kourier" - name: "IMAGE_net-istio-controller__controller" - value: "registry.ci.openshift.org/openshift/knative-v1.2.0:net-istio-controller" + value: "registry.ci.openshift.org/openshift/knative-v1.3.0:net-istio-controller" - name: "IMAGE_net-istio-webhook__webhook" - value: "registry.ci.openshift.org/openshift/knative-v1.2.0:net-istio-webhook" + value: "registry.ci.openshift.org/openshift/knative-v1.3.0:net-istio-webhook" - name: "IMAGE_eventing-controller__eventing-controller" value: "registry.ci.openshift.org/openshift/knative-v1.2.1:knative-eventing-controller" - name: "IMAGE_sugar-controller__controller" @@ -573,33 +573,33 @@ spec: - name: SOURCES_GENERATE_SERVICE_MONITORS value: "true" - name: "IMAGE_queue-proxy" - value: "registry.ci.openshift.org/openshift/knative-v1.2.0:knative-serving-queue" + value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-queue" - name: "IMAGE_activator" - value: "registry.ci.openshift.org/openshift/knative-v1.2.0:knative-serving-activator" + value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-activator" - name: "IMAGE_autoscaler" - value: "registry.ci.openshift.org/openshift/knative-v1.2.0:knative-serving-autoscaler" + value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-autoscaler" - name: "IMAGE_autoscaler-hpa" - value: "registry.ci.openshift.org/openshift/knative-v1.2.0:knative-serving-autoscaler-hpa" + value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-autoscaler-hpa" - name: "IMAGE_controller__controller" - value: "registry.ci.openshift.org/openshift/knative-v1.2.0:knative-serving-controller" + value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-controller" - name: "IMAGE_webhook__webhook" - value: "registry.ci.openshift.org/openshift/knative-v1.2.0:knative-serving-webhook" + value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-webhook" - name: "IMAGE_domain-mapping" - value: "registry.ci.openshift.org/openshift/knative-v1.2.0:knative-serving-domain-mapping" + value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-domain-mapping" - name: "IMAGE_domainmapping-webhook" - value: "registry.ci.openshift.org/openshift/knative-v1.2.0:knative-serving-domain-mapping-webhook" - - name: "IMAGE_storage-version-migration-serving-serving-1.2.0__migrate" - value: "registry.ci.openshift.org/openshift/knative-v1.2.0:knative-serving-storage-version-migration" + value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-domain-mapping-webhook" + - name: "IMAGE_storage-version-migration-serving-serving-1.3.0__migrate" + value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-storage-version-migration" - name: "IMAGE_kourier-gateway" value: "quay.io/maistra/proxyv2-ubi8:2.1.0" - name: "IMAGE_kourier-control" - value: "registry.ci.openshift.org/openshift/knative-v1.2.0:kourier" + value: "registry.ci.openshift.org/openshift/knative-v1.3.0:kourier" - name: "IMAGE_net-kourier-controller__controller" - value: "registry.ci.openshift.org/openshift/knative-v1.2.0:kourier" + value: "registry.ci.openshift.org/openshift/knative-v1.3.0:kourier" - name: "IMAGE_net-istio-controller__controller" - value: "registry.ci.openshift.org/openshift/knative-v1.2.0:net-istio-controller" + value: "registry.ci.openshift.org/openshift/knative-v1.3.0:net-istio-controller" - name: "IMAGE_net-istio-webhook__webhook" - value: "registry.ci.openshift.org/openshift/knative-v1.2.0:net-istio-webhook" + value: "registry.ci.openshift.org/openshift/knative-v1.3.0:net-istio-webhook" - name: "IMAGE_eventing-controller__eventing-controller" value: "registry.ci.openshift.org/openshift/knative-v1.2.1:knative-eventing-controller" - name: "IMAGE_sugar-controller__controller" @@ -812,33 +812,33 @@ spec: # This reference will be replaced in local builds and CI via hack/lib/catalogsource.bash. image: registry.ci.openshift.org/knative/openshift-serverless-nightly:knative-openshift-ingress - name: "IMAGE_queue-proxy" - image: "registry.ci.openshift.org/openshift/knative-v1.2.0:knative-serving-queue" + image: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-queue" - name: "IMAGE_activator" - image: "registry.ci.openshift.org/openshift/knative-v1.2.0:knative-serving-activator" + image: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-activator" - name: "IMAGE_autoscaler" - image: "registry.ci.openshift.org/openshift/knative-v1.2.0:knative-serving-autoscaler" + image: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-autoscaler" - name: "IMAGE_autoscaler-hpa" - image: "registry.ci.openshift.org/openshift/knative-v1.2.0:knative-serving-autoscaler-hpa" + image: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-autoscaler-hpa" - name: "IMAGE_controller__controller" - image: "registry.ci.openshift.org/openshift/knative-v1.2.0:knative-serving-controller" + image: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-controller" - name: "IMAGE_webhook__webhook" - image: "registry.ci.openshift.org/openshift/knative-v1.2.0:knative-serving-webhook" + image: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-webhook" - name: "IMAGE_domain-mapping" - image: "registry.ci.openshift.org/openshift/knative-v1.2.0:knative-serving-domain-mapping" + image: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-domain-mapping" - name: "IMAGE_domainmapping-webhook" - image: "registry.ci.openshift.org/openshift/knative-v1.2.0:knative-serving-domain-mapping-webhook" - - name: "IMAGE_storage-version-migration-serving-serving-1.2.0__migrate" - image: "registry.ci.openshift.org/openshift/knative-v1.2.0:knative-serving-storage-version-migration" + image: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-domain-mapping-webhook" + - name: "IMAGE_storage-version-migration-serving-serving-1.3.0__migrate" + image: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-storage-version-migration" - name: "IMAGE_kourier-gateway" image: "quay.io/maistra/proxyv2-ubi8:2.1.0" - name: "IMAGE_kourier-control" - image: "registry.ci.openshift.org/openshift/knative-v1.2.0:kourier" + image: "registry.ci.openshift.org/openshift/knative-v1.3.0:kourier" - name: "IMAGE_net-kourier-controller__controller" - image: "registry.ci.openshift.org/openshift/knative-v1.2.0:kourier" + image: "registry.ci.openshift.org/openshift/knative-v1.3.0:kourier" - name: "IMAGE_net-istio-controller__controller" - image: "registry.ci.openshift.org/openshift/knative-v1.2.0:net-istio-controller" + image: "registry.ci.openshift.org/openshift/knative-v1.3.0:net-istio-controller" - name: "IMAGE_net-istio-webhook__webhook" - image: "registry.ci.openshift.org/openshift/knative-v1.2.0:net-istio-webhook" + image: "registry.ci.openshift.org/openshift/knative-v1.3.0:net-istio-webhook" - name: "IMAGE_eventing-controller__eventing-controller" image: "registry.ci.openshift.org/openshift/knative-v1.2.1:knative-eventing-controller" - name: "IMAGE_sugar-controller__controller" diff --git a/olm-catalog/serverless-operator/project.yaml b/olm-catalog/serverless-operator/project.yaml index aa6ec31a6c..71ba763a65 100644 --- a/olm-catalog/serverless-operator/project.yaml +++ b/olm-catalog/serverless-operator/project.yaml @@ -22,9 +22,9 @@ requirements: label: 'v4.6' dependencies: - serving: 1.2.0 - kourier: 1.2.0 - net_istio: 1.2.0 + serving: 1.3.0 + kourier: 1.3.0 + net_istio: 1.3.0 maistra: 2.1.0 eventing: 1.2.1 diff --git a/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/0-kourier.yaml b/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/0-kourier.yaml new file mode 100644 index 0000000000..0da953191e --- /dev/null +++ b/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/0-kourier.yaml @@ -0,0 +1,503 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Namespace +metadata: + name: kourier-system + labels: + networking.knative.dev/ingress-provider: kourier + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: net-kourier + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: kourier-bootstrap + namespace: kourier-system + labels: + networking.knative.dev/ingress-provider: kourier + app.kubernetes.io/component: net-kourier + app.kubernetes.io/version: "1.3.0" + app.kubernetes.io/name: knative-serving + serving.knative.dev/release: "v1.3.0" +data: + envoy-bootstrap.yaml: | + dynamic_resources: + ads_config: + transport_api_version: V3 + api_type: GRPC + rate_limit_settings: {} + grpc_services: + - envoy_grpc: {cluster_name: xds_cluster} + cds_config: + resource_api_version: V3 + ads: {} + lds_config: + resource_api_version: V3 + ads: {} + node: + cluster: kourier-knative + id: 3scale-kourier-gateway + static_resources: + listeners: + - name: stats_listener + address: + socket_address: + address: 0.0.0.0 + port_value: 9000 + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: stats_server + http_filters: + - name: envoy.filters.http.router + route_config: + virtual_hosts: + - name: admin_interface + domains: + - "*" + routes: + - match: + safe_regex: + google_re2: {} + regex: '/(certs|stats(/prometheus)?|server_info|clusters|listeners|ready)?' + headers: + - name: ':method' + exact_match: GET + route: + cluster: service_stats + clusters: + - name: service_stats + connect_timeout: 0.250s + type: static + load_assignment: + cluster_name: service_stats + endpoints: + lb_endpoints: + endpoint: + address: + pipe: + path: /tmp/envoy.admin + - name: xds_cluster + connect_timeout: 1s + type: strict_dns + load_assignment: + cluster_name: xds_cluster + endpoints: + lb_endpoints: + endpoint: + address: + socket_address: + address: "net-kourier-controller" + port_value: 18000 + http2_protocol_options: {} + type: STRICT_DNS + admin: + access_log_path: "/dev/stdout" + address: + pipe: + path: /tmp/envoy.admin + +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-kourier + namespace: knative-serving + labels: + networking.knative.dev/ingress-provider: kourier + app.kubernetes.io/component: net-kourier + app.kubernetes.io/version: "1.3.0" + app.kubernetes.io/name: knative-serving + serving.knative.dev/release: "v1.3.0" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # Specifies whether requests reaching the Kourier gateway + # in the context of services should be logged. Readiness + # probes etc. must be configured via the bootstrap config. + enable-service-access-logging: "true" + + # Specifies whether to use proxy-protocol in order to safely + # transport connection information such as a client's address + # across multiple layers of TCP proxies. + # NOTE THAT THIS IS AN EXPERIMENTAL / ALPHA FEATURE + enable-proxy-protocol: "false" + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: net-kourier + namespace: knative-serving + labels: + networking.knative.dev/ingress-provider: kourier + app.kubernetes.io/component: net-kourier + app.kubernetes.io/version: "1.3.0" + app.kubernetes.io/name: knative-serving + serving.knative.dev/release: "v1.3.0" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: net-kourier + namespace: knative-serving + labels: + networking.knative.dev/ingress-provider: kourier + app.kubernetes.io/component: net-kourier + app.kubernetes.io/version: "1.3.0" + app.kubernetes.io/name: knative-serving + serving.knative.dev/release: "v1.3.0" +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "update", "patch"] + - apiGroups: [""] + resources: ["pods", "endpoints", "services", "secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["networking.internal.knative.dev"] + resources: ["ingresses"] + verbs: ["get", "list", "watch", "patch"] + - apiGroups: ["networking.internal.knative.dev"] + resources: ["ingresses/status"] + verbs: ["update"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: net-kourier + labels: + networking.knative.dev/ingress-provider: kourier + app.kubernetes.io/component: net-kourier + app.kubernetes.io/version: "1.3.0" + app.kubernetes.io/name: knative-serving + serving.knative.dev/release: "v1.3.0" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: net-kourier +subjects: + - kind: ServiceAccount + name: net-kourier + namespace: knative-serving + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: net-kourier-controller + namespace: knative-serving + labels: + networking.knative.dev/ingress-provider: kourier + app.kubernetes.io/component: net-kourier + app.kubernetes.io/version: "1.3.0" + app.kubernetes.io/name: knative-serving + serving.knative.dev/release: "v1.3.0" +spec: + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 0 + maxSurge: 100% + replicas: 1 + selector: + matchLabels: + app: net-kourier-controller + template: + metadata: + labels: + app: net-kourier-controller + spec: + containers: + - image: TO_BE_REPLACED + name: controller + env: + - name: CERTS_SECRET_NAMESPACE + value: "" + - name: CERTS_SECRET_NAME + value: "" + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: METRICS_DOMAIN + value: "knative.dev/samples" + - name: KOURIER_GATEWAY_NAMESPACE + value: "kourier-system" + ports: + - name: http2-xds + containerPort: 18000 + protocol: TCP + readinessProbe: + exec: + command: ["/ko-app/kourier", "-probe-addr=:18000"] + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all + restartPolicy: Always + serviceAccountName: net-kourier +--- +apiVersion: v1 +kind: Service +metadata: + name: net-kourier-controller + namespace: knative-serving + labels: + networking.knative.dev/ingress-provider: kourier + app.kubernetes.io/component: net-kourier + app.kubernetes.io/version: "1.3.0" + app.kubernetes.io/name: knative-serving + serving.knative.dev/release: "v1.3.0" +spec: + ports: + - name: grpc-xds + port: 18000 + protocol: TCP + targetPort: 18000 + selector: + app: net-kourier-controller + type: ClusterIP + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: 3scale-kourier-gateway + namespace: kourier-system + labels: + networking.knative.dev/ingress-provider: kourier + app.kubernetes.io/component: net-kourier + app.kubernetes.io/version: "1.3.0" + app.kubernetes.io/name: knative-serving + serving.knative.dev/release: "v1.3.0" +spec: + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 0 + maxSurge: 100% + selector: + matchLabels: + app: 3scale-kourier-gateway + template: + metadata: + labels: + app: 3scale-kourier-gateway + annotations: + # v0.26 supports envoy v3 API, so + # adding this label to restart pod. + networking.knative.dev/poke: "v0.26" + spec: + containers: + - args: + - --base-id 1 + - -c /tmp/config/envoy-bootstrap.yaml + - --log-level info + command: + - /usr/local/bin/envoy + image: TO_BE_REPLACED + name: kourier-gateway + ports: + - name: http2-external + containerPort: 8080 + protocol: TCP + - name: http2-internal + containerPort: 8081 + protocol: TCP + - name: https-external + containerPort: 8443 + protocol: TCP + - name: http-probe + containerPort: 8090 + protocol: TCP + - name: https-probe + containerPort: 9443 + protocol: TCP + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsNonRoot: false + capabilities: + drop: + - all + volumeMounts: + - name: config-volume + mountPath: /tmp/config + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "curl -X POST --unix /tmp/envoy.admin http://localhost/healthcheck/fail; sleep 15"] + readinessProbe: + httpGet: + httpHeaders: + - name: Host + value: internalkourier + path: /ready + port: 8081 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 5 + volumes: + - name: config-volume + configMap: + name: kourier-bootstrap + restartPolicy: Always +--- +apiVersion: v1 +kind: Service +metadata: + name: kourier + namespace: kourier-system + labels: + networking.knative.dev/ingress-provider: kourier + app.kubernetes.io/component: net-kourier + app.kubernetes.io/version: "1.3.0" + app.kubernetes.io/name: knative-serving + serving.knative.dev/release: "v1.3.0" +spec: + ports: + - name: http2 + port: 80 + protocol: TCP + targetPort: 8080 + - name: https + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app: 3scale-kourier-gateway + type: LoadBalancer +--- +apiVersion: v1 +kind: Service +metadata: + name: kourier-internal + namespace: kourier-system + labels: + networking.knative.dev/ingress-provider: kourier + app.kubernetes.io/component: net-kourier + app.kubernetes.io/version: "1.3.0" + app.kubernetes.io/name: knative-serving + serving.knative.dev/release: "v1.3.0" +spec: + ports: + - name: http2 + port: 80 + protocol: TCP + targetPort: 8081 + selector: + app: 3scale-kourier-gateway + type: ClusterIP + +--- diff --git a/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/0-networkpolicy-mesh.yaml b/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/0-networkpolicy-mesh.yaml new file mode 100644 index 0000000000..83d6e409c9 --- /dev/null +++ b/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/0-networkpolicy-mesh.yaml @@ -0,0 +1,63 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: webhook + labels: + app: webhook + serving.knative.dev/release: devel + networking.knative.dev/ingress-provider: istio +spec: + podSelector: + matchLabels: + app: webhook + ingress: + - {} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: net-istio-webhook + labels: + app: net-istio-webhook + serving.knative.dev/release: devel + networking.knative.dev/ingress-provider: istio +spec: + podSelector: + matchLabels: + app: net-istio-webhook + ingress: + - {} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: domainmapping-webhook + labels: + app: domainmapping-webhook + serving.knative.dev/release: devel + networking.knative.dev/ingress-provider: istio +spec: + podSelector: + matchLabels: + app: domainmapping-webhook + ingress: + - {} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-from-openshift-monitoring-ns + namespace: knative-serving + labels: + serving.knative.dev/release: devel + networking.knative.dev/ingress-provider: istio +spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + name: "openshift-monitoring" + podSelector: {} + policyTypes: + - Ingress +--- diff --git a/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/1-200-clusterrole.yaml b/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/1-200-clusterrole.yaml new file mode 100644 index 0000000000..caa4b983b7 --- /dev/null +++ b/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/1-200-clusterrole.yaml @@ -0,0 +1,30 @@ +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + # These are the permissions needed by the Istio Ingress implementation. + name: knative-serving-istio + labels: + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: devel + serving.knative.dev/release: devel + serving.knative.dev/controller: "true" + networking.knative.dev/ingress-provider: istio +rules: + - apiGroups: ["networking.istio.io"] + resources: ["virtualservices", "gateways", "destinationrules"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] diff --git a/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/1-config-network.yaml b/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/1-config-network.yaml new file mode 100644 index 0000000000..47820178d3 --- /dev/null +++ b/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/1-config-network.yaml @@ -0,0 +1,193 @@ +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-network + namespace: knative-serving + labels: + networking.knative.dev/ingress-provider: kourier + app.kubernetes.io/component: kourier + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: networking + app.kubernetes.io/version: devel + serving.knative.dev/release: devel + annotations: + knative.dev/example-checksum: "ddc3250f" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # ingress-class specifies the default ingress class + # to use when not dictated by Route annotation. + # + # If not specified, will use the Istio ingress. + # + # Note that changing the Ingress class of an existing Route + # will result in undefined behavior. Therefore it is best to only + # update this value during the setup of Knative, to avoid getting + # undefined behavior. + ingress-class: "istio.ingress.networking.knative.dev" + + # certificate-class specifies the default Certificate class + # to use when not dictated by Route annotation. + # + # If not specified, will use the Cert-Manager Certificate. + # + # Note that changing the Certificate class of an existing Route + # will result in undefined behavior. Therefore it is best to only + # update this value during the setup of Knative, to avoid getting + # undefined behavior. + certificate-class: "cert-manager.certificate.networking.knative.dev" + + # namespace-wildcard-cert-selector specifies a LabelSelector which + # determines which namespaces should have a wildcard certificate + # provisioned. + # + # Use an empty value to disable the feature (this is the default): + # namespace-wildcard-cert-selector: "" + # + # Use an empty object to enable for all namespaces + # namespace-wildcard-cert-selector: {} + # + # Useful labels include the "kubernetes.io/metadata.name" label to + # avoid provisioning a certifcate for the "kube-system" namespaces. + # Use the following selector to match pre-1.0 behavior of using + # "networking.knative.dev/disableWildcardCert" to exclude namespaces: + # + # matchExpressions: + # - key: "networking.knative.dev/disableWildcardCert" + # operator: "NotIn" + # values: ["true"] + namespace-wildcard-cert-selector: "" + + # domain-template specifies the golang text template string to use + # when constructing the Knative service's DNS name. The default + # value is "{{.Name}}.{{.Namespace}}.{{.Domain}}". + # + # Valid variables defined in the template include Name, Namespace, Domain, + # Labels, and Annotations. Name will be the result of the tagTemplate + # below, if a tag is specified for the route. + # + # Changing this value might be necessary when the extra levels in + # the domain name generated is problematic for wildcard certificates + # that only support a single level of domain name added to the + # certificate's domain. In those cases you might consider using a value + # of "{{.Name}}-{{.Namespace}}.{{.Domain}}", or removing the Namespace + # entirely from the template. When choosing a new value be thoughtful + # of the potential for conflicts - for example, when users choose to use + # characters such as `-` in their service, or namespace, names. + # {{.Annotations}} or {{.Labels}} can be used for any customization in the + # go template if needed. + # We strongly recommend keeping namespace part of the template to avoid + # domain name clashes: + # eg. '{{.Name}}-{{.Namespace}}.{{ index .Annotations "sub"}}.{{.Domain}}' + # and you have an annotation {"sub":"foo"}, then the generated template + # would be {Name}-{Namespace}.foo.{Domain} + domain-template: "{{.Name}}.{{.Namespace}}.{{.Domain}}" + + # tagTemplate specifies the golang text template string to use + # when constructing the DNS name for "tags" within the traffic blocks + # of Routes and Configuration. This is used in conjunction with the + # domainTemplate above to determine the full URL for the tag. + tag-template: "{{.Tag}}-{{.Name}}" + + # Controls whether TLS certificates are automatically provisioned and + # installed in the Knative ingress to terminate external TLS connection. + # 1. Enabled: enabling auto-TLS feature. + # 2. Disabled: disabling auto-TLS feature. + auto-tls: "Disabled" + + # Controls the behavior of the HTTP endpoint for the Knative ingress. + # It requires autoTLS to be enabled. + # 1. Enabled: The Knative ingress will be able to serve HTTP connection. + # 2. Redirected: The Knative ingress will send a 301 redirect for all + # http connections, asking the clients to use HTTPS. + # + # "Disabled" option is deprecated. + http-protocol: "Enabled" + + # rollout-duration contains the minimal duration in seconds over which the + # Configuration traffic targets are rolled out to the newest revision. + rollout-duration: "0" + + # autocreate-cluster-domain-claims controls whether ClusterDomainClaims should + # be automatically created (and deleted) as needed when DomainMappings are + # reconciled. + # + # If this is "false" (the default), the cluster administrator is + # responsible for creating ClusterDomainClaims and delegating them to + # namespaces via their spec.Namespace field. This setting should be used in + # multitenant environments which need to control which namespace can use a + # particular domain name in a domain mapping. + # + # If this is "true", users are able to associate arbitrary names with their + # services via the DomainMapping feature. + autocreate-cluster-domain-claims: "false" + + # If true, networking plugins can add additional information to deployed + # applications to make their pods directly accessible via their IPs even if mesh is + # enabled and thus direct-addressability is usually not possible. + # Consumers like Knative Serving can use this setting to adjust their behavior + # accordingly, i.e. to drop fallback solutions for non-pod-addressable systems. + # + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + enable-mesh-pod-addressability: "false" + + # mesh-compatibility-mode indicates whether consumers of network plugins + # should directly contact Pod IPs (most efficient), or should use the + # Cluster IP (less efficient, needed when mesh is enabled unless + # `enable-mesh-pod-addressability`, above, is set). + # Permitted values are: + # - "auto" (default): automatically determine which mesh mode to use by trying Pod IP and falling back to Cluster IP as needed. + # - "enabled": always use Cluster IP and do not attempt to use Pod IPs. + # - "disabled": always use Pod IPs and do not fall back to Cluster IP on failure. + mesh-compatibility-mode: "auto" + + # Defines the scheme used for external URLs if autoTLS is not enabled. + # This can be used for making Knative report all URLs as "HTTPS" for example, if you're + # fronting Knative with an external loadbalancer that deals with TLS termination and + # Knative doesn't know about that otherwise. + default-external-scheme: "http" + + # The CA public certificate used to sign the activator TLS certificate. + # It is specified by the secret name, which has the "ca.crt" data field. + # Use an empty value to disable the feature (default). + # + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + activator-ca: "" + + # The SAN (Subject Alt Name) used to validate the activator TLS certificate. + # It is available only when "activator-ca" is specified. + # Use an empty value to disable the feature (default). + # + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + activator-san: "" diff --git a/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/2-400-config-istio.yaml b/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/2-400-config-istio.yaml new file mode 100644 index 0000000000..7f1db3386e --- /dev/null +++ b/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/2-400-config-istio.yaml @@ -0,0 +1,78 @@ +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-istio + namespace: knative-serving + labels: + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: devel + serving.knative.dev/release: devel + networking.knative.dev/ingress-provider: istio +data: + # TODO(nghia): Extract the .svc.cluster.local suffix into its own config. + + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # A gateway and Istio service to serve external traffic. + # The configuration format should be + # `gateway.{{gateway_namespace}}.{{gateway_name}}: "{{ingress_name}}.{{ingress_namespace}}.svc.cluster.local"`. + # The {{gateway_namespace}} is optional; when it is omitted, the system will search for + # the gateway in the serving system namespace `knative-serving` + gateway.knative-serving.knative-ingress-gateway: "istio-ingressgateway.istio-system.svc.cluster.local" + + # A cluster local gateway to allow pods outside of the mesh to access + # Services and Routes not exposing through an ingress. If the users + # do have a service mesh setup, this isn't required and can be removed. + # + # An example use case is when users want to use Istio without any + # sidecar injection (like Knative's istio-ci-no-mesh.yaml). Since every pod + # is outside of the service mesh in that case, a cluster-local service + # will need to be exposed to a cluster-local gateway to be accessible. + # The configuration format should be `local-gateway.{{local_gateway_namespace}}. + # {{local_gateway_name}}: "{{cluster_local_gateway_name}}. + # {{cluster_local_gateway_namespace}}.svc.cluster.local"`. The + # {{local_gateway_namespace}} is optional; when it is omitted, the system + # will search for the local gateway in the serving system namespace + # `knative-serving` + local-gateway.knative-serving.knative-local-gateway: "knative-local-gateway.istio-system.svc.cluster.local" + + # DEPRECATED: local-gateway.mesh is deprecated. + # See: https://github.com/knative/serving/issues/11523 + # + # To use only Istio service mesh and no knative-local-gateway, replace + # all local-gateway.* entries by the following entry. + local-gateway.mesh: "mesh" + + # If true, knative will use the Istio VirtualService's status to determine + # endpoint readiness. Otherwise, probe as usual. + # NOTE: This feature is currently experimental and should not be used in production. + enable-virtualservice-status: "false" diff --git a/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/3-500-controller.yaml b/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/3-500-controller.yaml new file mode 100644 index 0000000000..2c59e5e2da --- /dev/null +++ b/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/3-500-controller.yaml @@ -0,0 +1,89 @@ +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: net-istio-controller + namespace: knative-serving + labels: + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: devel + serving.knative.dev/release: devel + networking.knative.dev/ingress-provider: istio +spec: + selector: + matchLabels: + app: net-istio-controller + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + # This must be outside of the mesh to probe the gateways. + # NOTE: this is allowed here and not elsewhere because + # this is the Istio controller, and so it may be Istio-aware. + sidecar.istio.io/inject: "false" + labels: + app: net-istio-controller + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: devel + serving.knative.dev/release: devel + spec: + serviceAccountName: controller + containers: + - name: controller + # This is the Go import path for the binary that is containerized + # and substituted here. + image: TO_BE_REPLACED + + resources: + requests: + cpu: 30m + memory: 40Mi + limits: + cpu: 300m + memory: 400Mi + + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + + # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config + - name: METRICS_DOMAIN + value: knative.dev/net-istio + + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all + + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + +# Unlike other controllers, this doesn't need a Service defined for metrics and +# profiling because it opts out of the mesh (see annotation above). diff --git a/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/4-500-webhook-deployment.yaml b/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/4-500-webhook-deployment.yaml new file mode 100644 index 0000000000..64afedd15f --- /dev/null +++ b/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/4-500-webhook-deployment.yaml @@ -0,0 +1,83 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: net-istio-webhook + namespace: knative-serving + labels: + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: devel + serving.knative.dev/release: devel + networking.knative.dev/ingress-provider: istio +spec: + selector: + matchLabels: + app: net-istio-webhook + role: net-istio-webhook + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app: net-istio-webhook + role: net-istio-webhook + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: devel + serving.knative.dev/release: devel + spec: + serviceAccountName: controller + containers: + - name: webhook + # This is the Go import path for the binary that is containerized + # and substituted here. + image: TO_BE_REPLACED + + resources: + requests: + cpu: 20m + memory: 20Mi + limits: + cpu: 200m + memory: 200Mi + + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + + # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config + - name: METRICS_DOMAIN + value: knative.dev/net-istio + - name: WEBHOOK_NAME + value: net-istio-webhook + + securityContext: + allowPrivilegeEscalation: false + + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: https-webhook + containerPort: 8443 diff --git a/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/5-500-webhook-secret.yaml b/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/5-500-webhook-secret.yaml new file mode 100644 index 0000000000..f5dc30095e --- /dev/null +++ b/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/5-500-webhook-secret.yaml @@ -0,0 +1,25 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: net-istio-webhook-certs + namespace: knative-serving + labels: + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: devel + serving.knative.dev/release: devel + networking.knative.dev/ingress-provider: istio diff --git a/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/6-500-webhook-service.yaml b/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/6-500-webhook-service.yaml new file mode 100644 index 0000000000..26502ff632 --- /dev/null +++ b/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/6-500-webhook-service.yaml @@ -0,0 +1,40 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: net-istio-webhook + namespace: knative-serving + labels: + role: net-istio-webhook + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: devel + serving.knative.dev/release: devel + networking.knative.dev/ingress-provider: istio +spec: + ports: + # Define metrics and profiling for them to be accessible within service meshes. + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + app: net-istio-webhook diff --git a/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/7-600-mutating-webhook.yaml b/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/7-600-mutating-webhook.yaml new file mode 100644 index 0000000000..8db68fd924 --- /dev/null +++ b/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/7-600-mutating-webhook.yaml @@ -0,0 +1,38 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: webhook.istio.networking.internal.knative.dev + labels: + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: devel + serving.knative.dev/release: devel + networking.knative.dev/ingress-provider: istio +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: net-istio-webhook + namespace: knative-serving + failurePolicy: Fail + sideEffects: None + objectSelector: + matchExpressions: + - {key: "serving.knative.dev/configuration", operator: Exists} + name: webhook.istio.networking.internal.knative.dev diff --git a/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/8-600-validating-webhook.yaml b/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/8-600-validating-webhook.yaml new file mode 100644 index 0000000000..df8b7c449f --- /dev/null +++ b/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/8-600-validating-webhook.yaml @@ -0,0 +1,39 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: config.webhook.istio.networking.internal.knative.dev + labels: + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: devel + serving.knative.dev/release: devel + networking.knative.dev/ingress-provider: istio +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: net-istio-webhook + namespace: knative-serving + failurePolicy: Fail + sideEffects: None + name: config.webhook.istio.networking.internal.knative.dev + objectSelector: + matchLabels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: net-istio diff --git a/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.2.0/1-serving-crds.yaml b/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/1-serving-crds.yaml similarity index 99% rename from openshift-knative-operator/cmd/operator/kodata/knative-serving/1.2.0/1-serving-crds.yaml rename to openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/1-serving-crds.yaml index 43efbbd8de..ac3082a7f1 100644 --- a/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.2.0/1-serving-crds.yaml +++ b/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/1-serving-crds.yaml @@ -18,8 +18,8 @@ metadata: name: certificates.networking.internal.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -78,8 +78,8 @@ metadata: name: configurations.serving.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" knative.dev/crd-install: "true" duck.knative.dev/podspecable: "true" spec: @@ -532,10 +532,6 @@ spec: name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string - maxDurationSeconds: - description: MaxDurationSeconds is the maximum duration in seconds a request will be allowed to stay open. - type: integer - format: int64 serviceAccountName: description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' type: string @@ -786,8 +782,8 @@ metadata: name: clusterdomainclaims.networking.internal.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -837,8 +833,8 @@ metadata: name: domainmappings.serving.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" knative.dev/crd-install: "true" spec: group: serving.knative.dev @@ -1108,8 +1104,8 @@ metadata: name: ingresses.networking.internal.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -1169,8 +1165,8 @@ metadata: name: metrics.autoscaling.internal.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" knative.dev/crd-install: "true" spec: group: autoscaling.internal.knative.dev @@ -1293,8 +1289,8 @@ metadata: name: podautoscalers.autoscaling.internal.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" knative.dev/crd-install: "true" spec: group: autoscaling.internal.knative.dev @@ -1454,8 +1450,8 @@ metadata: name: revisions.serving.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" knative.dev/crd-install: "true" spec: group: serving.knative.dev @@ -1887,10 +1883,6 @@ spec: name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string - maxDurationSeconds: - description: MaxDurationSeconds is the maximum duration in seconds a request will be allowed to stay open. - type: integer - format: int64 serviceAccountName: description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' type: string @@ -2170,8 +2162,8 @@ metadata: name: routes.serving.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" spec: @@ -2345,8 +2337,8 @@ metadata: name: serverlessservices.networking.internal.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -2417,8 +2409,8 @@ metadata: name: services.serving.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" duck.knative.dev/podspecable: "true" @@ -2875,10 +2867,6 @@ spec: name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string - maxDurationSeconds: - description: MaxDurationSeconds is the maximum duration in seconds a request will be allowed to stay open. - type: integer - format: int64 serviceAccountName: description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' type: string @@ -3190,7 +3178,7 @@ metadata: name: images.caching.internal.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" + app.kubernetes.io/version: "1.3.0" knative.dev/crd-install: "true" spec: group: caching.internal.knative.dev diff --git a/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.2.0/2-serving-core.yaml b/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/2-serving-core.yaml similarity index 97% rename from openshift-knative-operator/cmd/operator/kodata/knative-serving/1.2.0/2-serving-core.yaml rename to openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/2-serving-core.yaml index fef3b54774..6053e56c0b 100644 --- a/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.2.0/2-serving-core.yaml +++ b/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/2-serving-core.yaml @@ -21,8 +21,8 @@ metadata: # (which should be identical, but isn't guaranteed to be installed alongside serving). name: knative-serving-aggregated-addressable-resolver labels: - serving.knative.dev/release: "v1.2.0" - app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.3.0" app.kubernetes.io/name: knative-serving aggregationRule: clusterRoleSelectors: @@ -34,8 +34,8 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-addressable-resolver labels: - serving.knative.dev/release: "v1.2.0" - app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.3.0" app.kubernetes.io/name: knative-serving # Labeled to facilitate aggregated cluster roles that act on Addressables. duck.knative.dev/addressable: "true" @@ -74,8 +74,8 @@ metadata: name: knative-serving-namespaced-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - serving.knative.dev/release: "v1.2.0" - app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.3.0" app.kubernetes.io/name: knative-serving rules: - apiGroups: ["serving.knative.dev"] @@ -91,8 +91,8 @@ metadata: name: knative-serving-namespaced-edit labels: rbac.authorization.k8s.io/aggregate-to-edit: "true" - serving.knative.dev/release: "v1.2.0" - app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.3.0" app.kubernetes.io/name: knative-serving rules: - apiGroups: ["serving.knative.dev"] @@ -108,8 +108,8 @@ metadata: name: knative-serving-namespaced-view labels: rbac.authorization.k8s.io/aggregate-to-view: "true" - serving.knative.dev/release: "v1.2.0" - app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.3.0" app.kubernetes.io/name: knative-serving rules: - apiGroups: ["serving.knative.dev", "networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] @@ -137,8 +137,8 @@ metadata: name: knative-serving-core labels: serving.knative.dev/controller: "true" - serving.knative.dev/release: "v1.2.0" - app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.3.0" app.kubernetes.io/name: knative-serving rules: - apiGroups: [""] @@ -192,8 +192,8 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-podspecable-binding labels: - serving.knative.dev/release: "v1.2.0" - app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.3.0" app.kubernetes.io/name: knative-serving # Labeled to facilitate aggregated cluster roles that act on PodSpecables. duck.knative.dev/podspecable: "true" @@ -232,8 +232,8 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -241,8 +241,8 @@ metadata: name: knative-serving-admin labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" aggregationRule: clusterRoleSelectors: - matchLabels: @@ -255,8 +255,8 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" subjects: - kind: ServiceAccount name: controller @@ -273,8 +273,8 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" subjects: - kind: ServiceAccount name: controller @@ -305,7 +305,7 @@ metadata: name: images.caching.internal.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" + app.kubernetes.io/version: "1.3.0" knative.dev/crd-install: "true" spec: group: caching.internal.knative.dev @@ -359,8 +359,8 @@ metadata: name: certificates.networking.internal.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -419,8 +419,8 @@ metadata: name: configurations.serving.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" knative.dev/crd-install: "true" duck.knative.dev/podspecable: "true" spec: @@ -873,10 +873,6 @@ spec: name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string - maxDurationSeconds: - description: MaxDurationSeconds is the maximum duration in seconds a request will be allowed to stay open. - type: integer - format: int64 serviceAccountName: description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' type: string @@ -1127,8 +1123,8 @@ metadata: name: clusterdomainclaims.networking.internal.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -1178,8 +1174,8 @@ metadata: name: domainmappings.serving.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" knative.dev/crd-install: "true" spec: group: serving.knative.dev @@ -1449,8 +1445,8 @@ metadata: name: ingresses.networking.internal.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -1510,8 +1506,8 @@ metadata: name: metrics.autoscaling.internal.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" knative.dev/crd-install: "true" spec: group: autoscaling.internal.knative.dev @@ -1634,8 +1630,8 @@ metadata: name: podautoscalers.autoscaling.internal.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" knative.dev/crd-install: "true" spec: group: autoscaling.internal.knative.dev @@ -1795,8 +1791,8 @@ metadata: name: revisions.serving.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" knative.dev/crd-install: "true" spec: group: serving.knative.dev @@ -2228,10 +2224,6 @@ spec: name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string - maxDurationSeconds: - description: MaxDurationSeconds is the maximum duration in seconds a request will be allowed to stay open. - type: integer - format: int64 serviceAccountName: description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' type: string @@ -2511,8 +2503,8 @@ metadata: name: routes.serving.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" spec: @@ -2686,8 +2678,8 @@ metadata: name: serverlessservices.networking.internal.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -2758,8 +2750,8 @@ metadata: name: services.serving.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" duck.knative.dev/podspecable: "true" @@ -3216,10 +3208,6 @@ spec: name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string - maxDurationSeconds: - description: MaxDurationSeconds is the maximum duration in seconds a request will be allowed to stay open. - type: integer - format: int64 serviceAccountName: description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' type: string @@ -3533,8 +3521,8 @@ metadata: labels: app.kubernetes.io/component: queue-proxy app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" spec: # This is the Go import path for the binary that is containerized # and substituted here. @@ -3563,8 +3551,8 @@ metadata: labels: app.kubernetes.io/component: autoscaler app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" annotations: knative.dev/example-checksum: "16af78ce" data: @@ -3775,8 +3763,8 @@ metadata: labels: app.kubernetes.io/name: knative-serving app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" annotations: knative.dev/example-checksum: "a0feb4c6" data: @@ -3919,8 +3907,8 @@ metadata: labels: app.kubernetes.io/name: knative-serving app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" annotations: knative.dev/example-checksum: "dd7ee769" data: @@ -4023,8 +4011,8 @@ metadata: labels: app.kubernetes.io/name: knative-serving app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" annotations: knative.dev/example-checksum: "81552d0b" data: @@ -4089,8 +4077,8 @@ metadata: labels: app.kubernetes.io/name: knative-serving app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" annotations: knative.dev/example-checksum: "d9e300ba" data: @@ -4252,10 +4240,10 @@ metadata: labels: app.kubernetes.io/name: knative-serving app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" annotations: - knative.dev/example-checksum: "51b4d68a" + knative.dev/example-checksum: "45463e45" data: _example: | ################################ @@ -4296,6 +4284,7 @@ data: # # Example config to immediately collect any inactive revision: # min-non-active-revisions: "0" + # max-non-active-revisions: "0" # retain-since-create-time: "disabled" # retain-since-last-active-time: "disabled" # @@ -4353,8 +4342,8 @@ metadata: labels: app.kubernetes.io/name: knative-serving app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" annotations: knative.dev/example-checksum: "f4b71f57" data: @@ -4414,11 +4403,12 @@ metadata: name: config-logging namespace: knative-serving labels: - serving.knative.dev/release: "v1.2.0" - app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.3.0" + app.kubernetes.io/component: logging app.kubernetes.io/name: knative-serving annotations: - knative.dev/example-checksum: "be93ff10" + knative.dev/example-checksum: "b0f3c6f2" data: _example: | ################################ @@ -4471,6 +4461,7 @@ data: loglevel.hpaautoscaler: "info" loglevel.net-certmanager-controller: "info" loglevel.net-istio-controller: "info" + loglevel.net-contour-controller: "info" --- # Copyright 2018 The Knative Authors @@ -4494,10 +4485,11 @@ metadata: namespace: knative-serving labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" annotations: - knative.dev/example-checksum: "6e2033e0" + knative.dev/example-checksum: "ddc3250f" data: _example: | ################################ @@ -4648,6 +4640,22 @@ data: # Knative doesn't know about that otherwise. default-external-scheme: "http" + # The CA public certificate used to sign the activator TLS certificate. + # It is specified by the secret name, which has the "ca.crt" data field. + # Use an empty value to disable the feature (default). + # + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + activator-ca: "" + + # The SAN (Subject Alt Name) used to validate the activator TLS certificate. + # It is available only when "activator-ca" is specified. + # Use an empty value to disable the feature (default). + # + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + activator-san: "" + --- # Copyright 2018 The Knative Authors # @@ -4670,8 +4678,9 @@ metadata: namespace: knative-serving labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/component: observability + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" annotations: knative.dev/example-checksum: "fed4756e" data: @@ -4779,8 +4788,9 @@ metadata: namespace: knative-serving labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/component: tracing + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" annotations: knative.dev/example-checksum: "26614636" data: @@ -4837,8 +4847,8 @@ metadata: labels: app.kubernetes.io/component: activator app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" spec: minReplicas: 1 maxReplicas: 20 @@ -4866,8 +4876,8 @@ metadata: labels: app.kubernetes.io/component: activator app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" spec: minAvailable: 1 selector: @@ -4896,9 +4906,9 @@ metadata: namespace: knative-serving labels: app.kubernetes.io/component: activator - app.kubernetes.io/version: "1.2.0" + app.kubernetes.io/version: "1.3.0" app.kubernetes.io/name: knative-serving - serving.knative.dev/release: "v1.2.0" + serving.knative.dev/release: "v1.3.0" spec: selector: matchLabels: @@ -4913,8 +4923,8 @@ spec: role: activator app.kubernetes.io/component: activator app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" spec: serviceAccountName: controller containers: @@ -4976,13 +4986,15 @@ spec: httpHeaders: - name: k-kubelet-probe value: "activator" - failureThreshold: 12 + periodSeconds: 5 + failureThreshold: 5 livenessProbe: httpGet: port: 8012 httpHeaders: - name: k-kubelet-probe value: "activator" + periodSeconds: 10 failureThreshold: 12 initialDelaySeconds: 15 # The activator (often) sits on the dataplane, and may proxy long (e.g. @@ -5002,9 +5014,9 @@ metadata: labels: app: activator app.kubernetes.io/component: activator - app.kubernetes.io/version: "1.2.0" + app.kubernetes.io/version: "1.3.0" app.kubernetes.io/name: knative-serving - serving.knative.dev/release: "v1.2.0" + serving.knative.dev/release: "v1.3.0" spec: selector: app: activator @@ -5047,13 +5059,17 @@ metadata: labels: app.kubernetes.io/component: autoscaler app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" spec: replicas: 1 selector: matchLabels: app: autoscaler + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 0 template: metadata: annotations: @@ -5062,8 +5078,8 @@ spec: app: autoscaler app.kubernetes.io/component: autoscaler app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" spec: # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: @@ -5143,8 +5159,8 @@ metadata: app: autoscaler app.kubernetes.io/component: autoscaler app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" name: autoscaler namespace: knative-serving spec: @@ -5185,8 +5201,8 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" spec: selector: matchLabels: @@ -5199,8 +5215,8 @@ spec: app: controller app.kubernetes.io/component: controller app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" spec: # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: @@ -5261,8 +5277,8 @@ metadata: app: controller app.kubernetes.io/component: controller app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" name: controller namespace: knative-serving spec: @@ -5300,8 +5316,8 @@ metadata: labels: app.kubernetes.io/component: domain-mapping app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" spec: selector: matchLabels: @@ -5314,8 +5330,8 @@ spec: app: domain-mapping app.kubernetes.io/component: domain-mapping app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" spec: # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: @@ -5388,8 +5404,8 @@ metadata: labels: app.kubernetes.io/component: domain-mapping app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" spec: selector: matchLabels: @@ -5404,8 +5420,8 @@ spec: role: domainmapping-webhook app.kubernetes.io/component: domain-mapping app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" spec: # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: @@ -5491,8 +5507,8 @@ metadata: role: domainmapping-webhook app.kubernetes.io/component: domain-mapping app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" name: domainmapping-webhook namespace: knative-serving spec: @@ -5533,8 +5549,8 @@ metadata: labels: app.kubernetes.io/component: webhook app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" spec: minReplicas: 1 maxReplicas: 5 @@ -5560,8 +5576,8 @@ metadata: labels: app.kubernetes.io/component: webhook app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" spec: minAvailable: 1 selector: @@ -5589,9 +5605,9 @@ metadata: name: webhook namespace: knative-serving labels: - serving.knative.dev/release: "v1.2.0" + serving.knative.dev/release: "v1.3.0" app.kubernetes.io/component: webhook - app.kubernetes.io/version: "1.2.0" + app.kubernetes.io/version: "1.3.0" app.kubernetes.io/name: knative-serving spec: selector: @@ -5605,9 +5621,9 @@ spec: labels: app: webhook role: webhook - serving.knative.dev/release: "v1.2.0" + serving.knative.dev/release: "v1.3.0" app.kubernetes.io/component: webhook - app.kubernetes.io/version: "1.2.0" + app.kubernetes.io/version: "1.3.0" app.kubernetes.io/name: knative-serving spec: # To avoid node becoming SPOF, spread our replicas to different nodes. @@ -5694,9 +5710,9 @@ kind: Service metadata: labels: role: webhook - serving.knative.dev/release: "v1.2.0" + serving.knative.dev/release: "v1.3.0" app.kubernetes.io/component: webhook - app.kubernetes.io/version: "1.2.0" + app.kubernetes.io/version: "1.3.0" app.kubernetes.io/name: knative-serving name: webhook namespace: knative-serving @@ -5737,8 +5753,8 @@ metadata: labels: app.kubernetes.io/component: webhook app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -5748,10 +5764,14 @@ webhooks: failurePolicy: Fail sideEffects: None name: config.webhook.serving.knative.dev - namespaceSelector: + objectSelector: matchExpressions: - - key: serving.knative.dev/release - operator: Exists + - key: app.kubernetes.io/name + operator: In + values: ["knative-serving"] + - key: app.kubernetes.io/component + operator: In + values: ["autoscaler", "controller", "logging", "networking", "observability", "tracing"] timeoutSeconds: 10 --- @@ -5776,8 +5796,8 @@ metadata: labels: app.kubernetes.io/component: webhook app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -5832,8 +5852,8 @@ metadata: labels: app.kubernetes.io/component: domain-mapping app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -5880,8 +5900,8 @@ metadata: labels: app.kubernetes.io/component: domain-mapping app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" # The data is populated at install time. --- @@ -5906,8 +5926,8 @@ metadata: labels: app.kubernetes.io/component: domain-mapping app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -5954,8 +5974,8 @@ metadata: labels: app.kubernetes.io/component: webhook app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -6012,8 +6032,8 @@ metadata: labels: app.kubernetes.io/component: webhook app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" # The data is populated at install time. --- diff --git a/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.2.0/3-serving-hpa.yaml b/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/3-serving-hpa.yaml similarity index 92% rename from openshift-knative-operator/cmd/operator/kodata/knative-serving/1.2.0/3-serving-hpa.yaml rename to openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/3-serving-hpa.yaml index 92bfe3caf2..7c47f91fbe 100644 --- a/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.2.0/3-serving-hpa.yaml +++ b/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/3-serving-hpa.yaml @@ -21,8 +21,8 @@ metadata: autoscaling.knative.dev/autoscaler-provider: hpa app.kubernetes.io/component: autoscaler-hpa app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" spec: selector: matchLabels: @@ -35,8 +35,8 @@ spec: app: autoscaler-hpa app.kubernetes.io/component: autoscaler-hpa app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" spec: # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: @@ -94,8 +94,8 @@ metadata: autoscaling.knative.dev/autoscaler-provider: hpa app.kubernetes.io/component: autoscaler-hpa app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" name: autoscaler-hpa namespace: knative-serving spec: diff --git a/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.2.0/4-serving-post-install-jobs.yaml b/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/4-serving-post-install-jobs.yaml similarity index 91% rename from openshift-knative-operator/cmd/operator/kodata/knative-serving/1.2.0/4-serving-post-install-jobs.yaml rename to openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/4-serving-post-install-jobs.yaml index afcdf9e81f..abd0639d2e 100644 --- a/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.2.0/4-serving-post-install-jobs.yaml +++ b/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/4-serving-post-install-jobs.yaml @@ -1,6 +1,6 @@ --- -# /tmp/tmp.81irKIiyR9/serving-storage-version-migration.yaml +# /tmp/tmp.q9YaFgoyCI/serving-storage-version-migration.yaml # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -24,8 +24,8 @@ metadata: app: storage-version-migration-serving app.kubernetes.io/name: knative-serving app.kubernetes.io/component: storage-version-migration-job - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" spec: ttlSecondsAfterFinished: 600 backoffLimit: 10 @@ -37,7 +37,7 @@ spec: app: storage-version-migration-serving app.kubernetes.io/name: knative-serving app.kubernetes.io/component: storage-version-migration-job - app.kubernetes.io/version: "1.2.0" + app.kubernetes.io/version: "1.3.0" spec: serviceAccountName: controller restartPolicy: OnFailure diff --git a/openshift-knative-operator/hack/001-serving-namespace-deletion.patch b/openshift-knative-operator/hack/001-serving-namespace-deletion.patch index c9777c5bf8..f9e6dcb802 100644 --- a/openshift-knative-operator/hack/001-serving-namespace-deletion.patch +++ b/openshift-knative-operator/hack/001-serving-namespace-deletion.patch @@ -1,7 +1,7 @@ -diff --git a/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.2.0/2-serving-core.yaml b/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.2.0/2-serving-core.yaml +diff --git a/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/2-serving-core.yaml b/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/2-serving-core.yaml index 218a3c7e..4f7af33d 100644 ---- a/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.2.0/2-serving-core.yaml -+++ b/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.2.0/2-serving-core.yaml +--- a/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/2-serving-core.yaml ++++ b/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/2-serving-core.yaml @@ -1,26 +1,3 @@ -# Copyright 2018 The Knative Authors -# @@ -23,8 +23,8 @@ index 218a3c7e..4f7af33d 100644 - name: knative-serving - labels: - app.kubernetes.io/name: knative-serving -- app.kubernetes.io/version: "1.2.0" -- serving.knative.dev/release: "v1.2.0" +- app.kubernetes.io/version: "1.3.0" +- serving.knative.dev/release: "v1.3.0" - --- # Copyright 2019 The Knative Authors diff --git a/openshift-knative-operator/hack/002-openshift-serving-role.patch b/openshift-knative-operator/hack/002-openshift-serving-role.patch index 1705ad151f..d9ca0ebee6 100644 --- a/openshift-knative-operator/hack/002-openshift-serving-role.patch +++ b/openshift-knative-operator/hack/002-openshift-serving-role.patch @@ -1,7 +1,7 @@ -diff --git a/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.2.0/2-serving-core.yaml b/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.2.0/2-serving-core.yaml +diff --git a/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/2-serving-core.yaml b/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/2-serving-core.yaml index 4f7af33d..4a5ce15f 100644 ---- a/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.2.0/2-serving-core.yaml -+++ b/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.2.0/2-serving-core.yaml +--- a/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/2-serving-core.yaml ++++ b/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/2-serving-core.yaml @@ -5935,3 +5935,27 @@ metadata: # The data is populated at install time. diff --git a/openshift-knative-operator/hack/003-serving-pdb.patch b/openshift-knative-operator/hack/003-serving-pdb.patch index d8872b951c..abf165afc2 100644 --- a/openshift-knative-operator/hack/003-serving-pdb.patch +++ b/openshift-knative-operator/hack/003-serving-pdb.patch @@ -1,7 +1,7 @@ -diff --git a/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.2.0/2-serving-core.yaml b/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.2.0/2-serving-core.yaml +diff --git a/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/2-serving-core.yaml b/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/2-serving-core.yaml index dd7a139c..fef3b547 100644 ---- a/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.2.0/2-serving-core.yaml -+++ b/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.2.0/2-serving-core.yaml +--- a/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/2-serving-core.yaml ++++ b/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/2-serving-core.yaml @@ -4858,7 +4858,7 @@ spec: # Activator PDB. Currently we permit unavailability of 20% of tasks at the same time. # Given the subsetting and that the activators are partially stateful systems, we want @@ -12,8 +12,8 @@ index dd7a139c..fef3b547 100644 metadata: name: activator-pdb @@ -4869,7 +4869,7 @@ metadata: - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" spec: - minAvailable: 80% + minAvailable: 1 @@ -30,8 +30,8 @@ index dd7a139c..fef3b547 100644 metadata: name: webhook-pdb @@ -5563,7 +5563,7 @@ metadata: - app.kubernetes.io/version: "1.2.0" - serving.knative.dev/release: "v1.2.0" + app.kubernetes.io/version: "1.3.0" + serving.knative.dev/release: "v1.3.0" spec: - minAvailable: 80% + minAvailable: 1 diff --git a/openshift-knative-operator/hack/007-networkpolicy-mesh.patch b/openshift-knative-operator/hack/007-networkpolicy-mesh.patch index f2f8e376f7..541d431e89 100644 --- a/openshift-knative-operator/hack/007-networkpolicy-mesh.patch +++ b/openshift-knative-operator/hack/007-networkpolicy-mesh.patch @@ -1,8 +1,8 @@ -diff --git a/openshift-knative-operator/cmd/operator/kodata/ingress/1.2/0-networkpolicy-mesh.yaml b/openshift-knative-operator/cmd/operator/kodata/ingress/1.2/0-networkpolicy-mesh.yaml +diff --git a/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/0-networkpolicy-mesh.yaml b/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/0-networkpolicy-mesh.yaml new file mode 100644 index 00000000..3d46fbed --- /dev/null -+++ b/openshift-knative-operator/cmd/operator/kodata/ingress/1.2/0-networkpolicy-mesh.yaml ++++ b/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/0-networkpolicy-mesh.yaml @@ -0,0 +1,63 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy diff --git a/openshift-knative-operator/hack/008-kourier-rollout.patch b/openshift-knative-operator/hack/008-kourier-rollout.patch index 8fb3ae8a84..9ab7536ca2 100644 --- a/openshift-knative-operator/hack/008-kourier-rollout.patch +++ b/openshift-knative-operator/hack/008-kourier-rollout.patch @@ -1,10 +1,10 @@ -diff --git a/openshift-knative-operator/cmd/operator/kodata/ingress/1.2/0-kourier.yaml b/openshift-knative-operator/cmd/operator/kodata/ingress/1.2/0-kourier.yaml +diff --git a/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/0-kourier.yaml b/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/0-kourier.yaml index 7eb03ed2..019d4d18 100644 ---- a/openshift-knative-operator/cmd/operator/kodata/ingress/1.2/0-kourier.yaml -+++ b/openshift-knative-operator/cmd/operator/kodata/ingress/1.2/0-kourier.yaml +--- a/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/0-kourier.yaml ++++ b/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/0-kourier.yaml @@ -260,6 +260,11 @@ metadata: app.kubernetes.io/name: knative-serving - serving.knative.dev/release: "v1.2.0" + serving.knative.dev/release: "v1.3.0" spec: + strategy: + type: RollingUpdate diff --git a/openshift/ci-operator/source-image/Dockerfile b/openshift/ci-operator/source-image/Dockerfile index d774556ed9..d258b17c9b 100644 --- a/openshift/ci-operator/source-image/Dockerfile +++ b/openshift/ci-operator/source-image/Dockerfile @@ -1,7 +1,7 @@ FROM src COPY oc /usr/bin/oc -COPY --from=registry.ci.openshift.org/openshift/knative-v1.2.0:knative-serving-src /go/src/knative.dev/serving/ /go/src/knative.dev/serving/ +COPY --from=registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-src /go/src/knative.dev/serving/ /go/src/knative.dev/serving/ COPY --from=registry.ci.openshift.org/openshift/knative-v1.2.1:knative-eventing-src /go/src/knative.dev/eventing/ /go/src/knative.dev/eventing/ COPY --from=registry.ci.openshift.org/openshift/knative-v1.1.0:knative-eventing-kafka-src /go/src/knative.dev/eventing-kafka/ /go/src/knative.dev/eventing-kafka/ COPY --from=registry.ci.openshift.org/openshift/knative-v1.2.3:knative-eventing-kafka-broker-src /go/src/knative.dev/eventing-kafka-broker/ /go/src/knative.dev/eventing-kafka-broker/