From d7b7104fe2192e0f62f236dac37abe64c8582a1d Mon Sep 17 00:00:00 2001 From: Kenjiro Nakayama Date: Mon, 7 Jun 2021 23:11:49 +0900 Subject: [PATCH 1/6] Add root ca for Controller HA test with https (#11471) This patch adds `test.AddRootCAtoTransport` for prober in TestControllerHA. --- test/ha/controller_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/ha/controller_test.go b/test/ha/controller_test.go index c5f38d4b49e5..e75e68bbeb10 100644 --- a/test/ha/controller_test.go +++ b/test/ha/controller_test.go @@ -54,7 +54,7 @@ func TestControllerHA(t *testing.T) { service1Names, resources := createPizzaPlanetService(t) test.EnsureTearDown(t, clients, &service1Names) - prober := test.RunRouteProber(t.Logf, clients, resources.Service.Status.URL.URL()) + prober := test.RunRouteProber(t.Logf, clients, resources.Service.Status.URL.URL(), test.AddRootCAtoTransport(context.Background(), t.Logf, clients, test.ServingFlags.HTTPS)) defer test.AssertProberDefault(t, prober) for _, leader := range leaders.List() { From d2be74aa29cc1b338ed29972668eff14799d21a3 Mon Sep 17 00:00:00 2001 From: Kenjiro Nakayama Date: Thu, 1 Jul 2021 13:14:26 +0900 Subject: [PATCH 2/6] stick serverless-operator branch --- openshift/e2e-common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openshift/e2e-common.sh b/openshift/e2e-common.sh index 4348ee044642..fece69860533 100644 --- a/openshift/e2e-common.sh +++ b/openshift/e2e-common.sh @@ -179,7 +179,7 @@ function install_catalogsource(){ # And checkout the setup script based on that commit. local SERVERLESS_DIR=$(mktemp -d) local CURRENT_DIR=$(pwd) - git clone --depth 1 https://github.com/openshift-knative/serverless-operator.git ${SERVERLESS_DIR} + git clone --depth 1 -b release-1.16 https://github.com/openshift-knative/serverless-operator.git ${SERVERLESS_DIR} pushd ${SERVERLESS_DIR} update_csv $CURRENT_DIR || return $? From c47ca4f40e948fab789312c9f4218abc36594da9 Mon Sep 17 00:00:00 2001 From: Kenjiro Nakayama Date: Thu, 1 Jul 2021 15:51:24 +0900 Subject: [PATCH 3/6] Revert "stick serverless-operator branch" This reverts commit d2be74aa29cc1b338ed29972668eff14799d21a3. --- openshift/e2e-common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openshift/e2e-common.sh b/openshift/e2e-common.sh index fece69860533..4348ee044642 100644 --- a/openshift/e2e-common.sh +++ b/openshift/e2e-common.sh @@ -179,7 +179,7 @@ function install_catalogsource(){ # And checkout the setup script based on that commit. local SERVERLESS_DIR=$(mktemp -d) local CURRENT_DIR=$(pwd) - git clone --depth 1 -b release-1.16 https://github.com/openshift-knative/serverless-operator.git ${SERVERLESS_DIR} + git clone --depth 1 https://github.com/openshift-knative/serverless-operator.git ${SERVERLESS_DIR} pushd ${SERVERLESS_DIR} update_csv $CURRENT_DIR || return $? From a48cbb5bcacbea8a3cdbc55bfec4338904ac9d1c Mon Sep 17 00:00:00 2001 From: Kenjiro Nakayama Date: Wed, 30 Jun 2021 15:43:44 +0900 Subject: [PATCH 4/6] Add v0.23 label to manifests (#833) * Remove config/domainmapping * Add 0.23 label --- openshift/release/generate-release.sh | 2 +- openshift/release/resolve.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/openshift/release/generate-release.sh b/openshift/release/generate-release.sh index 9403652523a8..e453e1ca551d 100755 --- a/openshift/release/generate-release.sh +++ b/openshift/release/generate-release.sh @@ -5,4 +5,4 @@ source $(dirname $0)/resolve.sh release=$1 output_file="openshift/release/knative-serving-${release}.yaml" -resolve_resources "config/core/ config/hpa-autoscaling/ config/domain-mapping/" "$output_file" +resolve_resources "config/core/ config/hpa-autoscaling/" "$output_file" diff --git a/openshift/release/resolve.sh b/openshift/release/resolve.sh index dba8e128420d..07fa40dccb55 100755 --- a/openshift/release/resolve.sh +++ b/openshift/release/resolve.sh @@ -26,6 +26,6 @@ function resolve_file() { # 1. Rewrite image references # 2. Update config map entry # 3. Replace serving.knative.dev/release label. - sed -e "s+serving.knative.dev/release: devel+serving.knative.dev/release: \"v0.22.0\"+" \ + sed -e "s+serving.knative.dev/release: devel+serving.knative.dev/release: \"v0.23.0\"+" \ "$file" >> "$to" } From b632601b6331f3aa6304d6dba66d62287e20e188 Mon Sep 17 00:00:00 2001 From: Kenjiro Nakayama Date: Thu, 1 Jul 2021 15:56:32 +0900 Subject: [PATCH 5/6] Update label --- openshift/release/knative-serving-ci.yaml | 552 ++---------------- .../release/knative-serving-v0.23.1.yaml | 552 ++---------------- 2 files changed, 112 insertions(+), 992 deletions(-) diff --git a/openshift/release/knative-serving-ci.yaml b/openshift/release/knative-serving-ci.yaml index 9f6bb8cce752..e27ae245fd1a 100644 --- a/openshift/release/knative-serving-ci.yaml +++ b/openshift/release/knative-serving-ci.yaml @@ -18,7 +18,7 @@ kind: Namespace metadata: name: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" --- # Copyright 2019 The Knative Authors # @@ -42,7 +42,7 @@ metadata: # (which should be identical, but isn't guaranteed to be installed alongside serving). name: knative-serving-aggregated-addressable-resolver labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" aggregationRule: clusterRoleSelectors: - matchLabels: @@ -54,7 +54,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-addressable-resolver labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" # Labeled to facilitate aggregated cluster roles that act on Addressables. duck.knative.dev/addressable: "true" @@ -92,7 +92,7 @@ metadata: name: knative-serving-namespaced-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" rules: - apiGroups: ["serving.knative.dev"] resources: ["*"] @@ -107,7 +107,7 @@ metadata: name: knative-serving-namespaced-edit labels: rbac.authorization.k8s.io/aggregate-to-edit: "true" - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" rules: - apiGroups: ["serving.knative.dev"] resources: ["*"] @@ -122,7 +122,7 @@ metadata: name: knative-serving-namespaced-view labels: rbac.authorization.k8s.io/aggregate-to-view: "true" - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" rules: - apiGroups: ["serving.knative.dev", "networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] resources: ["*"] @@ -147,7 +147,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-core labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" serving.knative.dev/controller: "true" rules: - apiGroups: [""] @@ -197,7 +197,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-podspecable-binding labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" # Labeled to facilitate aggregated cluster roles that act on PodSpecables. duck.knative.dev/podspecable: "true" @@ -233,14 +233,14 @@ metadata: name: controller namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-admin labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" aggregationRule: clusterRoleSelectors: - matchLabels: @@ -252,7 +252,7 @@ kind: ClusterRoleBinding metadata: name: knative-serving-controller-admin labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" subjects: - kind: ServiceAccount name: controller @@ -267,7 +267,7 @@ kind: ClusterRoleBinding metadata: name: knative-serving-controller-addressable-resolver labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" subjects: - kind: ServiceAccount name: controller @@ -347,7 +347,7 @@ kind: CustomResourceDefinition metadata: name: certificates.networking.internal.knative.dev labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -404,7 +404,7 @@ kind: CustomResourceDefinition metadata: name: configurations.serving.knative.dev labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" knative.dev/crd-install: "true" duck.knative.dev/podspecable: "true" spec: @@ -1092,7 +1092,7 @@ kind: CustomResourceDefinition metadata: name: ingresses.networking.internal.knative.dev labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -1150,7 +1150,7 @@ kind: CustomResourceDefinition metadata: name: metrics.autoscaling.internal.knative.dev labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" knative.dev/crd-install: "true" spec: group: autoscaling.internal.knative.dev @@ -1271,7 +1271,7 @@ kind: CustomResourceDefinition metadata: name: podautoscalers.autoscaling.internal.knative.dev labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" knative.dev/crd-install: "true" spec: group: autoscaling.internal.knative.dev @@ -1429,7 +1429,7 @@ kind: CustomResourceDefinition metadata: name: revisions.serving.knative.dev labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" knative.dev/crd-install: "true" spec: group: serving.knative.dev @@ -2120,7 +2120,7 @@ kind: CustomResourceDefinition metadata: name: routes.serving.knative.dev labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" spec: @@ -2292,7 +2292,7 @@ kind: CustomResourceDefinition metadata: name: serverlessservices.networking.internal.knative.dev labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -2361,7 +2361,7 @@ kind: CustomResourceDefinition metadata: name: services.serving.knative.dev labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" duck.knative.dev/podspecable: "true" @@ -3115,7 +3115,7 @@ metadata: name: queue-proxy namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" spec: # This is the Go import path for the binary that is containerized # and substituted here. @@ -3141,7 +3141,7 @@ metadata: name: config-autoscaler namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" annotations: knative.dev/example-checksum: "604cb513" data: @@ -3345,7 +3345,7 @@ metadata: name: config-defaults namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" annotations: knative.dev/example-checksum: "cdabec96" data: @@ -3478,7 +3478,7 @@ metadata: name: config-deployment namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" annotations: knative.dev/example-checksum: "fa67b403" data: @@ -3558,7 +3558,7 @@ metadata: name: config-domain namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" annotations: knative.dev/example-checksum: "81552d0b" data: @@ -3620,7 +3620,7 @@ metadata: name: config-features namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" annotations: knative.dev/example-checksum: "1bbf8144" data: @@ -3748,7 +3748,7 @@ metadata: name: config-gc namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" annotations: knative.dev/example-checksum: "e6149382" data: @@ -3845,7 +3845,7 @@ metadata: name: config-leader-election namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" annotations: knative.dev/example-checksum: "96896b00" data: @@ -3904,7 +3904,7 @@ metadata: name: config-logging namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" annotations: knative.dev/example-checksum: "d9570453" data: @@ -3981,7 +3981,7 @@ metadata: name: config-network namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" annotations: knative.dev/example-checksum: "15954d34" data: @@ -4113,7 +4113,7 @@ metadata: name: config-observability namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" annotations: knative.dev/example-checksum: "97c1d10b" data: @@ -4232,7 +4232,7 @@ metadata: name: config-tracing namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" annotations: knative.dev/example-checksum: "4002b4c2" data: @@ -4291,7 +4291,7 @@ metadata: name: activator namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" spec: minReplicas: 1 maxReplicas: 20 @@ -4317,7 +4317,7 @@ metadata: name: activator-pdb namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" spec: minAvailable: 80% selector: @@ -4344,7 +4344,7 @@ metadata: name: activator namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" spec: selector: matchLabels: @@ -4357,7 +4357,7 @@ spec: labels: app: activator role: activator - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" spec: serviceAccountName: controller containers: @@ -4451,7 +4451,7 @@ metadata: namespace: knative-serving labels: app: activator - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" spec: selector: app: activator @@ -4491,7 +4491,7 @@ metadata: name: autoscaler namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" spec: replicas: 1 selector: @@ -4503,7 +4503,7 @@ spec: cluster-autoscaler.kubernetes.io/safe-to-evict: "false" labels: app: autoscaler - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" spec: # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: @@ -4588,7 +4588,7 @@ kind: Service metadata: labels: app: autoscaler - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" name: autoscaler namespace: knative-serving spec: @@ -4626,7 +4626,7 @@ metadata: name: controller namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" spec: selector: matchLabels: @@ -4637,7 +4637,7 @@ spec: cluster-autoscaler.kubernetes.io/safe-to-evict: "true" labels: app: controller - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" spec: # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: @@ -4703,7 +4703,7 @@ kind: Service metadata: labels: app: controller - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" name: controller namespace: knative-serving spec: @@ -4738,7 +4738,7 @@ metadata: name: webhook namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" spec: minReplicas: 1 maxReplicas: 5 @@ -4762,7 +4762,7 @@ metadata: name: webhook-pdb namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" spec: minAvailable: 80% selector: @@ -4789,7 +4789,7 @@ metadata: name: webhook namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" spec: selector: matchLabels: @@ -4802,7 +4802,7 @@ spec: labels: app: webhook role: webhook - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" spec: # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: @@ -4891,7 +4891,7 @@ kind: Service metadata: labels: role: webhook - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" name: webhook namespace: knative-serving spec: @@ -4928,7 +4928,7 @@ kind: ValidatingWebhookConfiguration metadata: name: config.webhook.serving.knative.dev labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -4963,7 +4963,7 @@ kind: MutatingWebhookConfiguration metadata: name: webhook.serving.knative.dev labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -5015,7 +5015,7 @@ kind: ValidatingWebhookConfiguration metadata: name: validation.webhook.serving.knative.dev labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -5069,449 +5069,9 @@ metadata: name: webhook-certs namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" # The data is populated at install time. --- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterdomainclaims.networking.internal.knative.dev - labels: - serving.knative.dev/release: "v0.22.0" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - # this is a work around so we don't need to flush out the - # schema for each version at this time - # - # see issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - names: - kind: ClusterDomainClaim - plural: clusterdomainclaims - singular: clusterdomainclaim - categories: - - knative-internal - - networking - shortNames: - - cdc - scope: Cluster ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: domainmappings.serving.knative.dev - labels: - serving.knative.dev/release: "v0.22.0" - knative.dev/crd-install: "true" -spec: - group: serving.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - # this is a work around so we don't need to flush out the - # schema for each version at this time - # - # see issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: DomainMapping - plural: domainmappings - singular: domainmapping - categories: - - all - - knative - - serving - shortNames: - - dm - scope: Namespaced ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: domain-mapping - namespace: knative-serving - labels: - serving.knative.dev/release: "v0.22.0" -spec: - selector: - matchLabels: - app: domain-mapping - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "true" - labels: - app: domain-mapping - serving.knative.dev/release: "v0.22.0" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: domain-mapping - topologyKey: kubernetes.io/hostname - weight: 100 - - serviceAccountName: controller - containers: - - name: domain-mapping - # This is the Go import path for the binary that is containerized - # and substituted here. - image: ko://knative.dev/serving/cmd/domain-mapping - - resources: - requests: - cpu: 30m - memory: 40Mi - limits: - cpu: 300m - memory: 400Mi - - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/serving - - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - all - - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: webhook.domainmapping.serving.knative.dev - labels: - serving.knative.dev/release: "v0.22.0" -webhooks: -- admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: domainmapping-webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: webhook.domainmapping.serving.knative.dev - timeoutSeconds: 10 - rules: - - apiGroups: - - serving.knative.dev - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - scope: "*" - resources: - - domainmappings ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: domainmapping-webhook-certs - namespace: knative-serving - labels: - serving.knative.dev/release: "v0.22.0" -# The data is populated at install time. ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validation.webhook.domainmapping.serving.knative.dev - labels: - serving.knative.dev/release: "v0.22.0" -webhooks: -- admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: domainmapping-webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: validation.webhook.domainmapping.serving.knative.dev - timeoutSeconds: 10 - rules: - - apiGroups: - - serving.knative.dev - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - - DELETE - scope: "*" - resources: - - domainmappings ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: domainmapping-webhook - namespace: knative-serving - labels: - serving.knative.dev/release: "v0.22.0" -spec: - selector: - matchLabels: - app: domainmapping-webhook - role: domainmapping-webhook - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - labels: - app: domainmapping-webhook - role: domainmapping-webhook - serving.knative.dev/release: "v0.22.0" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: domainmapping-webhook - topologyKey: kubernetes.io/hostname - weight: 100 - - serviceAccountName: controller - containers: - - name: domainmapping-webhook - # This is the Go import path for the binary that is containerized - # and substituted here. - image: ko://knative.dev/serving/cmd/domain-mapping-webhook - - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 500m - memory: 500Mi - - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: WEBHOOK_PORT - value: "8443" - - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/serving - - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - all - - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: https-webhook - containerPort: 8443 - - readinessProbe: &probe - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - livenessProbe: - <<: *probe - failureThreshold: 6 - initialDelaySeconds: 20 - - # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently - # high value that we respect whatever value it has configured for the lame duck grace period. - terminationGracePeriodSeconds: 300 - ---- -apiVersion: v1 -kind: Service -metadata: - labels: - role: domainmapping-webhook - serving.knative.dev/release: "v0.22.0" - name: domainmapping-webhook - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: https-webhook - port: 443 - targetPort: 8443 - selector: - role: domainmapping-webhook ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -5532,7 +5092,7 @@ metadata: name: autoscaler-hpa namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" autoscaling.knative.dev/autoscaler-provider: hpa spec: selector: @@ -5544,7 +5104,7 @@ spec: cluster-autoscaler.kubernetes.io/safe-to-evict: "true" labels: app: autoscaler-hpa - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" spec: # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: @@ -5606,7 +5166,7 @@ kind: Service metadata: labels: app: autoscaler-hpa - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" autoscaling.knative.dev/autoscaler-provider: hpa name: autoscaler-hpa namespace: knative-serving diff --git a/openshift/release/knative-serving-v0.23.1.yaml b/openshift/release/knative-serving-v0.23.1.yaml index 9f6bb8cce752..e27ae245fd1a 100644 --- a/openshift/release/knative-serving-v0.23.1.yaml +++ b/openshift/release/knative-serving-v0.23.1.yaml @@ -18,7 +18,7 @@ kind: Namespace metadata: name: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" --- # Copyright 2019 The Knative Authors # @@ -42,7 +42,7 @@ metadata: # (which should be identical, but isn't guaranteed to be installed alongside serving). name: knative-serving-aggregated-addressable-resolver labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" aggregationRule: clusterRoleSelectors: - matchLabels: @@ -54,7 +54,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-addressable-resolver labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" # Labeled to facilitate aggregated cluster roles that act on Addressables. duck.knative.dev/addressable: "true" @@ -92,7 +92,7 @@ metadata: name: knative-serving-namespaced-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" rules: - apiGroups: ["serving.knative.dev"] resources: ["*"] @@ -107,7 +107,7 @@ metadata: name: knative-serving-namespaced-edit labels: rbac.authorization.k8s.io/aggregate-to-edit: "true" - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" rules: - apiGroups: ["serving.knative.dev"] resources: ["*"] @@ -122,7 +122,7 @@ metadata: name: knative-serving-namespaced-view labels: rbac.authorization.k8s.io/aggregate-to-view: "true" - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" rules: - apiGroups: ["serving.knative.dev", "networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] resources: ["*"] @@ -147,7 +147,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-core labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" serving.knative.dev/controller: "true" rules: - apiGroups: [""] @@ -197,7 +197,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-podspecable-binding labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" # Labeled to facilitate aggregated cluster roles that act on PodSpecables. duck.knative.dev/podspecable: "true" @@ -233,14 +233,14 @@ metadata: name: controller namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-admin labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" aggregationRule: clusterRoleSelectors: - matchLabels: @@ -252,7 +252,7 @@ kind: ClusterRoleBinding metadata: name: knative-serving-controller-admin labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" subjects: - kind: ServiceAccount name: controller @@ -267,7 +267,7 @@ kind: ClusterRoleBinding metadata: name: knative-serving-controller-addressable-resolver labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" subjects: - kind: ServiceAccount name: controller @@ -347,7 +347,7 @@ kind: CustomResourceDefinition metadata: name: certificates.networking.internal.knative.dev labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -404,7 +404,7 @@ kind: CustomResourceDefinition metadata: name: configurations.serving.knative.dev labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" knative.dev/crd-install: "true" duck.knative.dev/podspecable: "true" spec: @@ -1092,7 +1092,7 @@ kind: CustomResourceDefinition metadata: name: ingresses.networking.internal.knative.dev labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -1150,7 +1150,7 @@ kind: CustomResourceDefinition metadata: name: metrics.autoscaling.internal.knative.dev labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" knative.dev/crd-install: "true" spec: group: autoscaling.internal.knative.dev @@ -1271,7 +1271,7 @@ kind: CustomResourceDefinition metadata: name: podautoscalers.autoscaling.internal.knative.dev labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" knative.dev/crd-install: "true" spec: group: autoscaling.internal.knative.dev @@ -1429,7 +1429,7 @@ kind: CustomResourceDefinition metadata: name: revisions.serving.knative.dev labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" knative.dev/crd-install: "true" spec: group: serving.knative.dev @@ -2120,7 +2120,7 @@ kind: CustomResourceDefinition metadata: name: routes.serving.knative.dev labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" spec: @@ -2292,7 +2292,7 @@ kind: CustomResourceDefinition metadata: name: serverlessservices.networking.internal.knative.dev labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -2361,7 +2361,7 @@ kind: CustomResourceDefinition metadata: name: services.serving.knative.dev labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" duck.knative.dev/podspecable: "true" @@ -3115,7 +3115,7 @@ metadata: name: queue-proxy namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" spec: # This is the Go import path for the binary that is containerized # and substituted here. @@ -3141,7 +3141,7 @@ metadata: name: config-autoscaler namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" annotations: knative.dev/example-checksum: "604cb513" data: @@ -3345,7 +3345,7 @@ metadata: name: config-defaults namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" annotations: knative.dev/example-checksum: "cdabec96" data: @@ -3478,7 +3478,7 @@ metadata: name: config-deployment namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" annotations: knative.dev/example-checksum: "fa67b403" data: @@ -3558,7 +3558,7 @@ metadata: name: config-domain namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" annotations: knative.dev/example-checksum: "81552d0b" data: @@ -3620,7 +3620,7 @@ metadata: name: config-features namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" annotations: knative.dev/example-checksum: "1bbf8144" data: @@ -3748,7 +3748,7 @@ metadata: name: config-gc namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" annotations: knative.dev/example-checksum: "e6149382" data: @@ -3845,7 +3845,7 @@ metadata: name: config-leader-election namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" annotations: knative.dev/example-checksum: "96896b00" data: @@ -3904,7 +3904,7 @@ metadata: name: config-logging namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" annotations: knative.dev/example-checksum: "d9570453" data: @@ -3981,7 +3981,7 @@ metadata: name: config-network namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" annotations: knative.dev/example-checksum: "15954d34" data: @@ -4113,7 +4113,7 @@ metadata: name: config-observability namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" annotations: knative.dev/example-checksum: "97c1d10b" data: @@ -4232,7 +4232,7 @@ metadata: name: config-tracing namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" annotations: knative.dev/example-checksum: "4002b4c2" data: @@ -4291,7 +4291,7 @@ metadata: name: activator namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" spec: minReplicas: 1 maxReplicas: 20 @@ -4317,7 +4317,7 @@ metadata: name: activator-pdb namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" spec: minAvailable: 80% selector: @@ -4344,7 +4344,7 @@ metadata: name: activator namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" spec: selector: matchLabels: @@ -4357,7 +4357,7 @@ spec: labels: app: activator role: activator - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" spec: serviceAccountName: controller containers: @@ -4451,7 +4451,7 @@ metadata: namespace: knative-serving labels: app: activator - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" spec: selector: app: activator @@ -4491,7 +4491,7 @@ metadata: name: autoscaler namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" spec: replicas: 1 selector: @@ -4503,7 +4503,7 @@ spec: cluster-autoscaler.kubernetes.io/safe-to-evict: "false" labels: app: autoscaler - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" spec: # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: @@ -4588,7 +4588,7 @@ kind: Service metadata: labels: app: autoscaler - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" name: autoscaler namespace: knative-serving spec: @@ -4626,7 +4626,7 @@ metadata: name: controller namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" spec: selector: matchLabels: @@ -4637,7 +4637,7 @@ spec: cluster-autoscaler.kubernetes.io/safe-to-evict: "true" labels: app: controller - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" spec: # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: @@ -4703,7 +4703,7 @@ kind: Service metadata: labels: app: controller - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" name: controller namespace: knative-serving spec: @@ -4738,7 +4738,7 @@ metadata: name: webhook namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" spec: minReplicas: 1 maxReplicas: 5 @@ -4762,7 +4762,7 @@ metadata: name: webhook-pdb namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" spec: minAvailable: 80% selector: @@ -4789,7 +4789,7 @@ metadata: name: webhook namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" spec: selector: matchLabels: @@ -4802,7 +4802,7 @@ spec: labels: app: webhook role: webhook - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" spec: # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: @@ -4891,7 +4891,7 @@ kind: Service metadata: labels: role: webhook - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" name: webhook namespace: knative-serving spec: @@ -4928,7 +4928,7 @@ kind: ValidatingWebhookConfiguration metadata: name: config.webhook.serving.knative.dev labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -4963,7 +4963,7 @@ kind: MutatingWebhookConfiguration metadata: name: webhook.serving.knative.dev labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -5015,7 +5015,7 @@ kind: ValidatingWebhookConfiguration metadata: name: validation.webhook.serving.knative.dev labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -5069,449 +5069,9 @@ metadata: name: webhook-certs namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" # The data is populated at install time. --- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterdomainclaims.networking.internal.knative.dev - labels: - serving.knative.dev/release: "v0.22.0" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - # this is a work around so we don't need to flush out the - # schema for each version at this time - # - # see issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - names: - kind: ClusterDomainClaim - plural: clusterdomainclaims - singular: clusterdomainclaim - categories: - - knative-internal - - networking - shortNames: - - cdc - scope: Cluster ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: domainmappings.serving.knative.dev - labels: - serving.knative.dev/release: "v0.22.0" - knative.dev/crd-install: "true" -spec: - group: serving.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - # this is a work around so we don't need to flush out the - # schema for each version at this time - # - # see issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: DomainMapping - plural: domainmappings - singular: domainmapping - categories: - - all - - knative - - serving - shortNames: - - dm - scope: Namespaced ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: domain-mapping - namespace: knative-serving - labels: - serving.knative.dev/release: "v0.22.0" -spec: - selector: - matchLabels: - app: domain-mapping - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "true" - labels: - app: domain-mapping - serving.knative.dev/release: "v0.22.0" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: domain-mapping - topologyKey: kubernetes.io/hostname - weight: 100 - - serviceAccountName: controller - containers: - - name: domain-mapping - # This is the Go import path for the binary that is containerized - # and substituted here. - image: ko://knative.dev/serving/cmd/domain-mapping - - resources: - requests: - cpu: 30m - memory: 40Mi - limits: - cpu: 300m - memory: 400Mi - - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/serving - - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - all - - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: webhook.domainmapping.serving.knative.dev - labels: - serving.knative.dev/release: "v0.22.0" -webhooks: -- admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: domainmapping-webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: webhook.domainmapping.serving.knative.dev - timeoutSeconds: 10 - rules: - - apiGroups: - - serving.knative.dev - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - scope: "*" - resources: - - domainmappings ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: domainmapping-webhook-certs - namespace: knative-serving - labels: - serving.knative.dev/release: "v0.22.0" -# The data is populated at install time. ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validation.webhook.domainmapping.serving.knative.dev - labels: - serving.knative.dev/release: "v0.22.0" -webhooks: -- admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: domainmapping-webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: validation.webhook.domainmapping.serving.knative.dev - timeoutSeconds: 10 - rules: - - apiGroups: - - serving.knative.dev - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - - DELETE - scope: "*" - resources: - - domainmappings ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: domainmapping-webhook - namespace: knative-serving - labels: - serving.knative.dev/release: "v0.22.0" -spec: - selector: - matchLabels: - app: domainmapping-webhook - role: domainmapping-webhook - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - labels: - app: domainmapping-webhook - role: domainmapping-webhook - serving.knative.dev/release: "v0.22.0" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: domainmapping-webhook - topologyKey: kubernetes.io/hostname - weight: 100 - - serviceAccountName: controller - containers: - - name: domainmapping-webhook - # This is the Go import path for the binary that is containerized - # and substituted here. - image: ko://knative.dev/serving/cmd/domain-mapping-webhook - - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 500m - memory: 500Mi - - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: WEBHOOK_PORT - value: "8443" - - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/serving - - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - all - - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: https-webhook - containerPort: 8443 - - readinessProbe: &probe - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - livenessProbe: - <<: *probe - failureThreshold: 6 - initialDelaySeconds: 20 - - # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently - # high value that we respect whatever value it has configured for the lame duck grace period. - terminationGracePeriodSeconds: 300 - ---- -apiVersion: v1 -kind: Service -metadata: - labels: - role: domainmapping-webhook - serving.knative.dev/release: "v0.22.0" - name: domainmapping-webhook - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: https-webhook - port: 443 - targetPort: 8443 - selector: - role: domainmapping-webhook ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -5532,7 +5092,7 @@ metadata: name: autoscaler-hpa namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" autoscaling.knative.dev/autoscaler-provider: hpa spec: selector: @@ -5544,7 +5104,7 @@ spec: cluster-autoscaler.kubernetes.io/safe-to-evict: "true" labels: app: autoscaler-hpa - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" spec: # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: @@ -5606,7 +5166,7 @@ kind: Service metadata: labels: app: autoscaler-hpa - serving.knative.dev/release: "v0.22.0" + serving.knative.dev/release: "v0.23.0" autoscaling.knative.dev/autoscaler-provider: hpa name: autoscaler-hpa namespace: knative-serving From 8961194ba263d497cd6492248af9e6109bba4ee1 Mon Sep 17 00:00:00 2001 From: Kenjiro Nakayama Date: Thu, 1 Jul 2021 15:59:21 +0900 Subject: [PATCH 6/6] Add back DomainMapping --- openshift/release/generate-release.sh | 2 +- openshift/release/knative-serving-ci.yaml | 440 ++++++++++++++++++ .../release/knative-serving-v0.23.1.yaml | 440 ++++++++++++++++++ 3 files changed, 881 insertions(+), 1 deletion(-) diff --git a/openshift/release/generate-release.sh b/openshift/release/generate-release.sh index e453e1ca551d..9403652523a8 100755 --- a/openshift/release/generate-release.sh +++ b/openshift/release/generate-release.sh @@ -5,4 +5,4 @@ source $(dirname $0)/resolve.sh release=$1 output_file="openshift/release/knative-serving-${release}.yaml" -resolve_resources "config/core/ config/hpa-autoscaling/" "$output_file" +resolve_resources "config/core/ config/hpa-autoscaling/ config/domain-mapping/" "$output_file" diff --git a/openshift/release/knative-serving-ci.yaml b/openshift/release/knative-serving-ci.yaml index e27ae245fd1a..284ee52acd2d 100644 --- a/openshift/release/knative-serving-ci.yaml +++ b/openshift/release/knative-serving-ci.yaml @@ -5072,6 +5072,446 @@ metadata: serving.knative.dev/release: "v0.23.0" # The data is populated at install time. --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterdomainclaims.networking.internal.knative.dev + labels: + serving.knative.dev/release: "v0.23.0" + knative.dev/crd-install: "true" +spec: + group: networking.internal.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # this is a work around so we don't need to flush out the + # schema for each version at this time + # + # see issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + names: + kind: ClusterDomainClaim + plural: clusterdomainclaims + singular: clusterdomainclaim + categories: + - knative-internal + - networking + shortNames: + - cdc + scope: Cluster +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: domainmappings.serving.knative.dev + labels: + serving.knative.dev/release: "v0.23.0" + knative.dev/crd-install: "true" +spec: + group: serving.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # this is a work around so we don't need to flush out the + # schema for each version at this time + # + # see issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.url + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + names: + kind: DomainMapping + plural: domainmappings + singular: domainmapping + categories: + - all + - knative + - serving + shortNames: + - dm + scope: Namespaced +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: domain-mapping + namespace: knative-serving + labels: + serving.knative.dev/release: "v0.23.0" +spec: + selector: + matchLabels: + app: domain-mapping + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + labels: + app: domain-mapping + serving.knative.dev/release: "v0.23.0" + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: domain-mapping + topologyKey: kubernetes.io/hostname + weight: 100 + + serviceAccountName: controller + containers: + - name: domain-mapping + # This is the Go import path for the binary that is containerized + # and substituted here. + image: ko://knative.dev/serving/cmd/domain-mapping + + resources: + requests: + cpu: 30m + memory: 40Mi + limits: + cpu: 300m + memory: 400Mi + + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + + # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config + - name: METRICS_DOMAIN + value: knative.dev/serving + + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all + + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: webhook.domainmapping.serving.knative.dev + labels: + serving.knative.dev/release: "v0.23.0" +webhooks: +- admissionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: domainmapping-webhook + namespace: knative-serving + failurePolicy: Fail + sideEffects: None + name: webhook.domainmapping.serving.knative.dev + timeoutSeconds: 10 + rules: + - apiGroups: + - serving.knative.dev + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + scope: "*" + resources: + - domainmappings +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: domainmapping-webhook-certs + namespace: knative-serving + labels: + serving.knative.dev/release: "v0.23.0" +# The data is populated at install time. +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.webhook.domainmapping.serving.knative.dev + labels: + serving.knative.dev/release: "v0.23.0" +webhooks: +- admissionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: domainmapping-webhook + namespace: knative-serving + failurePolicy: Fail + sideEffects: None + name: validation.webhook.domainmapping.serving.knative.dev + timeoutSeconds: 10 + rules: + - apiGroups: + - serving.knative.dev + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + scope: "*" + resources: + - domainmappings +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: domainmapping-webhook + namespace: knative-serving + labels: + serving.knative.dev/release: "v0.23.0" +spec: + selector: + matchLabels: + app: domainmapping-webhook + role: domainmapping-webhook + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app: domainmapping-webhook + role: domainmapping-webhook + serving.knative.dev/release: "v0.23.0" + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: domainmapping-webhook + topologyKey: kubernetes.io/hostname + weight: 100 + + serviceAccountName: controller + containers: + - name: domainmapping-webhook + # This is the Go import path for the binary that is containerized + # and substituted here. + image: ko://knative.dev/serving/cmd/domain-mapping-webhook + + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 500m + memory: 500Mi + + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: WEBHOOK_PORT + value: "8443" + + # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config + - name: METRICS_DOMAIN + value: knative.dev/serving + + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all + + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: https-webhook + containerPort: 8443 + + readinessProbe: &probe + periodSeconds: 1 + httpGet: + scheme: HTTPS + port: 8443 + httpHeaders: + - name: k-kubelet-probe + value: "webhook" + livenessProbe: + <<: *probe + failureThreshold: 6 + initialDelaySeconds: 20 + + # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently + # high value that we respect whatever value it has configured for the lame duck grace period. + terminationGracePeriodSeconds: 300 + +--- +apiVersion: v1 +kind: Service +metadata: + labels: + role: domainmapping-webhook + serving.knative.dev/release: "v0.23.0" + name: domainmapping-webhook + namespace: knative-serving +spec: + ports: + # Define metrics and profiling for them to be accessible within service meshes. + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + role: domainmapping-webhook +--- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openshift/release/knative-serving-v0.23.1.yaml b/openshift/release/knative-serving-v0.23.1.yaml index e27ae245fd1a..284ee52acd2d 100644 --- a/openshift/release/knative-serving-v0.23.1.yaml +++ b/openshift/release/knative-serving-v0.23.1.yaml @@ -5072,6 +5072,446 @@ metadata: serving.knative.dev/release: "v0.23.0" # The data is populated at install time. --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterdomainclaims.networking.internal.knative.dev + labels: + serving.knative.dev/release: "v0.23.0" + knative.dev/crd-install: "true" +spec: + group: networking.internal.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # this is a work around so we don't need to flush out the + # schema for each version at this time + # + # see issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + names: + kind: ClusterDomainClaim + plural: clusterdomainclaims + singular: clusterdomainclaim + categories: + - knative-internal + - networking + shortNames: + - cdc + scope: Cluster +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: domainmappings.serving.knative.dev + labels: + serving.knative.dev/release: "v0.23.0" + knative.dev/crd-install: "true" +spec: + group: serving.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # this is a work around so we don't need to flush out the + # schema for each version at this time + # + # see issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.url + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + names: + kind: DomainMapping + plural: domainmappings + singular: domainmapping + categories: + - all + - knative + - serving + shortNames: + - dm + scope: Namespaced +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: domain-mapping + namespace: knative-serving + labels: + serving.knative.dev/release: "v0.23.0" +spec: + selector: + matchLabels: + app: domain-mapping + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + labels: + app: domain-mapping + serving.knative.dev/release: "v0.23.0" + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: domain-mapping + topologyKey: kubernetes.io/hostname + weight: 100 + + serviceAccountName: controller + containers: + - name: domain-mapping + # This is the Go import path for the binary that is containerized + # and substituted here. + image: ko://knative.dev/serving/cmd/domain-mapping + + resources: + requests: + cpu: 30m + memory: 40Mi + limits: + cpu: 300m + memory: 400Mi + + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + + # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config + - name: METRICS_DOMAIN + value: knative.dev/serving + + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all + + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: webhook.domainmapping.serving.knative.dev + labels: + serving.knative.dev/release: "v0.23.0" +webhooks: +- admissionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: domainmapping-webhook + namespace: knative-serving + failurePolicy: Fail + sideEffects: None + name: webhook.domainmapping.serving.knative.dev + timeoutSeconds: 10 + rules: + - apiGroups: + - serving.knative.dev + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + scope: "*" + resources: + - domainmappings +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: domainmapping-webhook-certs + namespace: knative-serving + labels: + serving.knative.dev/release: "v0.23.0" +# The data is populated at install time. +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.webhook.domainmapping.serving.knative.dev + labels: + serving.knative.dev/release: "v0.23.0" +webhooks: +- admissionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: domainmapping-webhook + namespace: knative-serving + failurePolicy: Fail + sideEffects: None + name: validation.webhook.domainmapping.serving.knative.dev + timeoutSeconds: 10 + rules: + - apiGroups: + - serving.knative.dev + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + scope: "*" + resources: + - domainmappings +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: domainmapping-webhook + namespace: knative-serving + labels: + serving.knative.dev/release: "v0.23.0" +spec: + selector: + matchLabels: + app: domainmapping-webhook + role: domainmapping-webhook + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app: domainmapping-webhook + role: domainmapping-webhook + serving.knative.dev/release: "v0.23.0" + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: domainmapping-webhook + topologyKey: kubernetes.io/hostname + weight: 100 + + serviceAccountName: controller + containers: + - name: domainmapping-webhook + # This is the Go import path for the binary that is containerized + # and substituted here. + image: ko://knative.dev/serving/cmd/domain-mapping-webhook + + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 500m + memory: 500Mi + + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: WEBHOOK_PORT + value: "8443" + + # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config + - name: METRICS_DOMAIN + value: knative.dev/serving + + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all + + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: https-webhook + containerPort: 8443 + + readinessProbe: &probe + periodSeconds: 1 + httpGet: + scheme: HTTPS + port: 8443 + httpHeaders: + - name: k-kubelet-probe + value: "webhook" + livenessProbe: + <<: *probe + failureThreshold: 6 + initialDelaySeconds: 20 + + # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently + # high value that we respect whatever value it has configured for the lame duck grace period. + terminationGracePeriodSeconds: 300 + +--- +apiVersion: v1 +kind: Service +metadata: + labels: + role: domainmapping-webhook + serving.knative.dev/release: "v0.23.0" + name: domainmapping-webhook + namespace: knative-serving +spec: + ports: + # Define metrics and profiling for them to be accessible within service meshes. + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + role: domainmapping-webhook +--- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License");