Created
March 26, 2020 16:33
-
-
Save bryanl/cd53f40cdfe8a0147d829e4d6cceb169 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright 2018 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: apiextensions.k8s.io/v1beta1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| name: images.caching.internal.knative.dev | |
| labels: | |
| knative.dev/crd-install: "true" | |
| spec: | |
| group: caching.internal.knative.dev | |
| version: v1alpha1 | |
| names: | |
| kind: Image | |
| plural: images | |
| singular: image | |
| categories: | |
| - knative-internal | |
| - caching | |
| shortNames: | |
| - img | |
| scope: Namespaced | |
| subresources: | |
| status: {} | |
| --- | |
| # Copyright 2018 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: knative-serving | |
| labels: | |
| # TODO(mattmoor): We should not require any istio annotations. | |
| istio-injection: enabled | |
| serving.knative.dev/release: "v0.13.0" | |
| --- | |
| # Copyright 2018 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: controller | |
| namespace: knative-serving | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| --- | |
| kind: ClusterRole | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| metadata: | |
| name: knative-serving-admin | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| aggregationRule: | |
| clusterRoleSelectors: | |
| - matchLabels: | |
| serving.knative.dev/controller: "true" | |
| rules: [] # Rules are automatically filled in by the controller manager. | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: knative-serving-controller-admin | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| subjects: | |
| - kind: ServiceAccount | |
| name: controller | |
| namespace: knative-serving | |
| roleRef: | |
| kind: ClusterRole | |
| name: knative-serving-admin | |
| apiGroup: rbac.authorization.k8s.io | |
| --- | |
| # Copyright 2018 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: caching.internal.knative.dev/v1alpha1 | |
| kind: Image | |
| metadata: | |
| name: queue-proxy | |
| namespace: knative-serving | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| spec: | |
| # This is the Go import path for the binary that is containerized | |
| # and substituted here. | |
| image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:0fad95e6903c53dbfb73deb7d04f54fea8e417ffff1ba9be7ae8464120ae11ec | |
| --- | |
| # Copyright 2018 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: config-autoscaler | |
| namespace: knative-serving | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| data: | |
| _example: | | |
| ################################ | |
| # # | |
| # EXAMPLE CONFIGURATION # | |
| # # | |
| ################################ | |
| # This block is not actually functional configuration, | |
| # but serves to illustrate the available configuration | |
| # options and document them in a way that is accessible | |
| # to users that `kubectl edit` this config map. | |
| # | |
| # These sample configuration options may be copied out of | |
| # this example block and unindented to be in the data block | |
| # to actually change the configuration. | |
| # The Revision ContainerConcurrency field specifies the maximum number | |
| # of requests the Container can handle at once. Container concurrency | |
| # target percentage is how much of that maximum to use in a stable | |
| # state. E.g. if a Revision specifies ContainerConcurrency of 10, then | |
| # the Autoscaler will try to maintain 7 concurrent connections per pod | |
| # on average. | |
| # Note: this limit will be applied to container concurrency set at every | |
| # level (ConfigMap, Revision Spec or Annotation). | |
| # For legacy and backwards compatibility reasons, this value also accepts | |
| # fractional values in (0, 1] interval (i.e. 0.7 ⇒ 70%). | |
| # Thus minimal percentage value must be greater than 1.0, or it will be | |
| # treated as a fraction. | |
| container-concurrency-target-percentage: "70" | |
| # The container concurrency target default is what the Autoscaler will | |
| # try to maintain when concurrency is used as the scaling metric for a | |
| # Revision and the Revision specifies unlimited concurrency. | |
| # Even when specifying unlimited concurrency, the autoscaler will | |
| # horizontally scale the application based on this target concurrency. | |
| # NOTE: Only one metric can be used for autoscaling a Revision. | |
| container-concurrency-target-default: "100" | |
| # The requests per second (RPS) target default is what the Autoscaler will | |
| # try to maintain when RPS is used as the scaling metric for a Revision and | |
| # the Revision specifies unlimited RPS. Even when specifying unlimited RPS, | |
| # the autoscaler will horizontally scale the application based on this | |
| # target RPS. | |
| # Must be greater than 1.0. | |
| # NOTE: Only one metric can be used for autoscaling a Revision. | |
| requests-per-second-target-default: "200" | |
| # The target burst capacity specifies the size of burst in concurrent | |
| # requests that the system operator expects the system will receive. | |
| # Autoscaler will try to protect the system from queueing by introducing | |
| # Activator in the request path if the current spare capacity of the | |
| # service is less than this setting. | |
| # If this setting is 0, then Activator will be in the request path only | |
| # when the revision is scaled to 0. | |
| # If this setting is > 0 and container-concurrency-target-percentage is | |
| # 100% or 1.0, then activator will always be in the request path. | |
| # -1 denotes unlimited target-burst-capacity and activator will always | |
| # be in the request path. | |
| # Other negative values are invalid. | |
| target-burst-capacity: "200" | |
| # When operating in a stable mode, the autoscaler operates on the | |
| # average concurrency over the stable window. | |
| # Stable window must be in whole seconds. | |
| stable-window: "60s" | |
| # When observed average concurrency during the panic window reaches | |
| # panic-threshold-percentage the target concurrency, the autoscaler | |
| # enters panic mode. When operating in panic mode, the autoscaler | |
| # scales on the average concurrency over the panic window which is | |
| # panic-window-percentage of the stable-window. | |
| # When computing the panic window it will be rounded to the closest | |
| # whole second. | |
| panic-window-percentage: "10.0" | |
| # The percentage of the container concurrency target at which to | |
| # enter panic mode when reached within the panic window. | |
| panic-threshold-percentage: "200.0" | |
| # Max scale up rate limits the rate at which the autoscaler will | |
| # increase pod count. It is the maximum ratio of desired pods versus | |
| # observed pods. | |
| # Cannot less or equal to 1. | |
| # I.e with value of 2.0 the number of pods can at most go N to 2N | |
| # over single Autoscaler period (see tick-interval), but at least N to | |
| # N+1, if Autoscaler needs to scale up. | |
| max-scale-up-rate: "1000.0" | |
| # Max scale down rate limits the rate at which the autoscaler will | |
| # decrease pod count. It is the maximum ratio of observed pods versus | |
| # desired pods. | |
| # Cannot less or equal to 1. | |
| # I.e. with value of 2.0 the number of pods can at most go N to N/2 | |
| # over single Autoscaler evaluation period (see tick-interval), but at | |
| # least N to N-1, if Autoscaler needs to scale down. | |
| # Not yet used // TODO(vagababov) remove once other parts are ready. | |
| max-scale-down-rate: "2.0" | |
| # Scale to zero feature flag | |
| enable-scale-to-zero: "true" | |
| # Tick interval is the time between autoscaling calculations. | |
| tick-interval: "2s" | |
| # Dynamic parameters (take effect when config map is updated): | |
| # Scale to zero grace period is the time an inactive revision is left | |
| # running before it is scaled to zero (min: 30s). | |
| scale-to-zero-grace-period: "30s" | |
| # Enable graceful scaledown feature flag. | |
| # Once enabled, it allows the autoscaler to prioritize pods processing | |
| # fewer (or zero) requests for removal when scaling down. | |
| enable-graceful-scaledown: "false" | |
| # pod-autoscaler-class specifies the default pod autoscaler class | |
| # that should be used if none is specified. If omitted, the Knative | |
| # Horizontal Pod Autoscaler (KPA) is used by default. | |
| pod-autoscaler-class: "kpa.autoscaling.knative.dev" | |
| --- | |
| # Copyright 2019 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: config-defaults | |
| namespace: knative-serving | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| data: | |
| _example: | | |
| ################################ | |
| # # | |
| # EXAMPLE CONFIGURATION # | |
| # # | |
| ################################ | |
| # This block is not actually functional configuration, | |
| # but serves to illustrate the available configuration | |
| # options and document them in a way that is accessible | |
| # to users that `kubectl edit` this config map. | |
| # | |
| # These sample configuration options may be copied out of | |
| # this example block and unindented to be in the data block | |
| # to actually change the configuration. | |
| # revision-timeout-seconds contains the default number of | |
| # seconds to use for the revision's per-request timeout, if | |
| # none is specified. | |
| revision-timeout-seconds: "300" # 5 minutes | |
| # max-revision-timeout-seconds contains the maximum number of | |
| # seconds that can be used for revision-timeout-seconds. | |
| # This value must be greater than or equal to revision-timeout-seconds. | |
| # If omitted, the system default is used (600 seconds). | |
| max-revision-timeout-seconds: "600" # 10 minutes | |
| # revision-cpu-request contains the cpu allocation to assign | |
| # to revisions by default. If omitted, no value is specified | |
| # and the system default is used. | |
| revision-cpu-request: "400m" # 0.4 of a CPU (aka 400 milli-CPU) | |
| # revision-memory-request contains the memory allocation to assign | |
| # to revisions by default. If omitted, no value is specified | |
| # and the system default is used. | |
| revision-memory-request: "100M" # 100 megabytes of memory | |
| # revision-cpu-limit contains the cpu allocation to limit | |
| # revisions to by default. If omitted, no value is specified | |
| # and the system default is used. | |
| revision-cpu-limit: "1000m" # 1 CPU (aka 1000 milli-CPU) | |
| # revision-memory-limit contains the memory allocation to limit | |
| # revisions to by default. If omitted, no value is specified | |
| # and the system default is used. | |
| revision-memory-limit: "200M" # 200 megabytes of memory | |
| # container-name-template contains a template for the default | |
| # container name, if none is specified. This field supports | |
| # Go templating and is supplied with the ObjectMeta of the | |
| # enclosing Service or Configuration, so values such as | |
| # {{.Name}} are also valid. | |
| container-name-template: "user-container" | |
| # container-concurrency specifies the maximum number | |
| # of requests the Container can handle at once, and requests | |
| # above this threshold are queued. Setting a value of zero | |
| # disables this throttling and lets through as many requests as | |
| # the pod receives. | |
| container-concurrency: "0" | |
| --- | |
| # Copyright 2019 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: config-deployment | |
| namespace: knative-serving | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| data: | |
| # This is the Go import path for the binary that is containerized | |
| # and substituted here. | |
| queueSidecarImage: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:0fad95e6903c53dbfb73deb7d04f54fea8e417ffff1ba9be7ae8464120ae11ec | |
| _example: | | |
| ################################ | |
| # # | |
| # EXAMPLE CONFIGURATION # | |
| # # | |
| ################################ | |
| # This block is not actually functional configuration, | |
| # but serves to illustrate the available configuration | |
| # options and document them in a way that is accessible | |
| # to users that `kubectl edit` this config map. | |
| # | |
| # These sample configuration options may be copied out of | |
| # this example block and unindented to be in the data block | |
| # to actually change the configuration. | |
| # List of repositories for which tag to digest resolving should be skipped | |
| registriesSkippingTagResolving: "ko.local,dev.local" | |
| --- | |
| # Copyright 2018 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: config-domain | |
| namespace: knative-serving | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| data: | |
| _example: | | |
| ################################ | |
| # # | |
| # EXAMPLE CONFIGURATION # | |
| # # | |
| ################################ | |
| # This block is not actually functional configuration, | |
| # but serves to illustrate the available configuration | |
| # options and document them in a way that is accessible | |
| # to users that `kubectl edit` this config map. | |
| # | |
| # These sample configuration options may be copied out of | |
| # this example block and unindented to be in the data block | |
| # to actually change the configuration. | |
| # Default value for domain. | |
| # Although it will match all routes, it is the least-specific rule so it | |
| # will only be used if no other domain matches. | |
| example.com: | | |
| # These are example settings of domain. | |
| # example.org will be used for routes having app=nonprofit. | |
| example.org: | | |
| selector: | |
| app: nonprofit | |
| # Routes having domain suffix of 'svc.cluster.local' will not be exposed | |
| # through Ingress. You can define your own label selector to assign that | |
| # domain suffix to your Route here, or you can set the label | |
| # "serving.knative.dev/visibility=cluster-local" | |
| # to achieve the same effect. This shows how to make routes having | |
| # the label app=secret only exposed to the local cluster. | |
| svc.cluster.local: | | |
| selector: | |
| app: secret | |
| --- | |
| # Copyright 2018 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: config-gc | |
| namespace: knative-serving | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| data: | |
| _example: | | |
| ################################ | |
| # # | |
| # EXAMPLE CONFIGURATION # | |
| # # | |
| ################################ | |
| # This block is not actually functional configuration, | |
| # but serves to illustrate the available configuration | |
| # options and document them in a way that is accessible | |
| # to users that `kubectl edit` this config map. | |
| # | |
| # These sample configuration options may be copied out of | |
| # this example block and unindented to be in the data block | |
| # to actually change the configuration. | |
| # Delay after revision creation before considering it for GC | |
| stale-revision-create-delay: "48h" | |
| # Duration since a route has pointed at the revision before it | |
| # should be GC'd. | |
| # This minus lastpinned-debounce must be longer than the controller | |
| # resync period (10 hours). | |
| stale-revision-timeout: "15h" | |
| # Minimum number of generations of revisions to keep before considering | |
| # them for GC | |
| stale-revision-minimum-generations: "20" | |
| # To avoid constant updates, we allow an existing annotation to be stale by this | |
| # amount before we update the timestamp. | |
| stale-revision-lastpinned-debounce: "5h" | |
| --- | |
| # Copyright 2020 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: config-leader-election | |
| namespace: knative-serving | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| data: | |
| # An inactive but valid configuration follows; see example. | |
| resourceLock: "leases" | |
| leaseDuration: "15s" | |
| renewDeadline: "10s" | |
| retryPeriod: "2s" | |
| _example: | | |
| ################################ | |
| # # | |
| # EXAMPLE CONFIGURATION # | |
| # # | |
| ################################ | |
| # This block is not actually functional configuration, | |
| # but serves to illustrate the available configuration | |
| # options and document them in a way that is accessible | |
| # to users that `kubectl edit` this config map. | |
| # | |
| # These sample configuration options may be copied out of | |
| # this example block and unindented to be in the data block | |
| # to actually change the configuration. | |
| # resourceLock controls which API resource is used as the basis for the | |
| # leader election lock. Valid values are: | |
| # | |
| # - leases -> use the coordination API | |
| # - configmaps -> use configmaps | |
| # - endpoints -> use endpoints | |
| resourceLock: "leases" | |
| # leaseDuration is how long non-leaders will wait to try to acquire the | |
| # lock; 15 seconds is the value used by core kubernetes controllers. | |
| leaseDuration: "15s" | |
| # renewDeadline is how long a leader will try to renew the lease before | |
| # giving up; 10 seconds is the value used by core kubernetes controllers. | |
| renewDeadline: "10s" | |
| # retryPeriod is how long the leader election client waits between tries of | |
| # actions; 2 seconds is the value used by core kubernetes controllers. | |
| retryPeriod: "2s" | |
| # enabledComponents is a comma-delimited list of component names for which | |
| # leader election is enabled. Valid values are: | |
| # | |
| # - controller | |
| # - hpaautoscaler | |
| # - certcontroller | |
| # - istiocontroller | |
| # - nscontroller | |
| enabledComponents: "controller,hpaautoscaler,certcontroller,istiocontroller,nscontroller" | |
| --- | |
| # Copyright 2018 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: config-logging | |
| namespace: knative-serving | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| data: | |
| _example: | | |
| ################################ | |
| # # | |
| # EXAMPLE CONFIGURATION # | |
| # # | |
| ################################ | |
| # This block is not actually functional configuration, | |
| # but serves to illustrate the available configuration | |
| # options and document them in a way that is accessible | |
| # to users that `kubectl edit` this config map. | |
| # | |
| # These sample configuration options may be copied out of | |
| # this example block and unindented to be in the data block | |
| # to actually change the configuration. | |
| # Common configuration for all Knative codebase | |
| zap-logger-config: | | |
| { | |
| "level": "info", | |
| "development": false, | |
| "outputPaths": ["stdout"], | |
| "errorOutputPaths": ["stderr"], | |
| "encoding": "json", | |
| "encoderConfig": { | |
| "timeKey": "ts", | |
| "levelKey": "level", | |
| "nameKey": "logger", | |
| "callerKey": "caller", | |
| "messageKey": "msg", | |
| "stacktraceKey": "stacktrace", | |
| "lineEnding": "", | |
| "levelEncoder": "", | |
| "timeEncoder": "iso8601", | |
| "durationEncoder": "", | |
| "callerEncoder": "" | |
| } | |
| } | |
| # Log level overrides | |
| # For all components except the autoscaler and queue proxy, | |
| # changes are be picked up immediately. | |
| # For autoscaler and queue proxy, changes require recreation of the pods. | |
| loglevel.controller: "info" | |
| loglevel.autoscaler: "info" | |
| loglevel.queueproxy: "info" | |
| loglevel.webhook: "info" | |
| loglevel.activator: "info" | |
| --- | |
| # Copyright 2018 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: config-network | |
| namespace: knative-serving | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| data: | |
| _example: | | |
| ################################ | |
| # # | |
| # EXAMPLE CONFIGURATION # | |
| # # | |
| ################################ | |
| # This block is not actually functional configuration, | |
| # but serves to illustrate the available configuration | |
| # options and document them in a way that is accessible | |
| # to users that `kubectl edit` this config map. | |
| # | |
| # These sample configuration options may be copied out of | |
| # this example block and unindented to be in the data block | |
| # to actually change the configuration. | |
| # DEPRECATED: | |
| # istio.sidecar.includeOutboundIPRanges is obsolete. | |
| # The current versions have outbound network access enabled by default. | |
| # If you need this option for some reason, please use global.proxy.includeIPRanges in Istio. | |
| # | |
| # istio.sidecar.includeOutboundIPRanges: "*" | |
| # ingress.class specifies the default ingress class | |
| # to use when not dictated by Route annotation. | |
| # | |
| # If not specified, will use the Istio ingress. | |
| # | |
| # Note that changing the Ingress class of an existing Route | |
| # will result in undefined behavior. Therefore it is best to only | |
| # update this value during the setup of Knative, to avoid getting | |
| # undefined behavior. | |
| ingress.class: "istio.ingress.networking.knative.dev" | |
| # certificate.class specifies the default Certificate class | |
| # to use when not dictated by Route annotation. | |
| # | |
| # If not specified, will use the Cert-Manager Certificate. | |
| # | |
| # Note that changing the Certificate class of an existing Route | |
| # will result in undefined behavior. Therefore it is best to only | |
| # update this value during the setup of Knative, to avoid getting | |
| # undefined behavior. | |
| certificate.class: "cert-manager.certificate.networking.knative.dev" | |
| # domainTemplate specifies the golang text template string to use | |
| # when constructing the Knative service's DNS name. The default | |
| # value is "{{.Name}}.{{.Namespace}}.{{.Domain}}". And those three | |
| # values (Name, Namespace, Domain) are the only variables defined. | |
| # | |
| # Changing this value might be necessary when the extra levels in | |
| # the domain name generated is problematic for wildcard certificates | |
| # that only support a single level of domain name added to the | |
| # certificate's domain. In those cases you might consider using a value | |
| # of "{{.Name}}-{{.Namespace}}.{{.Domain}}", or removing the Namespace | |
| # entirely from the template. When choosing a new value be thoughtful | |
| # of the potential for conflicts - for example, when users choose to use | |
| # characters such as `-` in their service, or namespace, names. | |
| # {{.Annotations}} can be used for any customization in the go template if needed. | |
| # We strongly recommend keeping namespace part of the template to avoid domain name clashes | |
| # Example '{{.Name}}-{{.Namespace}}.{{ index .Annotations "sub"}}.{{.Domain}}' | |
| # and you have an annotation {"sub":"foo"}, then the generated template would be {Name}-{Namespace}.foo.{Domain} | |
| domainTemplate: "{{.Name}}.{{.Namespace}}.{{.Domain}}" | |
| # tagTemplate specifies the golang text template string to use | |
| # when constructing the DNS name for "tags" within the traffic blocks | |
| # of Routes and Configuration. This is used in conjunction with the | |
| # domainTemplate above to determine the full URL for the tag. | |
| tagTemplate: "{{.Tag}}-{{.Name}}" | |
| # Controls whether TLS certificates are automatically provisioned and | |
| # installed in the Knative ingress to terminate external TLS connection. | |
| # 1. Enabled: enabling auto-TLS feature. | |
| # 2. Disabled: disabling auto-TLS feature. | |
| autoTLS: "Disabled" | |
| # Controls the behavior of the HTTP endpoint for the Knative ingress. | |
| # It requires autoTLS to be enabled. | |
| # 1. Enabled: The Knative ingress will be able to serve HTTP connection. | |
| # 2. Disabled: The Knative ingress will reject HTTP traffic. | |
| # 3. Redirected: The Knative ingress will send a 302 redirect for all | |
| # http connections, asking the clients to use HTTPS | |
| httpProtocol: "Enabled" | |
| --- | |
| # Copyright 2018 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: config-observability | |
| namespace: knative-serving | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| data: | |
| _example: | | |
| ################################ | |
| # # | |
| # EXAMPLE CONFIGURATION # | |
| # # | |
| ################################ | |
| # This block is not actually functional configuration, | |
| # but serves to illustrate the available configuration | |
| # options and document them in a way that is accessible | |
| # to users that `kubectl edit` this config map. | |
| # | |
| # These sample configuration options may be copied out of | |
| # this example block and unindented to be in the data block | |
| # to actually change the configuration. | |
| # logging.enable-var-log-collection defaults to false. | |
| # The fluentd daemon set will be set up to collect /var/log if | |
| # this flag is true. | |
| logging.enable-var-log-collection: "false" | |
| # logging.revision-url-template provides a template to use for producing the | |
| # logging URL that is injected into the status of each Revision. | |
| # This value is what you might use the the Knative monitoring bundle, and provides | |
| # access to Kibana after setting up kubectl proxy. | |
| logging.revision-url-template: | | |
| http://localhost:8001/api/v1/namespaces/knative-monitoring/services/kibana-logging/proxy/app/kibana#/discover?_a=(query:(match:(kubernetes.labels.serving-knative-dev%2FrevisionUID:(query:'${REVISION_UID}',type:phrase)))) | |
| # If non-empty, this enables queue proxy writing user request logs to stdout, excluding probe | |
| # requests. | |
| # The value determines the shape of the request logs and it must be a valid go text/template. | |
| # It is important to keep this as a single line. Multiple lines are parsed as separate entities | |
| # by most collection agents and will split the request logs into multiple records. | |
| # | |
| # The following fields and functions are available to the template: | |
| # | |
| # Request: An http.Request (see https://golang.org/pkg/net/http/#Request) | |
| # representing an HTTP request received by the server. | |
| # | |
| # Response: | |
| # struct { | |
| # Code int // HTTP status code (see https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml) | |
| # Size int // An int representing the size of the response. | |
| # Latency float64 // A float64 representing the latency of the response in seconds. | |
| # } | |
| # | |
| # Revision: | |
| # struct { | |
| # Name string // Knative revision name | |
| # Namespace string // Knative revision namespace | |
| # Service string // Knative service name | |
| # Configuration string // Knative configuration name | |
| # PodName string // Name of the pod hosting the revision | |
| # PodIP string // IP of the pod hosting the revision | |
| # } | |
| # | |
| logging.request-log-template: '{"httpRequest": {"requestMethod": "{{.Request.Method}}", "requestUrl": "{{js .Request.RequestURI}}", "requestSize": "{{.Request.ContentLength}}", "status": {{.Response.Code}}, "responseSize": "{{.Response.Size}}", "userAgent": "{{js .Request.UserAgent}}", "remoteIp": "{{js .Request.RemoteAddr}}", "serverIp": "{{.Revision.PodIP}}", "referer": "{{js .Request.Referer}}", "latency": "{{.Response.Latency}}s", "protocol": "{{.Request.Proto}}"}, "traceId": "{{index .Request.Header "X-B3-Traceid"}}"}' | |
| # If true, this enables queue proxy writing request logs for probe requests to stdout. | |
| # It uses the same template for user requests, i.e. logging.request-log-template. | |
| logging.enable-probe-request-log: "false" | |
| # metrics.backend-destination field specifies the system metrics destination. | |
| # It supports either prometheus (the default) or stackdriver. | |
| # Note: Using stackdriver will incur additional charges | |
| metrics.backend-destination: prometheus | |
| # metrics.request-metrics-backend-destination specifies the request metrics | |
| # destination. It enables queue proxy to send request metrics. | |
| # Currently supported values: prometheus (the default), stackdriver. | |
| metrics.request-metrics-backend-destination: prometheus | |
| # metrics.stackdriver-project-id field specifies the stackdriver project ID. This | |
| # field is optional. When running on GCE, application default credentials will be | |
| # used if this field is not provided. | |
| metrics.stackdriver-project-id: "<your stackdriver project id>" | |
| # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to | |
| # Stackdriver using "global" resource type and custom metric type if the | |
| # metrics are not supported by "knative_revision" resource type. Setting this | |
| # flag to "true" could cause extra Stackdriver charge. | |
| # If metrics.backend-destination is not Stackdriver, this is ignored. | |
| metrics.allow-stackdriver-custom-metrics: "false" | |
| # profiling.enable indicates whether it is allowed to retrieve runtime profiling data from | |
| # the pods via an HTTP server in the format expected by the pprof visualization tool. When | |
| # enabled, the Knative Serving pods expose the profiling data on an alternate HTTP port 8008. | |
| # The HTTP context root for profiling is then /debug/pprof/. | |
| profiling.enable: "false" | |
| --- | |
| # Copyright 2019 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: config-tracing | |
| namespace: knative-serving | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| data: | |
| _example: | | |
| ################################ | |
| # # | |
| # EXAMPLE CONFIGURATION # | |
| # # | |
| ################################ | |
| # This block is not actually functional configuration, | |
| # but serves to illustrate the available configuration | |
| # options and document them in a way that is accessible | |
| # to users that `kubectl edit` this config map. | |
| # | |
| # These sample configuration options may be copied out of | |
| # this example block and unindented to be in the data block | |
| # to actually change the configuration. | |
| # | |
| # This may be "zipkin" or "stackdriver", the default is "none" | |
| backend: "none" | |
| # URL to zipkin collector where traces are sent. | |
| # This must be specified when backend is "zipkin" | |
| zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans" | |
| # The GCP project into which stackdriver metrics will be written | |
| # when backend is "stackdriver". If unspecified, the project-id | |
| # is read from GCP metadata when running on GCP. | |
| stackdriver-project-id: "my-project" | |
| # Enable zipkin debug mode. This allows all spans to be sent to the server | |
| # bypassing sampling. | |
| debug: "false" | |
| # Percentage (0-1) of requests to trace | |
| sample-rate: "0.1" | |
| --- | |
| # Copyright 2020 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: autoscaling/v2beta1 | |
| kind: HorizontalPodAutoscaler | |
| metadata: | |
| name: activator | |
| namespace: knative-serving | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| spec: | |
| minReplicas: 1 | |
| maxReplicas: 20 | |
| scaleTargetRef: | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| name: activator | |
| metrics: | |
| - type: Resource | |
| resource: | |
| name: cpu | |
| # Percentage of the requested CPU | |
| targetAverageUtilization: 100 | |
| --- | |
| # Copyright 2018 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: activator | |
| namespace: knative-serving | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| spec: | |
| selector: | |
| matchLabels: | |
| app: activator | |
| role: activator | |
| template: | |
| metadata: | |
| annotations: | |
| cluster-autoscaler.kubernetes.io/safe-to-evict: "false" | |
| labels: | |
| app: activator | |
| role: activator | |
| serving.knative.dev/release: "v0.13.0" | |
| spec: | |
| serviceAccountName: controller | |
| containers: | |
| - name: activator | |
| # This is the Go import path for the binary that is containerized | |
| # and substituted here. | |
| image: gcr.io/knative-releases/knative.dev/serving/cmd/activator@sha256:48e669a1ddf2c56a44e67412dcb713baecb4a45683575f693c958cebb9858641 | |
| # The numbers are based on performance test results from | |
| # https://github.com/knative/serving/issues/1625#issuecomment-511930023 | |
| resources: | |
| requests: | |
| cpu: 300m | |
| memory: 60Mi | |
| limits: | |
| cpu: 1000m | |
| memory: 600Mi | |
| env: | |
| - # Run Activator with GC collection when newly generated memory is 500%. | |
| name: GOGC | |
| value: "500" | |
| - name: POD_NAME | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.name | |
| - name: POD_IP | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: status.podIP | |
| - name: SYSTEM_NAMESPACE | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.namespace | |
| - name: CONFIG_LOGGING_NAME | |
| value: config-logging | |
| - name: CONFIG_OBSERVABILITY_NAME | |
| value: config-observability | |
| - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config | |
| name: METRICS_DOMAIN | |
| value: knative.dev/internal/serving | |
| securityContext: | |
| allowPrivilegeEscalation: false | |
| ports: | |
| - name: metrics | |
| containerPort: 9090 | |
| - name: profiling | |
| containerPort: 8008 | |
| - name: http1 | |
| containerPort: 8012 | |
| - name: h2c | |
| containerPort: 8013 | |
| readinessProbe: &probe | |
| httpGet: | |
| port: 8012 | |
| httpHeaders: | |
| - name: k-kubelet-probe | |
| value: "activator" | |
| livenessProbe: *probe | |
| # The activator (often) sits on the dataplane, and may proxy long (e.g. | |
| # streaming, websockets) requests. We give a long grace period for the | |
| # activator to "lame duck" and drain outstanding requests before we | |
| # forcibly terminate the pod (and outstanding connections). This value | |
| # should be at least as large as the upper bound on the Revision's | |
| # timeoutSeconds property to avoid servicing events disrupting | |
| # connections. | |
| terminationGracePeriodSeconds: 300 | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: activator-service | |
| namespace: knative-serving | |
| labels: | |
| app: activator | |
| serving.knative.dev/release: "v0.13.0" | |
| spec: | |
| selector: | |
| app: activator | |
| ports: | |
| - # Define metrics and profiling for them to be accessible within service meshes. | |
| name: http-metrics | |
| port: 9090 | |
| targetPort: 9090 | |
| - name: http-profiling | |
| port: 8008 | |
| targetPort: 8008 | |
| - name: http | |
| port: 80 | |
| targetPort: 8012 | |
| - name: http2 | |
| port: 81 | |
| targetPort: 8013 | |
| type: ClusterIP | |
| --- | |
| # Copyright 2018 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: autoscaler | |
| namespace: knative-serving | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| app: autoscaler | |
| template: | |
| metadata: | |
| annotations: | |
| cluster-autoscaler.kubernetes.io/safe-to-evict: "false" | |
| labels: | |
| app: autoscaler | |
| serving.knative.dev/release: "v0.13.0" | |
| spec: | |
| serviceAccountName: controller | |
| containers: | |
| - name: autoscaler | |
| # This is the Go import path for the binary that is containerized | |
| # and substituted here. | |
| image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler@sha256:941639c7ef25f189e33e92f1b3b0bc7a3908bb0ab5a036c5eb3f270f5774b341 | |
| resources: | |
| requests: | |
| cpu: 30m | |
| memory: 40Mi | |
| limits: | |
| cpu: 300m | |
| memory: 400Mi | |
| env: | |
| - name: SYSTEM_NAMESPACE | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.namespace | |
| - name: CONFIG_LOGGING_NAME | |
| value: config-logging | |
| - name: CONFIG_OBSERVABILITY_NAME | |
| value: config-observability | |
| - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config | |
| name: METRICS_DOMAIN | |
| value: knative.dev/serving | |
| securityContext: | |
| allowPrivilegeEscalation: false | |
| ports: | |
| - name: metrics | |
| containerPort: 9090 | |
| - name: profiling | |
| containerPort: 8008 | |
| - name: websocket | |
| containerPort: 8080 | |
| - name: custom-metrics | |
| containerPort: 8443 | |
| readinessProbe: &probe | |
| httpGet: | |
| port: 8080 | |
| httpHeaders: | |
| - name: k-kubelet-probe | |
| value: "autoscaler" | |
| livenessProbe: *probe | |
| args: | |
| - "--secure-port=8443" | |
| - "--cert-dir=/tmp" | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| labels: | |
| app: autoscaler | |
| serving.knative.dev/release: "v0.13.0" | |
| name: autoscaler | |
| namespace: knative-serving | |
| spec: | |
| ports: | |
| - # Define metrics and profiling for them to be accessible within service meshes. | |
| name: http-metrics | |
| port: 9090 | |
| targetPort: 9090 | |
| - name: http-profiling | |
| port: 8008 | |
| targetPort: 8008 | |
| - name: http | |
| port: 8080 | |
| targetPort: 8080 | |
| - name: https-custom-metrics | |
| port: 443 | |
| targetPort: 8443 | |
| selector: | |
| app: autoscaler | |
| --- | |
| # Copyright 2018 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: controller | |
| namespace: knative-serving | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| spec: | |
| selector: | |
| matchLabels: | |
| app: controller | |
| template: | |
| metadata: | |
| annotations: | |
| cluster-autoscaler.kubernetes.io/safe-to-evict: "true" | |
| labels: | |
| app: controller | |
| serving.knative.dev/release: "v0.13.0" | |
| spec: | |
| serviceAccountName: controller | |
| containers: | |
| - name: controller | |
| # This is the Go import path for the binary that is containerized | |
| # and substituted here. | |
| image: gcr.io/knative-releases/knative.dev/serving/cmd/controller@sha256:12512eaf4bac15bab1adbf3968723e74108331e06173d9b56d76ff5362ff9851 | |
| resources: | |
| requests: | |
| cpu: 100m | |
| memory: 100Mi | |
| limits: | |
| cpu: 1000m | |
| memory: 1000Mi | |
| env: | |
| - name: SYSTEM_NAMESPACE | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.namespace | |
| - name: CONFIG_LOGGING_NAME | |
| value: config-logging | |
| - name: CONFIG_OBSERVABILITY_NAME | |
| value: config-observability | |
| - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config | |
| name: METRICS_DOMAIN | |
| value: knative.dev/internal/serving | |
| securityContext: | |
| allowPrivilegeEscalation: false | |
| ports: | |
| - name: metrics | |
| containerPort: 9090 | |
| - name: profiling | |
| containerPort: 8008 | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| labels: | |
| app: controller | |
| serving.knative.dev/release: "v0.13.0" | |
| name: controller | |
| namespace: knative-serving | |
| spec: | |
| ports: | |
| - # Define metrics and profiling for them to be accessible within service meshes. | |
| name: http-metrics | |
| port: 9090 | |
| targetPort: 9090 | |
| - name: http-profiling | |
| port: 8008 | |
| targetPort: 8008 | |
| selector: | |
| app: controller | |
| --- | |
| # Copyright 2018 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: webhook | |
| namespace: knative-serving | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| spec: | |
| selector: | |
| matchLabels: | |
| app: webhook | |
| role: webhook | |
| template: | |
| metadata: | |
| annotations: | |
| cluster-autoscaler.kubernetes.io/safe-to-evict: "false" | |
| labels: | |
| app: webhook | |
| role: webhook | |
| serving.knative.dev/release: "v0.13.0" | |
| spec: | |
| serviceAccountName: controller | |
| containers: | |
| - name: webhook | |
| # This is the Go import path for the binary that is containerized | |
| # and substituted here. | |
| image: gcr.io/knative-releases/knative.dev/serving/cmd/webhook@sha256:d33d129262f03921715c0f2e4cc4fae7b626438c907047df60e0f0f41688fbc2 | |
| resources: | |
| requests: | |
| cpu: 20m | |
| memory: 20Mi | |
| limits: | |
| cpu: 200m | |
| memory: 200Mi | |
| env: | |
| - name: SYSTEM_NAMESPACE | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.namespace | |
| - name: CONFIG_LOGGING_NAME | |
| value: config-logging | |
| - name: CONFIG_OBSERVABILITY_NAME | |
| value: config-observability | |
| - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config | |
| name: METRICS_DOMAIN | |
| value: knative.dev/serving | |
| securityContext: | |
| allowPrivilegeEscalation: false | |
| ports: | |
| - name: metrics | |
| containerPort: 9090 | |
| - name: profiling | |
| containerPort: 8008 | |
| - name: https-webhook | |
| containerPort: 8443 | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| labels: | |
| role: webhook | |
| serving.knative.dev/release: "v0.13.0" | |
| name: webhook | |
| namespace: knative-serving | |
| spec: | |
| ports: | |
| - # Define metrics and profiling for them to be accessible within service meshes. | |
| name: http-metrics | |
| port: 9090 | |
| targetPort: 9090 | |
| - name: http-profiling | |
| port: 8008 | |
| targetPort: 8008 | |
| - name: https-webhook | |
| port: 443 | |
| targetPort: 8443 | |
| selector: | |
| role: webhook | |
| --- | |
| # Copyright 2019 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: apiextensions.k8s.io/v1beta1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| name: certificates.networking.internal.knative.dev | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| knative.dev/crd-install: "true" | |
| spec: | |
| group: networking.internal.knative.dev | |
| version: v1alpha1 | |
| names: | |
| kind: Certificate | |
| plural: certificates | |
| singular: certificate | |
| categories: | |
| - knative-internal | |
| - networking | |
| shortNames: | |
| - kcert | |
| scope: Namespaced | |
| subresources: | |
| status: {} | |
| additionalPrinterColumns: | |
| - name: Ready | |
| type: string | |
| JSONPath: ".status.conditions[?(@.type==\"Ready\")].status" | |
| - name: Reason | |
| type: string | |
| JSONPath: ".status.conditions[?(@.type==\"Ready\")].reason" | |
| --- | |
| # Copyright 2019 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: apiextensions.k8s.io/v1beta1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| name: configurations.serving.knative.dev | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| knative.dev/crd-install: "true" | |
| duck.knative.dev/podspecable: "true" | |
| spec: | |
| group: serving.knative.dev | |
| preserveUnknownFields: false | |
| validation: | |
| openAPIV3Schema: | |
| type: object | |
| # this is a work around so we don't need to flush out the | |
| # schema for each version at this time | |
| # | |
| # see issue: https://github.com/knative/serving/issues/912 | |
| x-kubernetes-preserve-unknown-fields: true | |
| versions: | |
| - name: v1alpha1 | |
| served: true | |
| storage: true | |
| - name: v1beta1 | |
| served: true | |
| storage: false | |
| - name: v1 | |
| served: true | |
| storage: false | |
| names: | |
| kind: Configuration | |
| plural: configurations | |
| singular: configuration | |
| categories: | |
| - all | |
| - knative | |
| - serving | |
| shortNames: | |
| - config | |
| - cfg | |
| scope: Namespaced | |
| subresources: | |
| status: {} | |
| conversion: | |
| strategy: Webhook | |
| webhookClientConfig: | |
| service: | |
| name: webhook | |
| namespace: knative-serving | |
| additionalPrinterColumns: | |
| - name: LatestCreated | |
| type: string | |
| JSONPath: .status.latestCreatedRevisionName | |
| - name: LatestReady | |
| type: string | |
| JSONPath: .status.latestReadyRevisionName | |
| - name: Ready | |
| type: string | |
| JSONPath: ".status.conditions[?(@.type=='Ready')].status" | |
| - name: Reason | |
| type: string | |
| JSONPath: ".status.conditions[?(@.type=='Ready')].reason" | |
| --- | |
| # Copyright 2019 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: apiextensions.k8s.io/v1beta1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| name: ingresses.networking.internal.knative.dev | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| knative.dev/crd-install: "true" | |
| spec: | |
| group: networking.internal.knative.dev | |
| versions: | |
| - name: v1alpha1 | |
| served: true | |
| storage: true | |
| names: | |
| kind: Ingress | |
| plural: ingresses | |
| singular: ingress | |
| categories: | |
| - knative-internal | |
| - networking | |
| shortNames: | |
| - kingress | |
| - king | |
| scope: Namespaced | |
| subresources: | |
| status: {} | |
| additionalPrinterColumns: | |
| - name: Ready | |
| type: string | |
| JSONPath: ".status.conditions[?(@.type=='Ready')].status" | |
| - name: Reason | |
| type: string | |
| JSONPath: ".status.conditions[?(@.type=='Ready')].reason" | |
| --- | |
| # Copyright 2019 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: apiextensions.k8s.io/v1beta1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| name: metrics.autoscaling.internal.knative.dev | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| knative.dev/crd-install: "true" | |
| spec: | |
| group: autoscaling.internal.knative.dev | |
| version: v1alpha1 | |
| names: | |
| kind: Metric | |
| plural: metrics | |
| singular: metric | |
| categories: | |
| - knative-internal | |
| - autoscaling | |
| scope: Namespaced | |
| subresources: | |
| status: {} | |
| additionalPrinterColumns: | |
| - name: Ready | |
| type: string | |
| JSONPath: ".status.conditions[?(@.type=='Ready')].status" | |
| - name: Reason | |
| type: string | |
| JSONPath: ".status.conditions[?(@.type=='Ready')].reason" | |
| --- | |
| # Copyright 2018 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: apiextensions.k8s.io/v1beta1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| name: podautoscalers.autoscaling.internal.knative.dev | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| knative.dev/crd-install: "true" | |
| spec: | |
| group: autoscaling.internal.knative.dev | |
| versions: | |
| - name: v1alpha1 | |
| served: true | |
| storage: true | |
| names: | |
| kind: PodAutoscaler | |
| plural: podautoscalers | |
| singular: podautoscaler | |
| categories: | |
| - knative-internal | |
| - autoscaling | |
| shortNames: | |
| - kpa | |
| - pa | |
| scope: Namespaced | |
| subresources: | |
| status: {} | |
| additionalPrinterColumns: | |
| - name: DesiredScale | |
| type: integer | |
| JSONPath: ".status.desiredScale" | |
| - name: ActualScale | |
| type: integer | |
| JSONPath: ".status.actualScale" | |
| - name: Ready | |
| type: string | |
| JSONPath: ".status.conditions[?(@.type=='Ready')].status" | |
| - name: Reason | |
| type: string | |
| JSONPath: ".status.conditions[?(@.type=='Ready')].reason" | |
| --- | |
| # Copyright 2019 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: apiextensions.k8s.io/v1beta1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| name: revisions.serving.knative.dev | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| knative.dev/crd-install: "true" | |
| spec: | |
| group: serving.knative.dev | |
| preserveUnknownFields: false | |
| validation: | |
| openAPIV3Schema: | |
| type: object | |
| # this is a work around so we don't need to flush out the | |
| # schema for each version at this time | |
| # | |
| # see issue: https://github.com/knative/serving/issues/912 | |
| x-kubernetes-preserve-unknown-fields: true | |
| versions: | |
| - name: v1alpha1 | |
| served: true | |
| storage: true | |
| - name: v1beta1 | |
| served: true | |
| storage: false | |
| - name: v1 | |
| served: true | |
| storage: false | |
| names: | |
| kind: Revision | |
| plural: revisions | |
| singular: revision | |
| categories: | |
| - all | |
| - knative | |
| - serving | |
| shortNames: | |
| - rev | |
| scope: Namespaced | |
| subresources: | |
| status: {} | |
| conversion: | |
| strategy: Webhook | |
| webhookClientConfig: | |
| service: | |
| name: webhook | |
| namespace: knative-serving | |
| additionalPrinterColumns: | |
| - name: Config Name | |
| type: string | |
| JSONPath: ".metadata.labels['serving\\.knative\\.dev/configuration']" | |
| - name: K8s Service Name | |
| type: string | |
| JSONPath: ".status.serviceName" | |
| - name: Generation | |
| type: string # int in string form :( | |
| JSONPath: ".metadata.labels['serving\\.knative\\.dev/configurationGeneration']" | |
| - name: Ready | |
| type: string | |
| JSONPath: ".status.conditions[?(@.type=='Ready')].status" | |
| - name: Reason | |
| type: string | |
| JSONPath: ".status.conditions[?(@.type=='Ready')].reason" | |
| --- | |
| # Copyright 2019 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: apiextensions.k8s.io/v1beta1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| name: routes.serving.knative.dev | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| knative.dev/crd-install: "true" | |
| duck.knative.dev/addressable: "true" | |
| spec: | |
| group: serving.knative.dev | |
| preserveUnknownFields: false | |
| validation: | |
| openAPIV3Schema: | |
| type: object | |
| # this is a work around so we don't need to flush out the | |
| # schema for each version at this time | |
| # | |
| # see issue: https://github.com/knative/serving/issues/912 | |
| x-kubernetes-preserve-unknown-fields: true | |
| versions: | |
| - name: v1alpha1 | |
| served: true | |
| storage: true | |
| - name: v1beta1 | |
| served: true | |
| storage: false | |
| - name: v1 | |
| served: true | |
| storage: false | |
| names: | |
| kind: Route | |
| plural: routes | |
| singular: route | |
| categories: | |
| - all | |
| - knative | |
| - serving | |
| shortNames: | |
| - rt | |
| scope: Namespaced | |
| subresources: | |
| status: {} | |
| conversion: | |
| strategy: Webhook | |
| webhookClientConfig: | |
| service: | |
| name: webhook | |
| namespace: knative-serving | |
| additionalPrinterColumns: | |
| - name: URL | |
| type: string | |
| JSONPath: .status.url | |
| - name: Ready | |
| type: string | |
| JSONPath: ".status.conditions[?(@.type=='Ready')].status" | |
| - name: Reason | |
| type: string | |
| JSONPath: ".status.conditions[?(@.type=='Ready')].reason" | |
| --- | |
| # Copyright 2019 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: apiextensions.k8s.io/v1beta1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| name: serverlessservices.networking.internal.knative.dev | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| knative.dev/crd-install: "true" | |
| spec: | |
| group: networking.internal.knative.dev | |
| versions: | |
| - name: v1alpha1 | |
| served: true | |
| storage: true | |
| names: | |
| kind: ServerlessService | |
| plural: serverlessservices | |
| singular: serverlessservice | |
| categories: | |
| - knative-internal | |
| - networking | |
| shortNames: | |
| - sks | |
| scope: Namespaced | |
| subresources: | |
| status: {} | |
| additionalPrinterColumns: | |
| - name: Mode | |
| type: string | |
| JSONPath: ".spec.mode" | |
| - name: ServiceName | |
| type: string | |
| JSONPath: ".status.serviceName" | |
| - name: PrivateServiceName | |
| type: string | |
| JSONPath: ".status.privateServiceName" | |
| - name: Ready | |
| type: string | |
| JSONPath: ".status.conditions[?(@.type=='Ready')].status" | |
| - name: Reason | |
| type: string | |
| JSONPath: ".status.conditions[?(@.type=='Ready')].reason" | |
| --- | |
| # Copyright 2019 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: apiextensions.k8s.io/v1beta1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| name: services.serving.knative.dev | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| knative.dev/crd-install: "true" | |
| duck.knative.dev/addressable: "true" | |
| duck.knative.dev/podspecable: "true" | |
| spec: | |
| group: serving.knative.dev | |
| preserveUnknownFields: false | |
| validation: | |
| openAPIV3Schema: | |
| type: object | |
| # this is a work around so we don't need to flush out the | |
| # schema for each version at this time | |
| # | |
| # see issue: https://github.com/knative/serving/issues/912 | |
| x-kubernetes-preserve-unknown-fields: true | |
| versions: | |
| - name: v1alpha1 | |
| served: true | |
| storage: true | |
| - name: v1beta1 | |
| served: true | |
| storage: false | |
| - name: v1 | |
| served: true | |
| storage: false | |
| names: | |
| kind: Service | |
| plural: services | |
| singular: service | |
| categories: | |
| - all | |
| - knative | |
| - serving | |
| shortNames: | |
| - kservice | |
| - ksvc | |
| scope: Namespaced | |
| subresources: | |
| status: {} | |
| conversion: | |
| strategy: Webhook | |
| webhookClientConfig: | |
| service: | |
| name: webhook | |
| namespace: knative-serving | |
| additionalPrinterColumns: | |
| - name: URL | |
| type: string | |
| JSONPath: .status.url | |
| - name: LatestCreated | |
| type: string | |
| JSONPath: .status.latestCreatedRevisionName | |
| - name: LatestReady | |
| type: string | |
| JSONPath: .status.latestReadyRevisionName | |
| - name: Ready | |
| type: string | |
| JSONPath: ".status.conditions[?(@.type=='Ready')].status" | |
| - name: Reason | |
| type: string | |
| JSONPath: ".status.conditions[?(@.type=='Ready')].reason" | |
| --- | |
| # Copyright 2019 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| kind: ClusterRole | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| metadata: | |
| name: knative-serving-addressable-resolver | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| # Labeled to facilitate aggregated cluster roles that act on Addressables. | |
| duck.knative.dev/addressable: "true" | |
| # Do not use this role directly. These rules will be added to the "addressable-resolver" role. | |
| rules: | |
| - apiGroups: | |
| - serving.knative.dev | |
| resources: | |
| - routes | |
| - routes/status | |
| - services | |
| - services/status | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| --- | |
| # Copyright 2019 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| kind: ClusterRole | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| metadata: | |
| name: knative-serving-namespaced-admin | |
| labels: | |
| rbac.authorization.k8s.io/aggregate-to-admin: "true" | |
| serving.knative.dev/release: "v0.13.0" | |
| rules: | |
| - apiGroups: ["serving.knative.dev", "networking.internal.knative.dev", "autoscaling.internal.knative.dev", | |
| "caching.internal.knative.dev"] | |
| resources: ["*"] | |
| verbs: ["*"] | |
| --- | |
| kind: ClusterRole | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| metadata: | |
| name: knative-serving-namespaced-edit | |
| labels: | |
| rbac.authorization.k8s.io/aggregate-to-edit: "true" | |
| serving.knative.dev/release: "v0.13.0" | |
| rules: | |
| - apiGroups: ["serving.knative.dev", "networking.internal.knative.dev", "autoscaling.internal.knative.dev", | |
| "caching.internal.knative.dev"] | |
| resources: ["*"] | |
| verbs: ["create", "update", "patch", "delete"] | |
| --- | |
| kind: ClusterRole | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| metadata: | |
| name: knative-serving-namespaced-view | |
| labels: | |
| rbac.authorization.k8s.io/aggregate-to-view: "true" | |
| serving.knative.dev/release: "v0.13.0" | |
| rules: | |
| - apiGroups: ["serving.knative.dev", "networking.internal.knative.dev", "autoscaling.internal.knative.dev", | |
| "caching.internal.knative.dev"] | |
| resources: ["*"] | |
| verbs: ["get", "list", "watch"] | |
| --- | |
| # Copyright 2019 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| kind: ClusterRole | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| metadata: | |
| name: knative-serving-core | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| serving.knative.dev/controller: "true" | |
| rules: | |
| - apiGroups: [""] | |
| resources: ["pods", "namespaces", "secrets", "configmaps", "endpoints", "services", | |
| "events", "serviceaccounts"] | |
| verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] | |
| - apiGroups: [""] | |
| resources: ["endpoints/restricted"] # Permission for RestrictedEndpointsAdmission | |
| verbs: ["create"] | |
| - apiGroups: ["apps"] | |
| resources: ["deployments", "deployments/finalizers"] # finalizers are needed for the owner reference of the webhook | |
| verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] | |
| - apiGroups: ["admissionregistration.k8s.io"] | |
| resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] | |
| verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] | |
| - apiGroups: ["apiextensions.k8s.io"] | |
| resources: ["customresourcedefinitions"] | |
| verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] | |
| - apiGroups: ["autoscaling"] | |
| resources: ["horizontalpodautoscalers"] | |
| verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] | |
| - apiGroups: ["coordination.k8s.io"] | |
| resources: ["leases"] | |
| verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] | |
| - apiGroups: ["serving.knative.dev", "autoscaling.internal.knative.dev", "networking.internal.knative.dev"] | |
| resources: ["*", "*/status", "*/finalizers"] | |
| verbs: ["get", "list", "create", "update", "delete", "deletecollection", "patch", | |
| "watch"] | |
| - apiGroups: ["caching.internal.knative.dev"] | |
| resources: ["images"] | |
| verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] | |
| --- | |
| # Copyright 2019 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| kind: ClusterRole | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| metadata: | |
| name: knative-serving-podspecable-binding | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| # Labeled to facilitate aggregated cluster roles that act on PodSpecables. | |
| duck.knative.dev/podspecable: "true" | |
| # Do not use this role directly. These rules will be added to the "podspecable-binder" role. | |
| rules: | |
| - apiGroups: | |
| - serving.knative.dev | |
| resources: | |
| - configurations | |
| - services | |
| verbs: | |
| - list | |
| - watch | |
| - patch | |
| --- | |
| # Copyright 2020 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: admissionregistration.k8s.io/v1beta1 | |
| kind: ValidatingWebhookConfiguration | |
| metadata: | |
| name: config.webhook.serving.knative.dev | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| webhooks: | |
| - admissionReviewVersions: | |
| - v1beta1 | |
| clientConfig: | |
| service: | |
| name: webhook | |
| namespace: knative-serving | |
| failurePolicy: Fail | |
| sideEffects: None | |
| name: config.webhook.serving.knative.dev | |
| namespaceSelector: | |
| matchExpressions: | |
| - key: serving.knative.dev/release | |
| operator: Exists | |
| --- | |
| # Copyright 2020 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: admissionregistration.k8s.io/v1beta1 | |
| kind: MutatingWebhookConfiguration | |
| metadata: | |
| name: webhook.serving.knative.dev | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| webhooks: | |
| - admissionReviewVersions: | |
| - v1beta1 | |
| clientConfig: | |
| service: | |
| name: webhook | |
| namespace: knative-serving | |
| failurePolicy: Fail | |
| sideEffects: None | |
| name: webhook.serving.knative.dev | |
| --- | |
| # Copyright 2020 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: admissionregistration.k8s.io/v1beta1 | |
| kind: ValidatingWebhookConfiguration | |
| metadata: | |
| name: validation.webhook.serving.knative.dev | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| webhooks: | |
| - admissionReviewVersions: | |
| - v1beta1 | |
| clientConfig: | |
| service: | |
| name: webhook | |
| namespace: knative-serving | |
| failurePolicy: Fail | |
| sideEffects: None | |
| name: validation.webhook.serving.knative.dev | |
| --- | |
| # Copyright 2020 The Knative Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| name: webhook-certs | |
| namespace: knative-serving | |
| labels: | |
| serving.knative.dev/release: "v0.13.0" | |
| # The data is populated at install time. | |
| --- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment