From 88c31b325359eefc6e76f26ec87fee4278d4da5f Mon Sep 17 00:00:00 2001 From: Stavros Kontopoulos Date: Fri, 22 Jul 2022 18:07:40 +0300 Subject: [PATCH 1/3] bump Serving manifests to 1.4.0 --- olm-catalog/serverless-operator/project.yaml | 8 +- .../kodata/ingress/1.4/0-kourier.yaml | 505 ++++++++++++++++++ .../ingress/1.4/0-networkpolicy-mesh.yaml | 63 +++ .../kodata/ingress/1.4/1-200-clusterrole.yaml | 29 + .../kodata/ingress/1.4/1-config-network.yaml | 224 ++++++++ .../ingress/1.4/2-400-config-istio.yaml | 77 +++ .../kodata/ingress/1.4/3-500-controller.yaml | 87 +++ .../ingress/1.4/4-500-webhook-deployment.yaml | 81 +++ .../ingress/1.4/5-500-webhook-secret.yaml | 24 + .../ingress/1.4/6-500-webhook-service.yaml | 39 ++ .../ingress/1.4/7-600-mutating-webhook.yaml | 37 ++ .../ingress/1.4/8-600-validating-webhook.yaml | 38 ++ .../{1.3.0 => 1.4.0}/1-serving-crds.yaml | 83 ++- .../{1.3.0 => 1.4.0}/2-serving-core.yaml | 292 +++++----- .../{1.3.0 => 1.4.0}/3-serving-hpa.yaml | 9 +- .../4-serving-post-install-jobs.yaml | 7 +- .../hack/007-networkpolicy-mesh.patch | 4 +- .../hack/008-kourier-rollout.patch | 14 +- 18 files changed, 1396 insertions(+), 225 deletions(-) create mode 100644 openshift-knative-operator/cmd/operator/kodata/ingress/1.4/0-kourier.yaml create mode 100644 openshift-knative-operator/cmd/operator/kodata/ingress/1.4/0-networkpolicy-mesh.yaml create mode 100644 openshift-knative-operator/cmd/operator/kodata/ingress/1.4/1-200-clusterrole.yaml create mode 100644 openshift-knative-operator/cmd/operator/kodata/ingress/1.4/1-config-network.yaml create mode 100644 openshift-knative-operator/cmd/operator/kodata/ingress/1.4/2-400-config-istio.yaml create mode 100644 openshift-knative-operator/cmd/operator/kodata/ingress/1.4/3-500-controller.yaml create mode 100644 openshift-knative-operator/cmd/operator/kodata/ingress/1.4/4-500-webhook-deployment.yaml create mode 100644 openshift-knative-operator/cmd/operator/kodata/ingress/1.4/5-500-webhook-secret.yaml create mode 100644 openshift-knative-operator/cmd/operator/kodata/ingress/1.4/6-500-webhook-service.yaml create mode 100644 openshift-knative-operator/cmd/operator/kodata/ingress/1.4/7-600-mutating-webhook.yaml create mode 100644 openshift-knative-operator/cmd/operator/kodata/ingress/1.4/8-600-validating-webhook.yaml rename openshift-knative-operator/cmd/operator/kodata/knative-serving/{1.3.0 => 1.4.0}/1-serving-crds.yaml (98%) rename openshift-knative-operator/cmd/operator/kodata/knative-serving/{1.3.0 => 1.4.0}/2-serving-core.yaml (97%) rename openshift-knative-operator/cmd/operator/kodata/knative-serving/{1.3.0 => 1.4.0}/3-serving-hpa.yaml (92%) rename openshift-knative-operator/cmd/operator/kodata/knative-serving/{1.3.0 => 1.4.0}/4-serving-post-install-jobs.yaml (91%) diff --git a/olm-catalog/serverless-operator/project.yaml b/olm-catalog/serverless-operator/project.yaml index cd65c3e0c0..8d2b7ecea4 100644 --- a/olm-catalog/serverless-operator/project.yaml +++ b/olm-catalog/serverless-operator/project.yaml @@ -23,13 +23,13 @@ requirements: label: 'v4.6' dependencies: - serving: 1.3.0 + serving: 1.4.0 # serving midstream branch name - serving_artifacts_branch: release-v1.3 + serving_artifacts_branch: release-v1.4 # versions for networking components - kourier: 1.3.0 - net_istio: 1.3.0 + kourier: 1.4.0 + net_istio: 1.4.0 maistra: 2.1.0 eventing: 1.3.2 diff --git a/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/0-kourier.yaml b/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/0-kourier.yaml new file mode 100644 index 0000000000..6363adea84 --- /dev/null +++ b/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/0-kourier.yaml @@ -0,0 +1,505 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Namespace +metadata: + name: kourier-system + labels: + networking.knative.dev/ingress-provider: kourier + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: net-kourier + app.kubernetes.io/version: "1.4.0" + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: kourier-bootstrap + namespace: kourier-system + labels: + networking.knative.dev/ingress-provider: kourier + app.kubernetes.io/component: net-kourier + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-serving +data: + envoy-bootstrap.yaml: | + dynamic_resources: + ads_config: + transport_api_version: V3 + api_type: GRPC + rate_limit_settings: {} + grpc_services: + - envoy_grpc: {cluster_name: xds_cluster} + cds_config: + resource_api_version: V3 + ads: {} + lds_config: + resource_api_version: V3 + ads: {} + node: + cluster: kourier-knative + id: 3scale-kourier-gateway + static_resources: + listeners: + - name: stats_listener + address: + socket_address: + address: 0.0.0.0 + port_value: 9000 + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: stats_server + http_filters: + - name: envoy.filters.http.router + route_config: + virtual_hosts: + - name: admin_interface + domains: + - "*" + routes: + - match: + safe_regex: + google_re2: {} + regex: '/(certs|stats(/prometheus)?|server_info|clusters|listeners|ready)?' + headers: + - name: ':method' + exact_match: GET + route: + cluster: service_stats + clusters: + - name: service_stats + connect_timeout: 0.250s + type: static + load_assignment: + cluster_name: service_stats + endpoints: + lb_endpoints: + endpoint: + address: + pipe: + path: /tmp/envoy.admin + - name: xds_cluster + connect_timeout: 1s + type: strict_dns + load_assignment: + cluster_name: xds_cluster + endpoints: + lb_endpoints: + endpoint: + address: + socket_address: + address: "net-kourier-controller" + port_value: 18000 + http2_protocol_options: {} + type: STRICT_DNS + admin: + access_log_path: "/dev/stdout" + address: + pipe: + path: /tmp/envoy.admin + +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-kourier + namespace: knative-serving + labels: + networking.knative.dev/ingress-provider: kourier + app.kubernetes.io/component: net-kourier + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-serving +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # Specifies whether requests reaching the Kourier gateway + # in the context of services should be logged. Readiness + # probes etc. must be configured via the bootstrap config. + enable-service-access-logging: "true" + + # Specifies whether to use proxy-protocol in order to safely + # transport connection information such as a client's address + # across multiple layers of TCP proxies. + # NOTE THAT THIS IS AN EXPERIMENTAL / ALPHA FEATURE + enable-proxy-protocol: "false" + + # The server certificates to serve the internal TLS traffic for Kourier Gateway. + # It is specified by the secret name in controller namespace, which has + # the "tls.crt" and "tls.key" data field. + # Use an empty value to disable the feature (default). + # + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + cluster-cert-secret: "" + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: net-kourier + namespace: knative-serving + labels: + networking.knative.dev/ingress-provider: kourier + app.kubernetes.io/component: net-kourier + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-serving +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: net-kourier + namespace: knative-serving + labels: + networking.knative.dev/ingress-provider: kourier + app.kubernetes.io/component: net-kourier + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-serving +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "update", "patch"] + - apiGroups: [""] + resources: ["pods", "endpoints", "services", "secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["networking.internal.knative.dev"] + resources: ["ingresses"] + verbs: ["get", "list", "watch", "patch"] + - apiGroups: ["networking.internal.knative.dev"] + resources: ["ingresses/status"] + verbs: ["update"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: net-kourier + labels: + networking.knative.dev/ingress-provider: kourier + app.kubernetes.io/component: net-kourier + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-serving +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: net-kourier +subjects: + - kind: ServiceAccount + name: net-kourier + namespace: knative-serving + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: net-kourier-controller + namespace: knative-serving + labels: + networking.knative.dev/ingress-provider: kourier + app.kubernetes.io/component: net-kourier + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-serving +spec: + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 0 + maxSurge: 100% + replicas: 1 + selector: + matchLabels: + app: net-kourier-controller + template: + metadata: + labels: + app: net-kourier-controller + spec: + containers: + - image: TO_BE_REPLACED + name: controller + env: + - name: CERTS_SECRET_NAMESPACE + value: "" + - name: CERTS_SECRET_NAME + value: "" + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: METRICS_DOMAIN + value: "knative.dev/samples" + - name: KOURIER_GATEWAY_NAMESPACE + value: "kourier-system" + ports: + - name: http2-xds + containerPort: 18000 + protocol: TCP + readinessProbe: + exec: + command: ["/ko-app/kourier", "-probe-addr=:18000"] + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all + restartPolicy: Always + serviceAccountName: net-kourier +--- +apiVersion: v1 +kind: Service +metadata: + name: net-kourier-controller + namespace: knative-serving + labels: + networking.knative.dev/ingress-provider: kourier + app.kubernetes.io/component: net-kourier + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-serving +spec: + ports: + - name: grpc-xds + port: 18000 + protocol: TCP + targetPort: 18000 + selector: + app: net-kourier-controller + type: ClusterIP + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: 3scale-kourier-gateway + namespace: kourier-system + labels: + networking.knative.dev/ingress-provider: kourier + app.kubernetes.io/component: net-kourier + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-serving +spec: + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 0 + maxSurge: 100% + selector: + matchLabels: + app: 3scale-kourier-gateway + template: + metadata: + labels: + app: 3scale-kourier-gateway + annotations: + # v0.26 supports envoy v3 API, so + # adding this label to restart pod. + networking.knative.dev/poke: "v0.26" + spec: + containers: + - args: + - --base-id 1 + - -c /tmp/config/envoy-bootstrap.yaml + - --log-level info + command: + - /usr/local/bin/envoy + image: TO_BE_REPLACED + name: kourier-gateway + ports: + - name: http2-external + containerPort: 8080 + protocol: TCP + - name: http2-internal + containerPort: 8081 + protocol: TCP + - name: https-external + containerPort: 8443 + protocol: TCP + - name: http-probe + containerPort: 8090 + protocol: TCP + - name: https-probe + containerPort: 9443 + protocol: TCP + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsNonRoot: false + capabilities: + drop: + - all + volumeMounts: + - name: config-volume + mountPath: /tmp/config + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "curl -X POST --unix /tmp/envoy.admin http://localhost/healthcheck/fail; sleep 15"] + readinessProbe: + httpGet: + httpHeaders: + - name: Host + value: internalkourier + path: /ready + port: 8081 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 5 + volumes: + - name: config-volume + configMap: + name: kourier-bootstrap + restartPolicy: Always +--- +apiVersion: v1 +kind: Service +metadata: + name: kourier + namespace: kourier-system + labels: + networking.knative.dev/ingress-provider: kourier + app.kubernetes.io/component: net-kourier + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-serving +spec: + ports: + - name: http2 + port: 80 + protocol: TCP + targetPort: 8080 + - name: https + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app: 3scale-kourier-gateway + type: LoadBalancer +--- +apiVersion: v1 +kind: Service +metadata: + name: kourier-internal + namespace: kourier-system + labels: + networking.knative.dev/ingress-provider: kourier + app.kubernetes.io/component: net-kourier + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-serving +spec: + ports: + - name: http2 + port: 80 + protocol: TCP + targetPort: 8081 + - name: https + port: 443 + protocol: TCP + targetPort: 8444 + selector: + app: 3scale-kourier-gateway + type: ClusterIP + +--- diff --git a/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/0-networkpolicy-mesh.yaml b/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/0-networkpolicy-mesh.yaml new file mode 100644 index 0000000000..83d6e409c9 --- /dev/null +++ b/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/0-networkpolicy-mesh.yaml @@ -0,0 +1,63 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: webhook + labels: + app: webhook + serving.knative.dev/release: devel + networking.knative.dev/ingress-provider: istio +spec: + podSelector: + matchLabels: + app: webhook + ingress: + - {} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: net-istio-webhook + labels: + app: net-istio-webhook + serving.knative.dev/release: devel + networking.knative.dev/ingress-provider: istio +spec: + podSelector: + matchLabels: + app: net-istio-webhook + ingress: + - {} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: domainmapping-webhook + labels: + app: domainmapping-webhook + serving.knative.dev/release: devel + networking.knative.dev/ingress-provider: istio +spec: + podSelector: + matchLabels: + app: domainmapping-webhook + ingress: + - {} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-from-openshift-monitoring-ns + namespace: knative-serving + labels: + serving.knative.dev/release: devel + networking.knative.dev/ingress-provider: istio +spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + name: "openshift-monitoring" + podSelector: {} + policyTypes: + - Ingress +--- diff --git a/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/1-200-clusterrole.yaml b/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/1-200-clusterrole.yaml new file mode 100644 index 0000000000..c5a7d8cade --- /dev/null +++ b/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/1-200-clusterrole.yaml @@ -0,0 +1,29 @@ +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + # These are the permissions needed by the Istio Ingress implementation. + name: knative-serving-istio + labels: + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: devel + serving.knative.dev/controller: "true" + networking.knative.dev/ingress-provider: istio +rules: + - apiGroups: ["networking.istio.io"] + resources: ["virtualservices", "gateways", "destinationrules"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] diff --git a/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/1-config-network.yaml b/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/1-config-network.yaml new file mode 100644 index 0000000000..405d34566f --- /dev/null +++ b/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/1-config-network.yaml @@ -0,0 +1,224 @@ +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-network + namespace: knative-serving + labels: + networking.knative.dev/ingress-provider: kourier + app.kubernetes.io/component: kourier + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: networking + app.kubernetes.io/version: devel + annotations: + knative.dev/example-checksum: "d0b91f80" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # ingress-class specifies the default ingress class + # to use when not dictated by Route annotation. + # + # If not specified, will use the Istio ingress. + # + # Note that changing the Ingress class of an existing Route + # will result in undefined behavior. Therefore it is best to only + # update this value during the setup of Knative, to avoid getting + # undefined behavior. + ingress-class: "istio.ingress.networking.knative.dev" + + # certificate-class specifies the default Certificate class + # to use when not dictated by Route annotation. + # + # If not specified, will use the Cert-Manager Certificate. + # + # Note that changing the Certificate class of an existing Route + # will result in undefined behavior. Therefore it is best to only + # update this value during the setup of Knative, to avoid getting + # undefined behavior. + certificate-class: "cert-manager.certificate.networking.knative.dev" + + # namespace-wildcard-cert-selector specifies a LabelSelector which + # determines which namespaces should have a wildcard certificate + # provisioned. + # + # Use an empty value to disable the feature (this is the default): + # namespace-wildcard-cert-selector: "" + # + # Use an empty object to enable for all namespaces + # namespace-wildcard-cert-selector: {} + # + # Useful labels include the "kubernetes.io/metadata.name" label to + # avoid provisioning a certifcate for the "kube-system" namespaces. + # Use the following selector to match pre-1.0 behavior of using + # "networking.knative.dev/disableWildcardCert" to exclude namespaces: + # + # matchExpressions: + # - key: "networking.knative.dev/disableWildcardCert" + # operator: "NotIn" + # values: ["true"] + namespace-wildcard-cert-selector: "" + + # domain-template specifies the golang text template string to use + # when constructing the Knative service's DNS name. The default + # value is "{{.Name}}.{{.Namespace}}.{{.Domain}}". + # + # Valid variables defined in the template include Name, Namespace, Domain, + # Labels, and Annotations. Name will be the result of the tagTemplate + # below, if a tag is specified for the route. + # + # Changing this value might be necessary when the extra levels in + # the domain name generated is problematic for wildcard certificates + # that only support a single level of domain name added to the + # certificate's domain. In those cases you might consider using a value + # of "{{.Name}}-{{.Namespace}}.{{.Domain}}", or removing the Namespace + # entirely from the template. When choosing a new value be thoughtful + # of the potential for conflicts - for example, when users choose to use + # characters such as `-` in their service, or namespace, names. + # {{.Annotations}} or {{.Labels}} can be used for any customization in the + # go template if needed. + # We strongly recommend keeping namespace part of the template to avoid + # domain name clashes: + # eg. '{{.Name}}-{{.Namespace}}.{{ index .Annotations "sub"}}.{{.Domain}}' + # and you have an annotation {"sub":"foo"}, then the generated template + # would be {Name}-{Namespace}.foo.{Domain} + domain-template: "{{.Name}}.{{.Namespace}}.{{.Domain}}" + + # tagTemplate specifies the golang text template string to use + # when constructing the DNS name for "tags" within the traffic blocks + # of Routes and Configuration. This is used in conjunction with the + # domainTemplate above to determine the full URL for the tag. + tag-template: "{{.Tag}}-{{.Name}}" + + # Controls whether TLS certificates are automatically provisioned and + # installed in the Knative ingress to terminate external TLS connection. + # 1. Enabled: enabling auto-TLS feature. + # 2. Disabled: disabling auto-TLS feature. + auto-tls: "Disabled" + + # Controls the behavior of the HTTP endpoint for the Knative ingress. + # It requires autoTLS to be enabled. + # 1. Enabled: The Knative ingress will be able to serve HTTP connection. + # 2. Redirected: The Knative ingress will send a 301 redirect for all + # http connections, asking the clients to use HTTPS. + # + # "Disabled" option is deprecated. + http-protocol: "Enabled" + + # rollout-duration contains the minimal duration in seconds over which the + # Configuration traffic targets are rolled out to the newest revision. + rollout-duration: "0" + + # autocreate-cluster-domain-claims controls whether ClusterDomainClaims should + # be automatically created (and deleted) as needed when DomainMappings are + # reconciled. + # + # If this is "false" (the default), the cluster administrator is + # responsible for creating ClusterDomainClaims and delegating them to + # namespaces via their spec.Namespace field. This setting should be used in + # multitenant environments which need to control which namespace can use a + # particular domain name in a domain mapping. + # + # If this is "true", users are able to associate arbitrary names with their + # services via the DomainMapping feature. + autocreate-cluster-domain-claims: "false" + + # If true, networking plugins can add additional information to deployed + # applications to make their pods directly accessible via their IPs even if mesh is + # enabled and thus direct-addressability is usually not possible. + # Consumers like Knative Serving can use this setting to adjust their behavior + # accordingly, i.e. to drop fallback solutions for non-pod-addressable systems. + # + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + enable-mesh-pod-addressability: "false" + + # mesh-compatibility-mode indicates whether consumers of network plugins + # should directly contact Pod IPs (most efficient), or should use the + # Cluster IP (less efficient, needed when mesh is enabled unless + # `enable-mesh-pod-addressability`, above, is set). + # Permitted values are: + # - "auto" (default): automatically determine which mesh mode to use by trying Pod IP and falling back to Cluster IP as needed. + # - "enabled": always use Cluster IP and do not attempt to use Pod IPs. + # - "disabled": always use Pod IPs and do not fall back to Cluster IP on failure. + mesh-compatibility-mode: "auto" + + # Defines the scheme used for external URLs if autoTLS is not enabled. + # This can be used for making Knative report all URLs as "HTTPS" for example, if you're + # fronting Knative with an external loadbalancer that deals with TLS termination and + # Knative doesn't know about that otherwise. + default-external-scheme: "http" + + # The CA public certificate used to sign the activator TLS certificate. + # It is specified by the secret name, which has the "ca.crt" data field. + # Use an empty value to disable the feature (default). + # + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + activator-ca: "" + + # The SAN (Subject Alt Name) used to validate the activator TLS certificate. + # It must be set when "activator-ca" is specified. + # Use an empty value to disable the feature (default). + # + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + activator-san: "" + + # The server certificates to serve the TLS traffic from ingress to activator. + # It is specified by the secret name, which has the "tls.crt" and "tls.key" data field. + # Use an empty value to disable the feature (default). + # + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + activator-cert-secret: "" + + # The CA public certificate used to sign the queue-proxy TLS certificate. + # It is specified by the secret name, which has the "ca.crt" data field. + # Use an empty value to disable the feature (default). + # + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + queue-proxy-ca: "" + + # The SAN (Subject Alt Name) used to validate the activator TLS certificate. + # It must be set when "queue-proxy-ca" is specified. + # Use an empty value to disable the feature (default). + # + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + queue-proxy-san: "" + + # The server certificates to serve the TLS traffic from activator to queue-proxy. + # It is specified by the secret name, which has the "tls.crt" and "tls.key" data field. + # Use an empty value to disable the feature (default). + # + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + queue-proxy-cert-secret: "" diff --git a/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/2-400-config-istio.yaml b/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/2-400-config-istio.yaml new file mode 100644 index 0000000000..27f68fe944 --- /dev/null +++ b/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/2-400-config-istio.yaml @@ -0,0 +1,77 @@ +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-istio + namespace: knative-serving + labels: + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: devel + networking.knative.dev/ingress-provider: istio +data: + # TODO(nghia): Extract the .svc.cluster.local suffix into its own config. + + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # A gateway and Istio service to serve external traffic. + # The configuration format should be + # `gateway.{{gateway_namespace}}.{{gateway_name}}: "{{ingress_name}}.{{ingress_namespace}}.svc.cluster.local"`. + # The {{gateway_namespace}} is optional; when it is omitted, the system will search for + # the gateway in the serving system namespace `knative-serving` + gateway.knative-serving.knative-ingress-gateway: "istio-ingressgateway.istio-system.svc.cluster.local" + + # A cluster local gateway to allow pods outside of the mesh to access + # Services and Routes not exposing through an ingress. If the users + # do have a service mesh setup, this isn't required and can be removed. + # + # An example use case is when users want to use Istio without any + # sidecar injection (like Knative's istio-ci-no-mesh.yaml). Since every pod + # is outside of the service mesh in that case, a cluster-local service + # will need to be exposed to a cluster-local gateway to be accessible. + # The configuration format should be `local-gateway.{{local_gateway_namespace}}. + # {{local_gateway_name}}: "{{cluster_local_gateway_name}}. + # {{cluster_local_gateway_namespace}}.svc.cluster.local"`. The + # {{local_gateway_namespace}} is optional; when it is omitted, the system + # will search for the local gateway in the serving system namespace + # `knative-serving` + local-gateway.knative-serving.knative-local-gateway: "knative-local-gateway.istio-system.svc.cluster.local" + + # DEPRECATED: local-gateway.mesh is deprecated. + # See: https://github.com/knative/serving/issues/11523 + # + # To use only Istio service mesh and no knative-local-gateway, replace + # all local-gateway.* entries by the following entry. + local-gateway.mesh: "mesh" + + # If true, knative will use the Istio VirtualService's status to determine + # endpoint readiness. Otherwise, probe as usual. + # NOTE: This feature is currently experimental and should not be used in production. + enable-virtualservice-status: "false" diff --git a/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/3-500-controller.yaml b/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/3-500-controller.yaml new file mode 100644 index 0000000000..f8ef8f7ce8 --- /dev/null +++ b/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/3-500-controller.yaml @@ -0,0 +1,87 @@ +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: net-istio-controller + namespace: knative-serving + labels: + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: devel + networking.knative.dev/ingress-provider: istio +spec: + selector: + matchLabels: + app: net-istio-controller + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + # This must be outside of the mesh to probe the gateways. + # NOTE: this is allowed here and not elsewhere because + # this is the Istio controller, and so it may be Istio-aware. + sidecar.istio.io/inject: "false" + labels: + app: net-istio-controller + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: devel + spec: + serviceAccountName: controller + containers: + - name: controller + # This is the Go import path for the binary that is containerized + # and substituted here. + image: TO_BE_REPLACED + + resources: + requests: + cpu: 30m + memory: 40Mi + limits: + cpu: 300m + memory: 400Mi + + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + + # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config + - name: METRICS_DOMAIN + value: knative.dev/net-istio + + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all + + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + +# Unlike other controllers, this doesn't need a Service defined for metrics and +# profiling because it opts out of the mesh (see annotation above). diff --git a/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/4-500-webhook-deployment.yaml b/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/4-500-webhook-deployment.yaml new file mode 100644 index 0000000000..14fdace32a --- /dev/null +++ b/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/4-500-webhook-deployment.yaml @@ -0,0 +1,81 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: net-istio-webhook + namespace: knative-serving + labels: + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: devel + networking.knative.dev/ingress-provider: istio +spec: + selector: + matchLabels: + app: net-istio-webhook + role: net-istio-webhook + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app: net-istio-webhook + role: net-istio-webhook + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: devel + spec: + serviceAccountName: controller + containers: + - name: webhook + # This is the Go import path for the binary that is containerized + # and substituted here. + image: TO_BE_REPLACED + + resources: + requests: + cpu: 20m + memory: 20Mi + limits: + cpu: 200m + memory: 200Mi + + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + + # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config + - name: METRICS_DOMAIN + value: knative.dev/net-istio + - name: WEBHOOK_NAME + value: net-istio-webhook + + securityContext: + allowPrivilegeEscalation: false + + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: https-webhook + containerPort: 8443 diff --git a/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/5-500-webhook-secret.yaml b/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/5-500-webhook-secret.yaml new file mode 100644 index 0000000000..3689a6c5bf --- /dev/null +++ b/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/5-500-webhook-secret.yaml @@ -0,0 +1,24 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: net-istio-webhook-certs + namespace: knative-serving + labels: + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: devel + networking.knative.dev/ingress-provider: istio diff --git a/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/6-500-webhook-service.yaml b/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/6-500-webhook-service.yaml new file mode 100644 index 0000000000..5dc58549a1 --- /dev/null +++ b/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/6-500-webhook-service.yaml @@ -0,0 +1,39 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: net-istio-webhook + namespace: knative-serving + labels: + role: net-istio-webhook + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: devel + networking.knative.dev/ingress-provider: istio +spec: + ports: + # Define metrics and profiling for them to be accessible within service meshes. + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + app: net-istio-webhook diff --git a/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/7-600-mutating-webhook.yaml b/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/7-600-mutating-webhook.yaml new file mode 100644 index 0000000000..498dd97782 --- /dev/null +++ b/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/7-600-mutating-webhook.yaml @@ -0,0 +1,37 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: webhook.istio.networking.internal.knative.dev + labels: + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: devel + networking.knative.dev/ingress-provider: istio +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: net-istio-webhook + namespace: knative-serving + failurePolicy: Fail + sideEffects: None + objectSelector: + matchExpressions: + - {key: "serving.knative.dev/configuration", operator: Exists} + name: webhook.istio.networking.internal.knative.dev diff --git a/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/8-600-validating-webhook.yaml b/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/8-600-validating-webhook.yaml new file mode 100644 index 0000000000..aa7d18b25d --- /dev/null +++ b/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/8-600-validating-webhook.yaml @@ -0,0 +1,38 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: config.webhook.istio.networking.internal.knative.dev + labels: + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: devel + networking.knative.dev/ingress-provider: istio +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: net-istio-webhook + namespace: knative-serving + failurePolicy: Fail + sideEffects: None + name: config.webhook.istio.networking.internal.knative.dev + objectSelector: + matchLabels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: net-istio diff --git a/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/1-serving-crds.yaml b/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.4.0/1-serving-crds.yaml similarity index 98% rename from openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/1-serving-crds.yaml rename to openshift-knative-operator/cmd/operator/kodata/knative-serving/1.4.0/1-serving-crds.yaml index ac3082a7f1..24ae8a0426 100644 --- a/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/1-serving-crds.yaml +++ b/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.4.0/1-serving-crds.yaml @@ -18,8 +18,8 @@ metadata: name: certificates.networking.internal.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.4.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -78,8 +78,7 @@ metadata: name: configurations.serving.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" knative.dev/crd-install: "true" duck.knative.dev/podspecable: "true" spec: @@ -277,7 +276,7 @@ spec: type: object properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: Exec specifies the action to take. type: object properties: command: @@ -332,7 +331,7 @@ spec: type: integer format: int32 tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving a TCP port. type: object properties: host: @@ -376,7 +375,7 @@ spec: type: object properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: Exec specifies the action to take. type: object properties: command: @@ -431,7 +430,7 @@ spec: type: integer format: int32 tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving a TCP port. type: object properties: host: @@ -469,7 +468,7 @@ spec: type: object properties: capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. type: object properties: drop: @@ -480,10 +479,10 @@ spec: type: string x-kubernetes-preserve-unknown-fields: true readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. + description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. type: boolean runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. type: integer format: int64 x-kubernetes-preserve-unknown-fields: true @@ -782,8 +781,8 @@ metadata: name: clusterdomainclaims.networking.internal.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.4.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -833,8 +832,7 @@ metadata: name: domainmappings.serving.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" knative.dev/crd-install: "true" spec: group: serving.knative.dev @@ -1104,8 +1102,8 @@ metadata: name: ingresses.networking.internal.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.4.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -1165,8 +1163,7 @@ metadata: name: metrics.autoscaling.internal.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" knative.dev/crd-install: "true" spec: group: autoscaling.internal.knative.dev @@ -1289,8 +1286,7 @@ metadata: name: podautoscalers.autoscaling.internal.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" knative.dev/crd-install: "true" spec: group: autoscaling.internal.knative.dev @@ -1450,8 +1446,7 @@ metadata: name: revisions.serving.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" knative.dev/crd-install: "true" spec: group: serving.knative.dev @@ -1628,7 +1623,7 @@ spec: type: object properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: Exec specifies the action to take. type: object properties: command: @@ -1683,7 +1678,7 @@ spec: type: integer format: int32 tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving a TCP port. type: object properties: host: @@ -1727,7 +1722,7 @@ spec: type: object properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: Exec specifies the action to take. type: object properties: command: @@ -1782,7 +1777,7 @@ spec: type: integer format: int32 tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving a TCP port. type: object properties: host: @@ -1820,7 +1815,7 @@ spec: type: object properties: capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. type: object properties: drop: @@ -1831,10 +1826,10 @@ spec: type: string x-kubernetes-preserve-unknown-fields: true readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. + description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. type: boolean runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. type: integer format: int64 x-kubernetes-preserve-unknown-fields: true @@ -2162,8 +2157,7 @@ metadata: name: routes.serving.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" spec: @@ -2337,8 +2331,8 @@ metadata: name: serverlessservices.networking.internal.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.4.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -2409,8 +2403,7 @@ metadata: name: services.serving.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" duck.knative.dev/podspecable: "true" @@ -2612,7 +2605,7 @@ spec: type: object properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: Exec specifies the action to take. type: object properties: command: @@ -2667,7 +2660,7 @@ spec: type: integer format: int32 tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving a TCP port. type: object properties: host: @@ -2711,7 +2704,7 @@ spec: type: object properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: Exec specifies the action to take. type: object properties: command: @@ -2766,7 +2759,7 @@ spec: type: integer format: int32 tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving a TCP port. type: object properties: host: @@ -2804,7 +2797,7 @@ spec: type: object properties: capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. type: object properties: drop: @@ -2815,10 +2808,10 @@ spec: type: string x-kubernetes-preserve-unknown-fields: true readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. + description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. type: boolean runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. type: integer format: int64 x-kubernetes-preserve-unknown-fields: true @@ -3178,7 +3171,7 @@ metadata: name: images.caching.internal.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" + app.kubernetes.io/version: "1.4.0" knative.dev/crd-install: "true" spec: group: caching.internal.knative.dev @@ -3189,8 +3182,6 @@ spec: categories: - knative-internal - caching - shortNames: - - img scope: Namespaced versions: - name: v1alpha1 diff --git a/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/2-serving-core.yaml b/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.4.0/2-serving-core.yaml similarity index 97% rename from openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/2-serving-core.yaml rename to openshift-knative-operator/cmd/operator/kodata/knative-serving/1.4.0/2-serving-core.yaml index 6053e56c0b..f2317d932e 100644 --- a/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/2-serving-core.yaml +++ b/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.4.0/2-serving-core.yaml @@ -21,8 +21,7 @@ metadata: # (which should be identical, but isn't guaranteed to be installed alongside serving). name: knative-serving-aggregated-addressable-resolver labels: - serving.knative.dev/release: "v1.3.0" - app.kubernetes.io/version: "1.3.0" + app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-serving aggregationRule: clusterRoleSelectors: @@ -34,8 +33,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-addressable-resolver labels: - serving.knative.dev/release: "v1.3.0" - app.kubernetes.io/version: "1.3.0" + app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-serving # Labeled to facilitate aggregated cluster roles that act on Addressables. duck.knative.dev/addressable: "true" @@ -74,8 +72,7 @@ metadata: name: knative-serving-namespaced-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - serving.knative.dev/release: "v1.3.0" - app.kubernetes.io/version: "1.3.0" + app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-serving rules: - apiGroups: ["serving.knative.dev"] @@ -91,8 +88,7 @@ metadata: name: knative-serving-namespaced-edit labels: rbac.authorization.k8s.io/aggregate-to-edit: "true" - serving.knative.dev/release: "v1.3.0" - app.kubernetes.io/version: "1.3.0" + app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-serving rules: - apiGroups: ["serving.knative.dev"] @@ -108,8 +104,7 @@ metadata: name: knative-serving-namespaced-view labels: rbac.authorization.k8s.io/aggregate-to-view: "true" - serving.knative.dev/release: "v1.3.0" - app.kubernetes.io/version: "1.3.0" + app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-serving rules: - apiGroups: ["serving.knative.dev", "networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] @@ -137,8 +132,7 @@ metadata: name: knative-serving-core labels: serving.knative.dev/controller: "true" - serving.knative.dev/release: "v1.3.0" - app.kubernetes.io/version: "1.3.0" + app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-serving rules: - apiGroups: [""] @@ -192,8 +186,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-podspecable-binding labels: - serving.knative.dev/release: "v1.3.0" - app.kubernetes.io/version: "1.3.0" + app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-serving # Labeled to facilitate aggregated cluster roles that act on PodSpecables. duck.knative.dev/podspecable: "true" @@ -232,8 +225,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -241,8 +233,7 @@ metadata: name: knative-serving-admin labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" aggregationRule: clusterRoleSelectors: - matchLabels: @@ -255,8 +246,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" subjects: - kind: ServiceAccount name: controller @@ -273,8 +263,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" subjects: - kind: ServiceAccount name: controller @@ -305,7 +294,7 @@ metadata: name: images.caching.internal.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" + app.kubernetes.io/version: "1.4.0" knative.dev/crd-install: "true" spec: group: caching.internal.knative.dev @@ -316,8 +305,6 @@ spec: categories: - knative-internal - caching - shortNames: - - img scope: Namespaced versions: - name: v1alpha1 @@ -359,8 +346,8 @@ metadata: name: certificates.networking.internal.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.4.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -419,8 +406,7 @@ metadata: name: configurations.serving.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" knative.dev/crd-install: "true" duck.knative.dev/podspecable: "true" spec: @@ -618,7 +604,7 @@ spec: type: object properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: Exec specifies the action to take. type: object properties: command: @@ -673,7 +659,7 @@ spec: type: integer format: int32 tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving a TCP port. type: object properties: host: @@ -717,7 +703,7 @@ spec: type: object properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: Exec specifies the action to take. type: object properties: command: @@ -772,7 +758,7 @@ spec: type: integer format: int32 tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving a TCP port. type: object properties: host: @@ -810,7 +796,7 @@ spec: type: object properties: capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. type: object properties: drop: @@ -821,10 +807,10 @@ spec: type: string x-kubernetes-preserve-unknown-fields: true readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. + description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. type: boolean runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. type: integer format: int64 x-kubernetes-preserve-unknown-fields: true @@ -1123,8 +1109,8 @@ metadata: name: clusterdomainclaims.networking.internal.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.4.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -1174,8 +1160,7 @@ metadata: name: domainmappings.serving.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" knative.dev/crd-install: "true" spec: group: serving.knative.dev @@ -1445,8 +1430,8 @@ metadata: name: ingresses.networking.internal.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.4.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -1506,8 +1491,7 @@ metadata: name: metrics.autoscaling.internal.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" knative.dev/crd-install: "true" spec: group: autoscaling.internal.knative.dev @@ -1630,8 +1614,7 @@ metadata: name: podautoscalers.autoscaling.internal.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" knative.dev/crd-install: "true" spec: group: autoscaling.internal.knative.dev @@ -1791,8 +1774,7 @@ metadata: name: revisions.serving.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" knative.dev/crd-install: "true" spec: group: serving.knative.dev @@ -1969,7 +1951,7 @@ spec: type: object properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: Exec specifies the action to take. type: object properties: command: @@ -2024,7 +2006,7 @@ spec: type: integer format: int32 tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving a TCP port. type: object properties: host: @@ -2068,7 +2050,7 @@ spec: type: object properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: Exec specifies the action to take. type: object properties: command: @@ -2123,7 +2105,7 @@ spec: type: integer format: int32 tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving a TCP port. type: object properties: host: @@ -2161,7 +2143,7 @@ spec: type: object properties: capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. type: object properties: drop: @@ -2172,10 +2154,10 @@ spec: type: string x-kubernetes-preserve-unknown-fields: true readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. + description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. type: boolean runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. type: integer format: int64 x-kubernetes-preserve-unknown-fields: true @@ -2503,8 +2485,7 @@ metadata: name: routes.serving.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" spec: @@ -2678,8 +2659,8 @@ metadata: name: serverlessservices.networking.internal.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.4.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -2750,8 +2731,7 @@ metadata: name: services.serving.knative.dev labels: app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" duck.knative.dev/podspecable: "true" @@ -2953,7 +2933,7 @@ spec: type: object properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: Exec specifies the action to take. type: object properties: command: @@ -3008,7 +2988,7 @@ spec: type: integer format: int32 tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving a TCP port. type: object properties: host: @@ -3052,7 +3032,7 @@ spec: type: object properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: Exec specifies the action to take. type: object properties: command: @@ -3107,7 +3087,7 @@ spec: type: integer format: int32 tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving a TCP port. type: object properties: host: @@ -3145,7 +3125,7 @@ spec: type: object properties: capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. type: object properties: drop: @@ -3156,10 +3136,10 @@ spec: type: string x-kubernetes-preserve-unknown-fields: true readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. + description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. type: boolean runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. type: integer format: int64 x-kubernetes-preserve-unknown-fields: true @@ -3521,8 +3501,7 @@ metadata: labels: app.kubernetes.io/component: queue-proxy app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" spec: # This is the Go import path for the binary that is containerized # and substituted here. @@ -3551,10 +3530,9 @@ metadata: labels: app.kubernetes.io/component: autoscaler app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" annotations: - knative.dev/example-checksum: "16af78ce" + knative.dev/example-checksum: "47c2487f" data: _example: | ################################ @@ -3629,7 +3607,7 @@ data: # -1 denotes unlimited target-burst-capacity and activator will always # be in the request path. # Other negative values are invalid. - target-burst-capacity: "200" + target-burst-capacity: "211" # When operating in a stable mode, the autoscaler operates on the # average concurrency over the stable window. @@ -3763,8 +3741,7 @@ metadata: labels: app.kubernetes.io/name: knative-serving app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" annotations: knative.dev/example-checksum: "a0feb4c6" data: @@ -3907,8 +3884,7 @@ metadata: labels: app.kubernetes.io/name: knative-serving app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" annotations: knative.dev/example-checksum: "dd7ee769" data: @@ -4011,8 +3987,7 @@ metadata: labels: app.kubernetes.io/name: knative-serving app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" annotations: knative.dev/example-checksum: "81552d0b" data: @@ -4077,10 +4052,9 @@ metadata: labels: app.kubernetes.io/name: knative-serving app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" annotations: - knative.dev/example-checksum: "d9e300ba" + knative.dev/example-checksum: "e1c6e542" data: _example: |- ################################ @@ -4110,6 +4084,12 @@ data: # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-node-affinity kubernetes.podspec-affinity: "disabled" + # Indicates whether Kubernetes topologySpreadConstraints support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-topology-spread-constraints + kubernetes.podspec-topologyspreadconstraints: "disabled" + # Indicates whether Kubernetes hostAliases support is enabled # # WARNING: Cannot safely be disabled once enabled. @@ -4240,8 +4220,7 @@ metadata: labels: app.kubernetes.io/name: knative-serving app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" annotations: knative.dev/example-checksum: "45463e45" data: @@ -4342,8 +4321,7 @@ metadata: labels: app.kubernetes.io/name: knative-serving app.kubernetes.io/component: controller - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" annotations: knative.dev/example-checksum: "f4b71f57" data: @@ -4403,8 +4381,7 @@ metadata: name: config-logging namespace: knative-serving labels: - serving.knative.dev/release: "v1.3.0" - app.kubernetes.io/version: "1.3.0" + app.kubernetes.io/version: "1.4.0" app.kubernetes.io/component: logging app.kubernetes.io/name: knative-serving annotations: @@ -4486,10 +4463,9 @@ metadata: labels: app.kubernetes.io/name: knative-serving app.kubernetes.io/component: networking - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" annotations: - knative.dev/example-checksum: "ddc3250f" + knative.dev/example-checksum: "d0b91f80" data: _example: | ################################ @@ -4649,13 +4625,45 @@ data: activator-ca: "" # The SAN (Subject Alt Name) used to validate the activator TLS certificate. - # It is available only when "activator-ca" is specified. + # It must be set when "activator-ca" is specified. # Use an empty value to disable the feature (default). # # NOTE: This flag is in an alpha state and is mostly here to enable internal testing # for now. Use with caution. activator-san: "" + # The server certificates to serve the TLS traffic from ingress to activator. + # It is specified by the secret name, which has the "tls.crt" and "tls.key" data field. + # Use an empty value to disable the feature (default). + # + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + activator-cert-secret: "" + + # The CA public certificate used to sign the queue-proxy TLS certificate. + # It is specified by the secret name, which has the "ca.crt" data field. + # Use an empty value to disable the feature (default). + # + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + queue-proxy-ca: "" + + # The SAN (Subject Alt Name) used to validate the activator TLS certificate. + # It must be set when "queue-proxy-ca" is specified. + # Use an empty value to disable the feature (default). + # + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + queue-proxy-san: "" + + # The server certificates to serve the TLS traffic from activator to queue-proxy. + # It is specified by the secret name, which has the "tls.crt" and "tls.key" data field. + # Use an empty value to disable the feature (default). + # + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + queue-proxy-cert-secret: "" + --- # Copyright 2018 The Knative Authors # @@ -4679,8 +4687,7 @@ metadata: labels: app.kubernetes.io/name: knative-serving app.kubernetes.io/component: observability - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" annotations: knative.dev/example-checksum: "fed4756e" data: @@ -4789,8 +4796,7 @@ metadata: labels: app.kubernetes.io/name: knative-serving app.kubernetes.io/component: tracing - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" annotations: knative.dev/example-checksum: "26614636" data: @@ -4847,8 +4853,7 @@ metadata: labels: app.kubernetes.io/component: activator app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" spec: minReplicas: 1 maxReplicas: 20 @@ -4868,7 +4873,7 @@ spec: # Activator PDB. Currently we permit unavailability of 20% of tasks at the same time. # Given the subsetting and that the activators are partially stateful systems, we want # a slow rollout of the new versions and slow migration during node upgrades. -apiVersion: policy/v1beta1 +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: activator-pdb @@ -4876,8 +4881,7 @@ metadata: labels: app.kubernetes.io/component: activator app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" spec: minAvailable: 1 selector: @@ -4906,9 +4910,8 @@ metadata: namespace: knative-serving labels: app.kubernetes.io/component: activator - app.kubernetes.io/version: "1.3.0" + app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-serving - serving.knative.dev/release: "v1.3.0" spec: selector: matchLabels: @@ -4923,8 +4926,7 @@ spec: role: activator app.kubernetes.io/component: activator app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" spec: serviceAccountName: controller containers: @@ -5014,9 +5016,8 @@ metadata: labels: app: activator app.kubernetes.io/component: activator - app.kubernetes.io/version: "1.3.0" + app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-serving - serving.knative.dev/release: "v1.3.0" spec: selector: app: activator @@ -5034,6 +5035,9 @@ spec: - name: http2 port: 81 targetPort: 8013 + - name: https + port: 443 + targetPort: 8112 type: ClusterIP --- @@ -5059,8 +5063,7 @@ metadata: labels: app.kubernetes.io/component: autoscaler app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" spec: replicas: 1 selector: @@ -5078,8 +5081,7 @@ spec: app: autoscaler app.kubernetes.io/component: autoscaler app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" spec: # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: @@ -5159,8 +5161,7 @@ metadata: app: autoscaler app.kubernetes.io/component: autoscaler app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" name: autoscaler namespace: knative-serving spec: @@ -5201,8 +5202,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" spec: selector: matchLabels: @@ -5215,8 +5215,7 @@ spec: app: controller app.kubernetes.io/component: controller app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" spec: # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: @@ -5277,8 +5276,7 @@ metadata: app: controller app.kubernetes.io/component: controller app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" name: controller namespace: knative-serving spec: @@ -5316,8 +5314,7 @@ metadata: labels: app.kubernetes.io/component: domain-mapping app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" spec: selector: matchLabels: @@ -5330,8 +5327,7 @@ spec: app: domain-mapping app.kubernetes.io/component: domain-mapping app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" spec: # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: @@ -5404,8 +5400,7 @@ metadata: labels: app.kubernetes.io/component: domain-mapping app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" spec: selector: matchLabels: @@ -5420,8 +5415,7 @@ spec: role: domainmapping-webhook app.kubernetes.io/component: domain-mapping app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" spec: # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: @@ -5507,8 +5501,7 @@ metadata: role: domainmapping-webhook app.kubernetes.io/component: domain-mapping app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" name: domainmapping-webhook namespace: knative-serving spec: @@ -5549,8 +5542,7 @@ metadata: labels: app.kubernetes.io/component: webhook app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" spec: minReplicas: 1 maxReplicas: 5 @@ -5568,7 +5560,7 @@ spec: averageUtilization: 100 --- # Webhook PDB. -apiVersion: policy/v1beta1 +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: webhook-pdb @@ -5576,8 +5568,7 @@ metadata: labels: app.kubernetes.io/component: webhook app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" spec: minAvailable: 1 selector: @@ -5605,9 +5596,8 @@ metadata: name: webhook namespace: knative-serving labels: - serving.knative.dev/release: "v1.3.0" app.kubernetes.io/component: webhook - app.kubernetes.io/version: "1.3.0" + app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-serving spec: selector: @@ -5621,9 +5611,7 @@ spec: labels: app: webhook role: webhook - serving.knative.dev/release: "v1.3.0" - app.kubernetes.io/component: webhook - app.kubernetes.io/version: "1.3.0" + app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-serving spec: # To avoid node becoming SPOF, spread our replicas to different nodes. @@ -5710,9 +5698,8 @@ kind: Service metadata: labels: role: webhook - serving.knative.dev/release: "v1.3.0" app.kubernetes.io/component: webhook - app.kubernetes.io/version: "1.3.0" + app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-serving name: webhook namespace: knative-serving @@ -5753,8 +5740,7 @@ metadata: labels: app.kubernetes.io/component: webhook app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -5796,8 +5782,7 @@ metadata: labels: app.kubernetes.io/component: webhook app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -5852,8 +5837,7 @@ metadata: labels: app.kubernetes.io/component: domain-mapping app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -5900,8 +5884,7 @@ metadata: labels: app.kubernetes.io/component: domain-mapping app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" # The data is populated at install time. --- @@ -5926,8 +5909,7 @@ metadata: labels: app.kubernetes.io/component: domain-mapping app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -5974,8 +5956,7 @@ metadata: labels: app.kubernetes.io/component: webhook app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -6032,8 +6013,7 @@ metadata: labels: app.kubernetes.io/component: webhook app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" # The data is populated at install time. --- diff --git a/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/3-serving-hpa.yaml b/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.4.0/3-serving-hpa.yaml similarity index 92% rename from openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/3-serving-hpa.yaml rename to openshift-knative-operator/cmd/operator/kodata/knative-serving/1.4.0/3-serving-hpa.yaml index 7c47f91fbe..17528d6cb4 100644 --- a/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/3-serving-hpa.yaml +++ b/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.4.0/3-serving-hpa.yaml @@ -21,8 +21,7 @@ metadata: autoscaling.knative.dev/autoscaler-provider: hpa app.kubernetes.io/component: autoscaler-hpa app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" spec: selector: matchLabels: @@ -35,8 +34,7 @@ spec: app: autoscaler-hpa app.kubernetes.io/component: autoscaler-hpa app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" spec: # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: @@ -94,8 +92,7 @@ metadata: autoscaling.knative.dev/autoscaler-provider: hpa app.kubernetes.io/component: autoscaler-hpa app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" name: autoscaler-hpa namespace: knative-serving spec: diff --git a/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/4-serving-post-install-jobs.yaml b/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.4.0/4-serving-post-install-jobs.yaml similarity index 91% rename from openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/4-serving-post-install-jobs.yaml rename to openshift-knative-operator/cmd/operator/kodata/knative-serving/1.4.0/4-serving-post-install-jobs.yaml index abd0639d2e..2c0f2f3898 100644 --- a/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.3.0/4-serving-post-install-jobs.yaml +++ b/openshift-knative-operator/cmd/operator/kodata/knative-serving/1.4.0/4-serving-post-install-jobs.yaml @@ -1,6 +1,6 @@ --- -# /tmp/tmp.q9YaFgoyCI/serving-storage-version-migration.yaml +# /tmp/tmp.6gY9AuLX8o/serving-storage-version-migration.yaml # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -24,8 +24,7 @@ metadata: app: storage-version-migration-serving app.kubernetes.io/name: knative-serving app.kubernetes.io/component: storage-version-migration-job - app.kubernetes.io/version: "1.3.0" - serving.knative.dev/release: "v1.3.0" + app.kubernetes.io/version: "1.4.0" spec: ttlSecondsAfterFinished: 600 backoffLimit: 10 @@ -37,7 +36,7 @@ spec: app: storage-version-migration-serving app.kubernetes.io/name: knative-serving app.kubernetes.io/component: storage-version-migration-job - app.kubernetes.io/version: "1.3.0" + app.kubernetes.io/version: "1.4.0" spec: serviceAccountName: controller restartPolicy: OnFailure diff --git a/openshift-knative-operator/hack/007-networkpolicy-mesh.patch b/openshift-knative-operator/hack/007-networkpolicy-mesh.patch index 541d431e89..71b613baff 100644 --- a/openshift-knative-operator/hack/007-networkpolicy-mesh.patch +++ b/openshift-knative-operator/hack/007-networkpolicy-mesh.patch @@ -1,8 +1,8 @@ -diff --git a/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/0-networkpolicy-mesh.yaml b/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/0-networkpolicy-mesh.yaml +diff --git a/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/0-networkpolicy-mesh.yaml b/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/0-networkpolicy-mesh.yaml new file mode 100644 index 00000000..3d46fbed --- /dev/null -+++ b/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/0-networkpolicy-mesh.yaml ++++ b/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/0-networkpolicy-mesh.yaml @@ -0,0 +1,63 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy diff --git a/openshift-knative-operator/hack/008-kourier-rollout.patch b/openshift-knative-operator/hack/008-kourier-rollout.patch index 9ab7536ca2..2829e34b4c 100644 --- a/openshift-knative-operator/hack/008-kourier-rollout.patch +++ b/openshift-knative-operator/hack/008-kourier-rollout.patch @@ -1,10 +1,10 @@ -diff --git a/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/0-kourier.yaml b/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/0-kourier.yaml -index 7eb03ed2..019d4d18 100644 ---- a/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/0-kourier.yaml -+++ b/openshift-knative-operator/cmd/operator/kodata/ingress/1.3/0-kourier.yaml -@@ -260,6 +260,11 @@ metadata: +diff --git a/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/0-kourier.yaml b/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/0-kourier.yaml +index bed67fc8..6363adea 100644 +--- a/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/0-kourier.yaml ++++ b/openshift-knative-operator/cmd/operator/kodata/ingress/1.4/0-kourier.yaml +@@ -289,6 +289,11 @@ metadata: + app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-serving - serving.knative.dev/release: "v1.3.0" spec: + strategy: + type: RollingUpdate @@ -14,7 +14,7 @@ index 7eb03ed2..019d4d18 100644 replicas: 1 selector: matchLabels: -@@ -348,7 +353,7 @@ spec: +@@ -381,7 +386,7 @@ spec: type: RollingUpdate rollingUpdate: maxUnavailable: 0 From 0f86e3fcdf2c6aaafad4c96597239a465de697b7 Mon Sep 17 00:00:00 2001 From: Stavros Kontopoulos Date: Fri, 22 Jul 2022 18:24:36 +0300 Subject: [PATCH 2/3] bump images to 1.4.0 --- ...erless-operator.clusterserviceversion.yaml | 84 +++++++++---------- openshift/ci-operator/source-image/Dockerfile | 2 +- 2 files changed, 43 insertions(+), 43 deletions(-) diff --git a/olm-catalog/serverless-operator/manifests/serverless-operator.clusterserviceversion.yaml b/olm-catalog/serverless-operator/manifests/serverless-operator.clusterserviceversion.yaml index cbccf74818..a7c4ace448 100644 --- a/olm-catalog/serverless-operator/manifests/serverless-operator.clusterserviceversion.yaml +++ b/olm-catalog/serverless-operator/manifests/serverless-operator.clusterserviceversion.yaml @@ -429,33 +429,33 @@ spec: - name: SERVICE_MONITOR_RBAC_MANIFEST_PATH value: "/var/run/ko/monitoring/rbac-proxy.yaml" - name: "IMAGE_queue-proxy" - value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-queue" + value: "registry.ci.openshift.org/openshift/knative-v1.4.0:knative-serving-queue" - name: "IMAGE_activator" - value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-activator" + value: "registry.ci.openshift.org/openshift/knative-v1.4.0:knative-serving-activator" - name: "IMAGE_autoscaler" - value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-autoscaler" + value: "registry.ci.openshift.org/openshift/knative-v1.4.0:knative-serving-autoscaler" - name: "IMAGE_autoscaler-hpa" - value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-autoscaler-hpa" + value: "registry.ci.openshift.org/openshift/knative-v1.4.0:knative-serving-autoscaler-hpa" - name: "IMAGE_controller__controller" - value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-controller" + value: "registry.ci.openshift.org/openshift/knative-v1.4.0:knative-serving-controller" - name: "IMAGE_webhook__webhook" - value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-webhook" + value: "registry.ci.openshift.org/openshift/knative-v1.4.0:knative-serving-webhook" - name: "IMAGE_domain-mapping" - value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-domain-mapping" + value: "registry.ci.openshift.org/openshift/knative-v1.4.0:knative-serving-domain-mapping" - name: "IMAGE_domainmapping-webhook" - value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-domain-mapping-webhook" - - name: "IMAGE_storage-version-migration-serving-serving-1.3.0__migrate" - value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-storage-version-migration" + value: "registry.ci.openshift.org/openshift/knative-v1.4.0:knative-serving-domain-mapping-webhook" + - name: "IMAGE_storage-version-migration-serving-serving-1.4.0__migrate" + value: "registry.ci.openshift.org/openshift/knative-v1.4.0:knative-serving-storage-version-migration" - name: "IMAGE_kourier-gateway" value: "quay.io/maistra/proxyv2-ubi8:2.1.0" - name: "IMAGE_kourier-control" - value: "registry.ci.openshift.org/openshift/knative-v1.3.0:kourier" + value: "registry.ci.openshift.org/openshift/knative-v1.4.0:kourier" - name: "IMAGE_net-kourier-controller__controller" - value: "registry.ci.openshift.org/openshift/knative-v1.3.0:kourier" + value: "registry.ci.openshift.org/openshift/knative-v1.4.0:kourier" - name: "IMAGE_net-istio-controller__controller" - value: "registry.ci.openshift.org/openshift/knative-v1.3.0:net-istio-controller" + value: "registry.ci.openshift.org/openshift/knative-v1.4.0:net-istio-controller" - name: "IMAGE_net-istio-webhook__webhook" - value: "registry.ci.openshift.org/openshift/knative-v1.3.0:net-istio-webhook" + value: "registry.ci.openshift.org/openshift/knative-v1.4.0:net-istio-webhook" - name: "IMAGE_eventing-controller__eventing-controller" value: "registry.ci.openshift.org/openshift/knative-v1.3.2:knative-eventing-controller" - name: "IMAGE_sugar-controller__controller" @@ -574,33 +574,33 @@ spec: - name: SOURCES_GENERATE_SERVICE_MONITORS value: "true" - name: "IMAGE_queue-proxy" - value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-queue" + value: "registry.ci.openshift.org/openshift/knative-v1.4.0:knative-serving-queue" - name: "IMAGE_activator" - value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-activator" + value: "registry.ci.openshift.org/openshift/knative-v1.4.0:knative-serving-activator" - name: "IMAGE_autoscaler" - value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-autoscaler" + value: "registry.ci.openshift.org/openshift/knative-v1.4.0:knative-serving-autoscaler" - name: "IMAGE_autoscaler-hpa" - value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-autoscaler-hpa" + value: "registry.ci.openshift.org/openshift/knative-v1.4.0:knative-serving-autoscaler-hpa" - name: "IMAGE_controller__controller" - value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-controller" + value: "registry.ci.openshift.org/openshift/knative-v1.4.0:knative-serving-controller" - name: "IMAGE_webhook__webhook" - value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-webhook" + value: "registry.ci.openshift.org/openshift/knative-v1.4.0:knative-serving-webhook" - name: "IMAGE_domain-mapping" - value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-domain-mapping" + value: "registry.ci.openshift.org/openshift/knative-v1.4.0:knative-serving-domain-mapping" - name: "IMAGE_domainmapping-webhook" - value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-domain-mapping-webhook" - - name: "IMAGE_storage-version-migration-serving-serving-1.3.0__migrate" - value: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-storage-version-migration" + value: "registry.ci.openshift.org/openshift/knative-v1.4.0:knative-serving-domain-mapping-webhook" + - name: "IMAGE_storage-version-migration-serving-serving-1.4.0__migrate" + value: "registry.ci.openshift.org/openshift/knative-v1.4.0:knative-serving-storage-version-migration" - name: "IMAGE_kourier-gateway" value: "quay.io/maistra/proxyv2-ubi8:2.1.0" - name: "IMAGE_kourier-control" - value: "registry.ci.openshift.org/openshift/knative-v1.3.0:kourier" + value: "registry.ci.openshift.org/openshift/knative-v1.4.0:kourier" - name: "IMAGE_net-kourier-controller__controller" - value: "registry.ci.openshift.org/openshift/knative-v1.3.0:kourier" + value: "registry.ci.openshift.org/openshift/knative-v1.4.0:kourier" - name: "IMAGE_net-istio-controller__controller" - value: "registry.ci.openshift.org/openshift/knative-v1.3.0:net-istio-controller" + value: "registry.ci.openshift.org/openshift/knative-v1.4.0:net-istio-controller" - name: "IMAGE_net-istio-webhook__webhook" - value: "registry.ci.openshift.org/openshift/knative-v1.3.0:net-istio-webhook" + value: "registry.ci.openshift.org/openshift/knative-v1.4.0:net-istio-webhook" - name: "IMAGE_eventing-controller__eventing-controller" value: "registry.ci.openshift.org/openshift/knative-v1.3.2:knative-eventing-controller" - name: "IMAGE_sugar-controller__controller" @@ -813,33 +813,33 @@ spec: # This reference will be replaced in local builds and CI via hack/lib/catalogsource.bash. image: registry.ci.openshift.org/knative/openshift-serverless-nightly:knative-openshift-ingress - name: "IMAGE_queue-proxy" - image: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-queue" + image: "registry.ci.openshift.org/openshift/knative-v1.4.0:knative-serving-queue" - name: "IMAGE_activator" - image: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-activator" + image: "registry.ci.openshift.org/openshift/knative-v1.4.0:knative-serving-activator" - name: "IMAGE_autoscaler" - image: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-autoscaler" + image: "registry.ci.openshift.org/openshift/knative-v1.4.0:knative-serving-autoscaler" - name: "IMAGE_autoscaler-hpa" - image: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-autoscaler-hpa" + image: "registry.ci.openshift.org/openshift/knative-v1.4.0:knative-serving-autoscaler-hpa" - name: "IMAGE_controller__controller" - image: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-controller" + image: "registry.ci.openshift.org/openshift/knative-v1.4.0:knative-serving-controller" - name: "IMAGE_webhook__webhook" - image: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-webhook" + image: "registry.ci.openshift.org/openshift/knative-v1.4.0:knative-serving-webhook" - name: "IMAGE_domain-mapping" - image: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-domain-mapping" + image: "registry.ci.openshift.org/openshift/knative-v1.4.0:knative-serving-domain-mapping" - name: "IMAGE_domainmapping-webhook" - image: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-domain-mapping-webhook" - - name: "IMAGE_storage-version-migration-serving-serving-1.3.0__migrate" - image: "registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-storage-version-migration" + image: "registry.ci.openshift.org/openshift/knative-v1.4.0:knative-serving-domain-mapping-webhook" + - name: "IMAGE_storage-version-migration-serving-serving-1.4.0__migrate" + image: "registry.ci.openshift.org/openshift/knative-v1.4.0:knative-serving-storage-version-migration" - name: "IMAGE_kourier-gateway" image: "quay.io/maistra/proxyv2-ubi8:2.1.0" - name: "IMAGE_kourier-control" - image: "registry.ci.openshift.org/openshift/knative-v1.3.0:kourier" + image: "registry.ci.openshift.org/openshift/knative-v1.4.0:kourier" - name: "IMAGE_net-kourier-controller__controller" - image: "registry.ci.openshift.org/openshift/knative-v1.3.0:kourier" + image: "registry.ci.openshift.org/openshift/knative-v1.4.0:kourier" - name: "IMAGE_net-istio-controller__controller" - image: "registry.ci.openshift.org/openshift/knative-v1.3.0:net-istio-controller" + image: "registry.ci.openshift.org/openshift/knative-v1.4.0:net-istio-controller" - name: "IMAGE_net-istio-webhook__webhook" - image: "registry.ci.openshift.org/openshift/knative-v1.3.0:net-istio-webhook" + image: "registry.ci.openshift.org/openshift/knative-v1.4.0:net-istio-webhook" - name: "IMAGE_eventing-controller__eventing-controller" image: "registry.ci.openshift.org/openshift/knative-v1.3.2:knative-eventing-controller" - name: "IMAGE_sugar-controller__controller" diff --git a/openshift/ci-operator/source-image/Dockerfile b/openshift/ci-operator/source-image/Dockerfile index 2ad17a6e1c..3aad2febd0 100644 --- a/openshift/ci-operator/source-image/Dockerfile +++ b/openshift/ci-operator/source-image/Dockerfile @@ -1,7 +1,7 @@ FROM src COPY oc /usr/bin/oc -COPY --from=registry.ci.openshift.org/openshift/knative-v1.3.0:knative-serving-src /go/src/knative.dev/serving/ /go/src/knative.dev/serving/ +COPY --from=registry.ci.openshift.org/openshift/knative-v1.4.0:knative-serving-src /go/src/knative.dev/serving/ /go/src/knative.dev/serving/ COPY --from=registry.ci.openshift.org/openshift/knative-v1.3.2:knative-eventing-src /go/src/knative.dev/eventing/ /go/src/knative.dev/eventing/ COPY --from=registry.ci.openshift.org/openshift/knative-v1.1.0:knative-eventing-kafka-src /go/src/knative.dev/eventing-kafka/ /go/src/knative.dev/eventing-kafka/ COPY --from=registry.ci.openshift.org/openshift/knative-v1.3.2:knative-eventing-kafka-broker-src /go/src/knative.dev/eventing-kafka-broker/ /go/src/knative.dev/eventing-kafka-broker/ From 81e8cfd55e8a950af5c73a98311c0e204f3f79ee Mon Sep 17 00:00:00 2001 From: Stavros Kontopoulos Date: Sun, 24 Jul 2022 21:07:37 +0300 Subject: [PATCH 3/3] apply resource quota --- test/serving.bash | 3 +++ 1 file changed, 3 insertions(+) diff --git a/test/serving.bash b/test/serving.bash index 53c00c530b..27065d709d 100644 --- a/test/serving.bash +++ b/test/serving.bash @@ -73,6 +73,9 @@ function upstream_knative_serving_e2e_and_conformance_tests { # Create a persistent volume claim for the respective tests oc apply -f ./test/config/pvc/pvc.yaml + # Apply resource quota in rq-test namespace, needed for the related e2e test. + oc apply -f ./test/config/resource-quota/resource-quota.yaml + image_template="registry.ci.openshift.org/openshift/knative-${KNATIVE_SERVING_VERSION}:knative-serving-test-{{.Name}}" subdomain=$(oc get ingresses.config.openshift.io cluster -o jsonpath="{.spec.domain}") OPENSHIFT_TEST_OPTIONS="--kubeconfig $KUBECONFIG --enable-beta --enable-alpha --resolvabledomain --customdomain=$subdomain --https"