1---
2
3# Copyright 2018 The Knative Authors
4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9# https://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16
17apiVersion: v1
18kind: Namespace
19metadata:
20 name: knative-serving
21 labels:
22 serving.knative.dev/release: "v0.18.0"
23
24---
25# Copyright 2019 The Knative Authors
26#
27# Licensed under the Apache License, Version 2.0 (the "License");
28# you may not use this file except in compliance with the License.
29# You may obtain a copy of the License at
30#
31# https://www.apache.org/licenses/LICENSE-2.0
32#
33# Unless required by applicable law or agreed to in writing, software
34# distributed under the License is distributed on an "AS IS" BASIS,
35# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
36# See the License for the specific language governing permissions and
37# limitations under the License.
38
39kind: ClusterRole
40apiVersion: rbac.authorization.k8s.io/v1
41metadata:
42 name: knative-serving-addressable-resolver
43 labels:
44 serving.knative.dev/release: "v0.18.0"
45 # Labeled to facilitate aggregated cluster roles that act on Addressables.
46 duck.knative.dev/addressable: "true"
47# Do not use this role directly. These rules will be added to the "addressable-resolver" role.
48rules:
49- apiGroups:
50 - serving.knative.dev
51 resources:
52 - routes
53 - routes/status
54 - services
55 - services/status
56 verbs:
57 - get
58 - list
59 - watch
60
61---
62# Copyright 2019 The Knative Authors
63#
64# Licensed under the Apache License, Version 2.0 (the "License");
65# you may not use this file except in compliance with the License.
66# You may obtain a copy of the License at
67#
68# https://www.apache.org/licenses/LICENSE-2.0
69#
70# Unless required by applicable law or agreed to in writing, software
71# distributed under the License is distributed on an "AS IS" BASIS,
72# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
73# See the License for the specific language governing permissions and
74# limitations under the License.
75
76kind: ClusterRole
77apiVersion: rbac.authorization.k8s.io/v1
78metadata:
79 name: knative-serving-namespaced-admin
80 labels:
81 rbac.authorization.k8s.io/aggregate-to-admin: "true"
82 serving.knative.dev/release: "v0.18.0"
83rules:
84- apiGroups: ["serving.knative.dev"]
85 resources: ["*"]
86 verbs: ["*"]
87- apiGroups: ["networking.internal.knative.dev", "autoscaling.internal.knative.dev",
88 "caching.internal.knative.dev"]
89 resources: ["*"]
90 verbs: ["get", "list", "watch"]
91---
92kind: ClusterRole
93apiVersion: rbac.authorization.k8s.io/v1
94metadata:
95 name: knative-serving-namespaced-edit
96 labels:
97 rbac.authorization.k8s.io/aggregate-to-edit: "true"
98 serving.knative.dev/release: "v0.18.0"
99rules:
100- apiGroups: ["serving.knative.dev"]
101 resources: ["*"]
102 verbs: ["create", "update", "patch", "delete"]
103- apiGroups: ["networking.internal.knative.dev", "autoscaling.internal.knative.dev",
104 "caching.internal.knative.dev"]
105 resources: ["*"]
106 verbs: ["get", "list", "watch"]
107---
108kind: ClusterRole
109apiVersion: rbac.authorization.k8s.io/v1
110metadata:
111 name: knative-serving-namespaced-view
112 labels:
113 rbac.authorization.k8s.io/aggregate-to-view: "true"
114 serving.knative.dev/release: "v0.18.0"
115rules:
116- apiGroups: ["serving.knative.dev", "networking.internal.knative.dev", "autoscaling.internal.knative.dev",
117 "caching.internal.knative.dev"]
118 resources: ["*"]
119 verbs: ["get", "list", "watch"]
120
121---
122# Copyright 2019 The Knative Authors
123#
124# Licensed under the Apache License, Version 2.0 (the "License");
125# you may not use this file except in compliance with the License.
126# You may obtain a copy of the License at
127#
128# https://www.apache.org/licenses/LICENSE-2.0
129#
130# Unless required by applicable law or agreed to in writing, software
131# distributed under the License is distributed on an "AS IS" BASIS,
132# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
133# See the License for the specific language governing permissions and
134# limitations under the License.
135
136kind: ClusterRole
137apiVersion: rbac.authorization.k8s.io/v1
138metadata:
139 name: knative-serving-core
140 labels:
141 serving.knative.dev/release: "v0.18.0"
142 serving.knative.dev/controller: "true"
143rules:
144- apiGroups: [""]
145 resources: ["pods", "namespaces", "secrets", "configmaps", "endpoints", "services",
146 "events", "serviceaccounts"]
147 verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
148- apiGroups: [""]
149 resources: ["endpoints/restricted"] # Permission for RestrictedEndpointsAdmission
150 verbs: ["create"]
151- apiGroups: ["apps"]
152 resources: ["deployments", "deployments/finalizers"] # finalizers are needed for the owner reference of the webhook
153 verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
154- apiGroups: ["admissionregistration.k8s.io"]
155 resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"]
156 verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
157- apiGroups: ["apiextensions.k8s.io"]
158 resources: ["customresourcedefinitions", "customresourcedefinitions/status"]
159 verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
160- apiGroups: ["autoscaling"]
161 resources: ["horizontalpodautoscalers"]
162 verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
163- apiGroups: ["coordination.k8s.io"]
164 resources: ["leases"]
165 verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
166- apiGroups: ["serving.knative.dev", "autoscaling.internal.knative.dev", "networking.internal.knative.dev"]
167 resources: ["*", "*/status", "*/finalizers"]
168 verbs: ["get", "list", "create", "update", "delete", "deletecollection", "patch",
169 "watch"]
170- apiGroups: ["caching.internal.knative.dev"]
171 resources: ["images"]
172 verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
173
174---
175# Copyright 2019 The Knative Authors
176#
177# Licensed under the Apache License, Version 2.0 (the "License");
178# you may not use this file except in compliance with the License.
179# You may obtain a copy of the License at
180#
181# https://www.apache.org/licenses/LICENSE-2.0
182#
183# Unless required by applicable law or agreed to in writing, software
184# distributed under the License is distributed on an "AS IS" BASIS,
185# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
186# See the License for the specific language governing permissions and
187# limitations under the License.
188
189kind: ClusterRole
190apiVersion: rbac.authorization.k8s.io/v1
191metadata:
192 name: knative-serving-podspecable-binding
193 labels:
194 serving.knative.dev/release: "v0.18.0"
195 # Labeled to facilitate aggregated cluster roles that act on PodSpecables.
196 duck.knative.dev/podspecable: "true"
197# Do not use this role directly. These rules will be added to the "podspecable-binder" role.
198rules:
199- apiGroups:
200 - serving.knative.dev
201 resources:
202 - configurations
203 - services
204 verbs:
205 - list
206 - watch
207 - patch
208
209---
210# Copyright 2018 The Knative Authors
211#
212# Licensed under the Apache License, Version 2.0 (the "License");
213# you may not use this file except in compliance with the License.
214# You may obtain a copy of the License at
215#
216# https://www.apache.org/licenses/LICENSE-2.0
217#
218# Unless required by applicable law or agreed to in writing, software
219# distributed under the License is distributed on an "AS IS" BASIS,
220# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
221# See the License for the specific language governing permissions and
222# limitations under the License.
223
224apiVersion: v1
225kind: ServiceAccount
226metadata:
227 name: controller
228 namespace: knative-serving
229 labels:
230 serving.knative.dev/release: "v0.18.0"
231---
232kind: ClusterRole
233apiVersion: rbac.authorization.k8s.io/v1
234metadata:
235 name: knative-serving-admin
236 labels:
237 serving.knative.dev/release: "v0.18.0"
238aggregationRule:
239 clusterRoleSelectors:
240 - matchLabels:
241 serving.knative.dev/controller: "true"
242rules: [] # Rules are automatically filled in by the controller manager.
243---
244apiVersion: rbac.authorization.k8s.io/v1
245kind: ClusterRoleBinding
246metadata:
247 name: knative-serving-controller-admin
248 labels:
249 serving.knative.dev/release: "v0.18.0"
250subjects:
251- kind: ServiceAccount
252 name: controller
253 namespace: knative-serving
254roleRef:
255 kind: ClusterRole
256 name: knative-serving-admin
257 apiGroup: rbac.authorization.k8s.io
258
259---
260# Copyright 2018 The Knative Authors
261#
262# Licensed under the Apache License, Version 2.0 (the "License");
263# you may not use this file except in compliance with the License.
264# You may obtain a copy of the License at
265#
266# https://www.apache.org/licenses/LICENSE-2.0
267#
268# Unless required by applicable law or agreed to in writing, software
269# distributed under the License is distributed on an "AS IS" BASIS,
270# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
271# See the License for the specific language governing permissions and
272# limitations under the License.
273
274apiVersion: apiextensions.k8s.io/v1
275kind: CustomResourceDefinition
276metadata:
277 name: images.caching.internal.knative.dev
278 labels:
279 knative.dev/crd-install: "true"
280spec:
281 group: caching.internal.knative.dev
282 names:
283 kind: Image
284 plural: images
285 singular: image
286 categories:
287 - knative-internal
288 - caching
289 shortNames:
290 - img
291 scope: Namespaced
292 versions:
293 - name: v1alpha1
294 served: true
295 storage: true
296 subresources:
297 status: {}
298 schema:
299 openAPIV3Schema:
300 type: object
301 # this is a work around so we don't need to flush out the
302 # schema for each version at this time
303 #
304 # see issue: https://github.com/knative/serving/issues/912
305 x-kubernetes-preserve-unknown-fields: true
306
307---
308# Copyright 2020 The Knative Authors
309#
310# Licensed under the Apache License, Version 2.0 (the "License");
311# you may not use this file except in compliance with the License.
312# You may obtain a copy of the License at
313#
314# https://www.apache.org/licenses/LICENSE-2.0
315#
316# Unless required by applicable law or agreed to in writing, software
317# distributed under the License is distributed on an "AS IS" BASIS,
318# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
319# See the License for the specific language governing permissions and
320# limitations under the License.
321
322apiVersion: apiextensions.k8s.io/v1
323kind: CustomResourceDefinition
324metadata:
325 name: certificates.networking.internal.knative.dev
326 labels:
327 serving.knative.dev/release: "v0.18.0"
328 knative.dev/crd-install: "true"
329spec:
330 group: networking.internal.knative.dev
331 versions:
332 - name: v1alpha1
333 served: true
334 storage: true
335 subresources:
336 status: {}
337 schema:
338 openAPIV3Schema:
339 type: object
340 # this is a work around so we don't need to flush out the
341 # schema for each version at this time
342 #
343 # see issue: https://github.com/knative/serving/issues/912
344 x-kubernetes-preserve-unknown-fields: true
345 additionalPrinterColumns:
346 - name: Ready
347 type: string
348 jsonPath: ".status.conditions[?(@.type==\"Ready\")].status"
349 - name: Reason
350 type: string
351 jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason"
352 names:
353 kind: Certificate
354 plural: certificates
355 singular: certificate
356 categories:
357 - knative-internal
358 - networking
359 shortNames:
360 - kcert
361 scope: Namespaced
362
363---
364# Copyright 2019 The Knative Authors
365#
366# Licensed under the Apache License, Version 2.0 (the "License");
367# you may not use this file except in compliance with the License.
368# You may obtain a copy of the License at
369#
370# https://www.apache.org/licenses/LICENSE-2.0
371#
372# Unless required by applicable law or agreed to in writing, software
373# distributed under the License is distributed on an "AS IS" BASIS,
374# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
375# See the License for the specific language governing permissions and
376# limitations under the License.
377
378apiVersion: apiextensions.k8s.io/v1
379kind: CustomResourceDefinition
380metadata:
381 name: configurations.serving.knative.dev
382 labels:
383 serving.knative.dev/release: "v0.18.0"
384 knative.dev/crd-install: "true"
385 duck.knative.dev/podspecable: "true"
386spec:
387 group: serving.knative.dev
388 versions:
389 - &version
390 name: v1alpha1
391 served: true
392 storage: false
393 subresources:
394 status: {}
395 schema:
396 openAPIV3Schema:
397 type: object
398 # this is a work around so we don't need to flush out the
399 # schema for each version at this time
400 #
401 # see issue: https://github.com/knative/serving/issues/912
402 x-kubernetes-preserve-unknown-fields: true
403 additionalPrinterColumns:
404 - name: LatestCreated
405 type: string
406 jsonPath: .status.latestCreatedRevisionName
407 - name: LatestReady
408 type: string
409 jsonPath: .status.latestReadyRevisionName
410 - name: Ready
411 type: string
412 jsonPath: ".status.conditions[?(@.type=='Ready')].status"
413 - name: Reason
414 type: string
415 jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
416 - !!merge <<: *version
417 name: v1beta1
418 - !!merge <<: *version
419 name: v1
420 storage: true
421 names:
422 kind: Configuration
423 plural: configurations
424 singular: configuration
425 categories:
426 - all
427 - knative
428 - serving
429 shortNames:
430 - config
431 - cfg
432 scope: Namespaced
433 conversion:
434 strategy: Webhook
435 webhook:
436 conversionReviewVersions: ["v1", "v1beta1"]
437 clientConfig:
438 service:
439 name: webhook
440 namespace: knative-serving
441
442---
443# Copyright 2020 The Knative Authors
444#
445# Licensed under the Apache License, Version 2.0 (the "License");
446# you may not use this file except in compliance with the License.
447# You may obtain a copy of the License at
448#
449# https://www.apache.org/licenses/LICENSE-2.0
450#
451# Unless required by applicable law or agreed to in writing, software
452# distributed under the License is distributed on an "AS IS" BASIS,
453# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
454# See the License for the specific language governing permissions and
455# limitations under the License.
456
457apiVersion: apiextensions.k8s.io/v1
458kind: CustomResourceDefinition
459metadata:
460 name: ingresses.networking.internal.knative.dev
461 labels:
462 serving.knative.dev/release: "v0.18.0"
463 knative.dev/crd-install: "true"
464spec:
465 group: networking.internal.knative.dev
466 versions:
467 - name: v1alpha1
468 served: true
469 storage: true
470 subresources:
471 status: {}
472 schema:
473 openAPIV3Schema:
474 type: object
475 # this is a work around so we don't need to flush out the
476 # schema for each version at this time
477 #
478 # see issue: https://github.com/knative/serving/issues/912
479 x-kubernetes-preserve-unknown-fields: true
480 additionalPrinterColumns:
481 - name: Ready
482 type: string
483 jsonPath: ".status.conditions[?(@.type=='Ready')].status"
484 - name: Reason
485 type: string
486 jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
487 names:
488 kind: Ingress
489 plural: ingresses
490 singular: ingress
491 categories:
492 - knative-internal
493 - networking
494 shortNames:
495 - kingress
496 - king
497 scope: Namespaced
498
499---
500# Copyright 2019 The Knative Authors
501#
502# Licensed under the Apache License, Version 2.0 (the "License");
503# you may not use this file except in compliance with the License.
504# You may obtain a copy of the License at
505#
506# https://www.apache.org/licenses/LICENSE-2.0
507#
508# Unless required by applicable law or agreed to in writing, software
509# distributed under the License is distributed on an "AS IS" BASIS,
510# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
511# See the License for the specific language governing permissions and
512# limitations under the License.
513
514apiVersion: apiextensions.k8s.io/v1
515kind: CustomResourceDefinition
516metadata:
517 name: metrics.autoscaling.internal.knative.dev
518 labels:
519 serving.knative.dev/release: "v0.18.0"
520 knative.dev/crd-install: "true"
521spec:
522 group: autoscaling.internal.knative.dev
523 versions:
524 - name: v1alpha1
525 served: true
526 storage: true
527 subresources:
528 status: {}
529 schema:
530 openAPIV3Schema:
531 type: object
532 # this is a work around so we don't need to flush out the
533 # schema for each version at this time
534 #
535 # see issue: https://github.com/knative/serving/issues/912
536 x-kubernetes-preserve-unknown-fields: true
537 additionalPrinterColumns:
538 - name: Ready
539 type: string
540 jsonPath: ".status.conditions[?(@.type=='Ready')].status"
541 - name: Reason
542 type: string
543 jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
544 names:
545 kind: Metric
546 plural: metrics
547 singular: metric
548 categories:
549 - knative-internal
550 - autoscaling
551 scope: Namespaced
552
553---
554# Copyright 2018 The Knative Authors
555#
556# Licensed under the Apache License, Version 2.0 (the "License");
557# you may not use this file except in compliance with the License.
558# You may obtain a copy of the License at
559#
560# https://www.apache.org/licenses/LICENSE-2.0
561#
562# Unless required by applicable law or agreed to in writing, software
563# distributed under the License is distributed on an "AS IS" BASIS,
564# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
565# See the License for the specific language governing permissions and
566# limitations under the License.
567
568apiVersion: apiextensions.k8s.io/v1
569kind: CustomResourceDefinition
570metadata:
571 name: podautoscalers.autoscaling.internal.knative.dev
572 labels:
573 serving.knative.dev/release: "v0.18.0"
574 knative.dev/crd-install: "true"
575spec:
576 group: autoscaling.internal.knative.dev
577 versions:
578 - name: v1alpha1
579 served: true
580 storage: true
581 subresources:
582 status: {}
583 schema:
584 openAPIV3Schema:
585 type: object
586 # this is a work around so we don't need to flush out the
587 # schema for each version at this time
588 #
589 # see issue: https://github.com/knative/serving/issues/912
590 x-kubernetes-preserve-unknown-fields: true
591 additionalPrinterColumns:
592 - name: DesiredScale
593 type: integer
594 jsonPath: ".status.desiredScale"
595 - name: ActualScale
596 type: integer
597 jsonPath: ".status.actualScale"
598 - name: Ready
599 type: string
600 jsonPath: ".status.conditions[?(@.type=='Ready')].status"
601 - name: Reason
602 type: string
603 jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
604 names:
605 kind: PodAutoscaler
606 plural: podautoscalers
607 singular: podautoscaler
608 categories:
609 - knative-internal
610 - autoscaling
611 shortNames:
612 - kpa
613 - pa
614 scope: Namespaced
615
616---
617# Copyright 2019 The Knative Authors
618#
619# Licensed under the Apache License, Version 2.0 (the "License");
620# you may not use this file except in compliance with the License.
621# You may obtain a copy of the License at
622#
623# https://www.apache.org/licenses/LICENSE-2.0
624#
625# Unless required by applicable law or agreed to in writing, software
626# distributed under the License is distributed on an "AS IS" BASIS,
627# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
628# See the License for the specific language governing permissions and
629# limitations under the License.
630
631apiVersion: apiextensions.k8s.io/v1
632kind: CustomResourceDefinition
633metadata:
634 name: revisions.serving.knative.dev
635 labels:
636 serving.knative.dev/release: "v0.18.0"
637 knative.dev/crd-install: "true"
638spec:
639 group: serving.knative.dev
640 versions:
641 - &version
642 name: v1alpha1
643 served: true
644 storage: false
645 subresources:
646 status: {}
647 schema:
648 openAPIV3Schema:
649 type: object
650 # this is a work around so we don't need to flush out the
651 # schema for each version at this time
652 #
653 # see issue: https://github.com/knative/serving/issues/912
654 x-kubernetes-preserve-unknown-fields: true
655 additionalPrinterColumns:
656 - name: Config Name
657 type: string
658 jsonPath: ".metadata.labels['serving\\.knative\\.dev/configuration']"
659 - name: K8s Service Name
660 type: string
661 jsonPath: ".status.serviceName"
662 - name: Generation
663 type: string # int in string form :(
664 jsonPath: ".metadata.labels['serving\\.knative\\.dev/configurationGeneration']"
665 - name: Ready
666 type: string
667 jsonPath: ".status.conditions[?(@.type=='Ready')].status"
668 - name: Reason
669 type: string
670 jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
671 - !!merge <<: *version
672 name: v1beta1
673 - !!merge <<: *version
674 name: v1
675 storage: true
676 names:
677 kind: Revision
678 plural: revisions
679 singular: revision
680 categories:
681 - all
682 - knative
683 - serving
684 shortNames:
685 - rev
686 scope: Namespaced
687 conversion:
688 strategy: Webhook
689 webhook:
690 conversionReviewVersions: ["v1", "v1beta1"]
691 clientConfig:
692 service:
693 name: webhook
694 namespace: knative-serving
695
696---
697# Copyright 2019 The Knative Authors
698#
699# Licensed under the Apache License, Version 2.0 (the "License");
700# you may not use this file except in compliance with the License.
701# You may obtain a copy of the License at
702#
703# https://www.apache.org/licenses/LICENSE-2.0
704#
705# Unless required by applicable law or agreed to in writing, software
706# distributed under the License is distributed on an "AS IS" BASIS,
707# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
708# See the License for the specific language governing permissions and
709# limitations under the License.
710
711apiVersion: apiextensions.k8s.io/v1
712kind: CustomResourceDefinition
713metadata:
714 name: routes.serving.knative.dev
715 labels:
716 serving.knative.dev/release: "v0.18.0"
717 knative.dev/crd-install: "true"
718 duck.knative.dev/addressable: "true"
719spec:
720 group: serving.knative.dev
721 versions:
722 - &version
723 name: v1alpha1
724 served: true
725 storage: false
726 subresources:
727 status: {}
728 schema:
729 openAPIV3Schema:
730 type: object
731 # this is a work around so we don't need to flush out the
732 # schema for each version at this time
733 #
734 # see issue: https://github.com/knative/serving/issues/912
735 x-kubernetes-preserve-unknown-fields: true
736 additionalPrinterColumns:
737 - name: URL
738 type: string
739 jsonPath: .status.url
740 - name: Ready
741 type: string
742 jsonPath: ".status.conditions[?(@.type=='Ready')].status"
743 - name: Reason
744 type: string
745 jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
746 - !!merge <<: *version
747 name: v1beta1
748 - !!merge <<: *version
749 name: v1
750 storage: true
751 names:
752 kind: Route
753 plural: routes
754 singular: route
755 categories:
756 - all
757 - knative
758 - serving
759 shortNames:
760 - rt
761 scope: Namespaced
762 conversion:
763 strategy: Webhook
764 webhook:
765 conversionReviewVersions: ["v1", "v1beta1"]
766 clientConfig:
767 service:
768 name: webhook
769 namespace: knative-serving
770
771---
772# Copyright 2019 The Knative Authors
773#
774# Licensed under the Apache License, Version 2.0 (the "License");
775# you may not use this file except in compliance with the License.
776# You may obtain a copy of the License at
777#
778# https://www.apache.org/licenses/LICENSE-2.0
779#
780# Unless required by applicable law or agreed to in writing, software
781# distributed under the License is distributed on an "AS IS" BASIS,
782# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
783# See the License for the specific language governing permissions and
784# limitations under the License.
785
786apiVersion: apiextensions.k8s.io/v1
787kind: CustomResourceDefinition
788metadata:
789 name: serverlessservices.networking.internal.knative.dev
790 labels:
791 serving.knative.dev/release: "v0.18.0"
792 knative.dev/crd-install: "true"
793spec:
794 group: networking.internal.knative.dev
795 versions:
796 - name: v1alpha1
797 served: true
798 storage: true
799 subresources:
800 status: {}
801 schema:
802 openAPIV3Schema:
803 type: object
804 # this is a work around so we don't need to flush out the
805 # schema for each version at this time
806 #
807 # see issue: https://github.com/knative/serving/issues/912
808 x-kubernetes-preserve-unknown-fields: true
809 additionalPrinterColumns:
810 - name: Mode
811 type: string
812 jsonPath: ".spec.mode"
813 - name: Activators
814 type: integer
815 jsonPath: ".spec.numActivators"
816 - name: ServiceName
817 type: string
818 jsonPath: ".status.serviceName"
819 - name: PrivateServiceName
820 type: string
821 jsonPath: ".status.privateServiceName"
822 - name: Ready
823 type: string
824 jsonPath: ".status.conditions[?(@.type=='Ready')].status"
825 - name: Reason
826 type: string
827 jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
828 names:
829 kind: ServerlessService
830 plural: serverlessservices
831 singular: serverlessservice
832 categories:
833 - knative-internal
834 - networking
835 shortNames:
836 - sks
837 scope: Namespaced
838
839---
840# Copyright 2019 The Knative Authors
841#
842# Licensed under the Apache License, Version 2.0 (the "License");
843# you may not use this file except in compliance with the License.
844# You may obtain a copy of the License at
845#
846# https://www.apache.org/licenses/LICENSE-2.0
847#
848# Unless required by applicable law or agreed to in writing, software
849# distributed under the License is distributed on an "AS IS" BASIS,
850# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
851# See the License for the specific language governing permissions and
852# limitations under the License.
853
854apiVersion: apiextensions.k8s.io/v1
855kind: CustomResourceDefinition
856metadata:
857 name: services.serving.knative.dev
858 labels:
859 serving.knative.dev/release: "v0.18.0"
860 knative.dev/crd-install: "true"
861 duck.knative.dev/addressable: "true"
862 duck.knative.dev/podspecable: "true"
863spec:
864 group: serving.knative.dev
865 versions:
866 - &version
867 name: v1alpha1
868 served: true
869 storage: false
870 subresources:
871 status: {}
872 schema:
873 openAPIV3Schema:
874 type: object
875 # this is a work around so we don't need to flush out the
876 # schema for each version at this time
877 #
878 # see issue: https://github.com/knative/serving/issues/912
879 x-kubernetes-preserve-unknown-fields: true
880 additionalPrinterColumns:
881 - name: URL
882 type: string
883 jsonPath: .status.url
884 - name: LatestCreated
885 type: string
886 jsonPath: .status.latestCreatedRevisionName
887 - name: LatestReady
888 type: string
889 jsonPath: .status.latestReadyRevisionName
890 - name: Ready
891 type: string
892 jsonPath: ".status.conditions[?(@.type=='Ready')].status"
893 - name: Reason
894 type: string
895 jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
896 - !!merge <<: *version
897 name: v1beta1
898 - !!merge <<: *version
899 name: v1
900 storage: true
901 names:
902 kind: Service
903 plural: services
904 singular: service
905 categories:
906 - all
907 - knative
908 - serving
909 shortNames:
910 - kservice
911 - ksvc
912 scope: Namespaced
913 conversion:
914 strategy: Webhook
915 webhook:
916 conversionReviewVersions: ["v1", "v1beta1"]
917 clientConfig:
918 service:
919 name: webhook
920 namespace: knative-serving
921
922---
923# Copyright 2018 The Knative Authors
924#
925# Licensed under the Apache License, Version 2.0 (the "License");
926# you may not use this file except in compliance with the License.
927# You may obtain a copy of the License at
928#
929# https://www.apache.org/licenses/LICENSE-2.0
930#
931# Unless required by applicable law or agreed to in writing, software
932# distributed under the License is distributed on an "AS IS" BASIS,
933# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
934# See the License for the specific language governing permissions and
935# limitations under the License.
936
937apiVersion: caching.internal.knative.dev/v1alpha1
938kind: Image
939metadata:
940 name: queue-proxy
941 namespace: knative-serving
942 labels:
943 serving.knative.dev/release: "v0.18.0"
944spec:
945 # This is the Go import path for the binary that is containerized
946 # and substituted here.
947 image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:0db974f58b48b219ab8047e11b481c2bbda52b7a2d54db5ed58e8659748ec125
948
949---
950# Copyright 2018 The Knative Authors
951#
952# Licensed under the Apache License, Version 2.0 (the "License");
953# you may not use this file except in compliance with the License.
954# You may obtain a copy of the License at
955#
956# https://www.apache.org/licenses/LICENSE-2.0
957#
958# Unless required by applicable law or agreed to in writing, software
959# distributed under the License is distributed on an "AS IS" BASIS,
960# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
961# See the License for the specific language governing permissions and
962# limitations under the License.
963
964apiVersion: v1
965kind: ConfigMap
966metadata:
967 name: config-autoscaler
968 namespace: knative-serving
969 labels:
970 serving.knative.dev/release: "v0.18.0"
971 annotations:
972 knative.dev/example-checksum: "7b6520ae"
973data:
974 _example: |
975 ################################
976 # #
977 # EXAMPLE CONFIGURATION #
978 # #
979 ################################
980
981 # This block is not actually functional configuration,
982 # but serves to illustrate the available configuration
983 # options and document them in a way that is accessible
984 # to users that `kubectl edit` this config map.
985 #
986 # These sample configuration options may be copied out of
987 # this example block and unindented to be in the data block
988 # to actually change the configuration.
989
990 # The Revision ContainerConcurrency field specifies the maximum number
991 # of requests the Container can handle at once. Container concurrency
992 # target percentage is how much of that maximum to use in a stable
993 # state. E.g. if a Revision specifies ContainerConcurrency of 10, then
994 # the Autoscaler will try to maintain 7 concurrent connections per pod
995 # on average.
996 # Note: this limit will be applied to container concurrency set at every
997 # level (ConfigMap, Revision Spec or Annotation).
998 # For legacy and backwards compatibility reasons, this value also accepts
999 # fractional values in (0, 1] interval (i.e. 0.7 ⇒ 70%).
1000 # Thus minimal percentage value must be greater than 1.0, or it will be
1001 # treated as a fraction.
1002 # NOTE: that this value does not affect actual number of concurrent requests
1003 # the user container may receive, but only the average number of requests
1004 # that the revision pods will receive.
1005 container-concurrency-target-percentage: "70"
1006
1007 # The container concurrency target default is what the Autoscaler will
1008 # try to maintain when concurrency is used as the scaling metric for the
1009 # Revision and the Revision specifies unlimited concurrency.
1010 # When revision explicitly specifies container concurrency, that value
1011 # will be used as a scaling target for autoscaler.
1012 # When specifying unlimited concurrency, the autoscaler will
1013 # horizontally scale the application based on this target concurrency.
1014 # This is what we call "soft limit" in the documentation, i.e. it only
1015 # affects number of pods and does not affect the number of requests
1016 # individual pod processes.
1017 # The value must be a positive number such that the value multiplied
1018 # by container-concurrency-target-percentage is greater than 0.01.
1019 # NOTE: that this value will be adjusted by application of
1020 # container-concurrency-target-percentage, i.e. by default
1021 # the system will target on average 70 concurrent requests
1022 # per revision pod.
1023 # NOTE: Only one metric can be used for autoscaling a Revision.
1024 container-concurrency-target-default: "100"
1025
1026 # The requests per second (RPS) target default is what the Autoscaler will
1027 # try to maintain when RPS is used as the scaling metric for a Revision and
1028 # the Revision specifies unlimited RPS. Even when specifying unlimited RPS,
1029 # the autoscaler will horizontally scale the application based on this
1030 # target RPS.
1031 # Must be greater than 1.0.
1032 # NOTE: Only one metric can be used for autoscaling a Revision.
1033 requests-per-second-target-default: "200"
1034
1035 # The target burst capacity specifies the size of burst in concurrent
1036 # requests that the system operator expects the system will receive.
1037 # Autoscaler will try to protect the system from queueing by introducing
1038 # Activator in the request path if the current spare capacity of the
1039 # service is less than this setting.
1040 # If this setting is 0, then Activator will be in the request path only
1041 # when the revision is scaled to 0.
1042 # If this setting is > 0 and container-concurrency-target-percentage is
1043 # 100% or 1.0, then activator will always be in the request path.
1044 # -1 denotes unlimited target-burst-capacity and activator will always
1045 # be in the request path.
1046 # Other negative values are invalid.
1047 target-burst-capacity: "200"
1048
1049 # When operating in a stable mode, the autoscaler operates on the
1050 # average concurrency over the stable window.
1051 # Stable window must be in whole seconds.
1052 stable-window: "60s"
1053
1054 # When observed average concurrency during the panic window reaches
1055 # panic-threshold-percentage the target concurrency, the autoscaler
1056 # enters panic mode. When operating in panic mode, the autoscaler
1057 # scales on the average concurrency over the panic window which is
1058 # panic-window-percentage of the stable-window.
1059 # Must be in the [1, 100] range.
1060 # When computing the panic window it will be rounded to the closest
1061 # whole second, at least 1s.
1062 panic-window-percentage: "10.0"
1063
1064 # The percentage of the container concurrency target at which to
1065 # enter panic mode when reached within the panic window.
1066 panic-threshold-percentage: "200.0"
1067
1068 # Max scale up rate limits the rate at which the autoscaler will
1069 # increase pod count. It is the maximum ratio of desired pods versus
1070 # observed pods.
1071 # Cannot be less or equal to 1.
1072 # I.e with value of 2.0 the number of pods can at most go N to 2N
1073 # over single Autoscaler period (2s), but at least N to
1074 # N+1, if Autoscaler needs to scale up.
1075 max-scale-up-rate: "1000.0"
1076
1077 # Max scale down rate limits the rate at which the autoscaler will
1078 # decrease pod count. It is the maximum ratio of observed pods versus
1079 # desired pods.
1080 # Cannot be less or equal to 1.
1081 # I.e. with value of 2.0 the number of pods can at most go N to N/2
1082 # over single Autoscaler evaluation period (2s), but at
1083 # least N to N-1, if Autoscaler needs to scale down.
1084 max-scale-down-rate: "2.0"
1085
1086 # Scale to zero feature flag.
1087 enable-scale-to-zero: "true"
1088
1089 # Scale to zero grace period is the time an inactive revision is left
1090 # running before it is scaled to zero (min: 6s).
1091 # This is the upper limit and is provided not to enforce timeout after
1092 # the revision stopped receiving requests for stable window, but to
1093 # ensure network reprogramming to put activator in the path has completed.
1094 # If the system determines that a shorter period is satisfactory,
1095 # then the system will only wait that amount of time before scaling to 0.
1096 # NOTE: this period might actually be 0, if activator has been
1097 # in the request path sufficiently long.
1098 # If there is necessity for the last pod to linger longer use
1099 # scale-to-zero-pod-retention-period flag.
1100 scale-to-zero-grace-period: "30s"
1101
1102 # Scale to zero pod retention period defines the minimum amount
1103 # of time the last pod will remain after Autoscaler has decided to
1104 # scale to zero.
1105 # This flag is for the situations where the pod starup is very expensive
1106 # and the traffic is bursty (requiring smaller windows for fast action),
1107 # but patchy.
1108 # The larger of this flag and `scale-to-zero-grace-period` will effectively
1109 # detemine how the last pod will hang around.
1110 scale-to-zero-pod-retention-period: "0s"
1111
1112 # pod-autoscaler-class specifies the default pod autoscaler class
1113 # that should be used if none is specified. If omitted, the Knative
1114 # Horizontal Pod Autoscaler (KPA) is used by default.
1115 pod-autoscaler-class: "kpa.autoscaling.knative.dev"
1116
1117 # The capacity of a single activator task.
1118 # The `unit` is one concurrent request proxied by the activator.
1119 # activator-capacity must be at least 1.
1120 # This value is used for computation of the Activator subset size.
1121 # See the algorithm here: http://bit.ly/38XiCZ3.
1122 # TODO(vagababov): tune after actual benchmarking.
1123 activator-capacity: "100.0"
1124
1125 # initial-scale is the cluster-wide default value for the initial target
1126 # scale of a revision after creation, unless overridden by the
1127 # "autoscaling.knative.dev/initialScale" annotation.
1128 # This value must be greater than 0 unless allow-zero-initial-scale is true.
1129 initial-scale: "1"
1130
1131 # allow-zero-initial-scale controls whether either the cluster-wide initial-scale flag,
1132 # or the "autoscaling.knative.dev/initialScale" annotation, can be set to 0.
1133 allow-zero-initial-scale: "false"
1134
1135 # max-scale is the cluster-wide default value for the max scale of a revision,
1136 # unless overridden by the "autoscaling.knative.dev/maxScale" annotation.
1137 # If set to 0, the revision has no maximum scale.
1138 max-scale: "0"
1139
1140---
1141# Copyright 2019 The Knative Authors
1142#
1143# Licensed under the Apache License, Version 2.0 (the "License");
1144# you may not use this file except in compliance with the License.
1145# You may obtain a copy of the License at
1146#
1147# https://www.apache.org/licenses/LICENSE-2.0
1148#
1149# Unless required by applicable law or agreed to in writing, software
1150# distributed under the License is distributed on an "AS IS" BASIS,
1151# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1152# See the License for the specific language governing permissions and
1153# limitations under the License.
1154
1155apiVersion: v1
1156kind: ConfigMap
1157metadata:
1158 name: config-defaults
1159 namespace: knative-serving
1160 labels:
1161 serving.knative.dev/release: "v0.18.0"
1162 annotations:
1163 knative.dev/example-checksum: "d19e4f27"
1164data:
1165 _example: |
1166 ################################
1167 # #
1168 # EXAMPLE CONFIGURATION #
1169 # #
1170 ################################
1171
1172 # This block is not actually functional configuration,
1173 # but serves to illustrate the available configuration
1174 # options and document them in a way that is accessible
1175 # to users that `kubectl edit` this config map.
1176 #
1177 # These sample configuration options may be copied out of
1178 # this example block and unindented to be in the data block
1179 # to actually change the configuration.
1180
1181 # revision-timeout-seconds contains the default number of
1182 # seconds to use for the revision's per-request timeout, if
1183 # none is specified.
1184 revision-timeout-seconds: "300" # 5 minutes
1185
1186 # max-revision-timeout-seconds contains the maximum number of
1187 # seconds that can be used for revision-timeout-seconds.
1188 # This value must be greater than or equal to revision-timeout-seconds.
1189 # If omitted, the system default is used (600 seconds).
1190 #
1191 # If this value is increased, the activator's terminationGraceTimeSeconds
1192 # should also be increased to prevent in-flight requests being disrupted.
1193 max-revision-timeout-seconds: "600" # 10 minutes
1194
1195 # revision-cpu-request contains the cpu allocation to assign
1196 # to revisions by default. If omitted, no value is specified
1197 # and the system default is used.
1198 # Below is an example of setting revision-cpu-request.
1199 # By default, it is not set by Knative.
1200 revision-cpu-request: "400m" # 0.4 of a CPU (aka 400 milli-CPU)
1201
1202 # revision-memory-request contains the memory allocation to assign
1203 # to revisions by default. If omitted, no value is specified
1204 # and the system default is used.
1205 # Below is an example of setting revision-memory-request.
1206 # By default, it is not set by Knative.
1207 revision-memory-request: "100M" # 100 megabytes of memory
1208
1209 # revision-ephemeral-storage-request contains the ephemeral storage
1210 # allocation to assign to revisions by default. If omitted, no value is
1211 # specified and the system default is used.
1212 revision-ephemeral-storage-request: "500M" # 500 megabytes of storage
1213
1214 # revision-cpu-limit contains the cpu allocation to limit
1215 # revisions to by default. If omitted, no value is specified
1216 # and the system default is used.
1217 # Below is an example of setting revision-cpu-limit.
1218 # By default, it is not set by Knative.
1219 revision-cpu-limit: "1000m" # 1 CPU (aka 1000 milli-CPU)
1220
1221 # revision-memory-limit contains the memory allocation to limit
1222 # revisions to by default. If omitted, no value is specified
1223 # and the system default is used.
1224 # Below is an example of setting revision-memory-limit.
1225 # By default, it is not set by Knative.
1226 revision-memory-limit: "200M" # 200 megabytes of memory
1227
1228 # revision-ephemeral-storage-limit contains the ephemeral storage
1229 # allocation to limit revisions to by default. If omitted, no value is
1230 # specified and the system default is used.
1231 revision-ephemeral-storage-limit: "750M" # 750 megabytes of storage
1232
1233 # container-name-template contains a template for the default
1234 # container name, if none is specified. This field supports
1235 # Go templating and is supplied with the ObjectMeta of the
1236 # enclosing Service or Configuration, so values such as
1237 # {{.Name}} are also valid.
1238 container-name-template: "user-container"
1239
1240 # container-concurrency specifies the maximum number
1241 # of requests the Container can handle at once, and requests
1242 # above this threshold are queued. Setting a value of zero
1243 # disables this throttling and lets through as many requests as
1244 # the pod receives.
1245 container-concurrency: "0"
1246
1247 # The container concurrency max limit is an operator setting ensuring that
1248 # the individual revisions cannot have arbitrary large concurrency
1249 # values, or autoscaling targets. `container-concurrency` default setting
1250 # must be at or below this value.
1251 #
1252 # Must be greater than 1.
1253 #
1254 # Note: even with this set, a user can choose a containerConcurrency
1255 # of 0 (i.e. unbounded) unless allow-container-concurrency-zero is
1256 # set to "false".
1257 container-concurrency-max-limit: "1000"
1258
1259 # allow-container-concurrency-zero controls whether users can
1260 # specify 0 (i.e. unbounded) for containerConcurrency.
1261 allow-container-concurrency-zero: "true"
1262
1263 # enable-service-links specifies the default value used for the
1264 # enableServiceLinks field of the PodSpec, when it is omitted by the user.
1265 # See: https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service
1266 #
1267 # In environments with large number of services it is suggested
1268 # to set this value to `false`.
1269 # See https://github.com/knative/serving/issues/8498.
1270 enable-service-links: "default"
1271
1272---
1273# Copyright 2019 The Knative Authors
1274#
1275# Licensed under the Apache License, Version 2.0 (the "License");
1276# you may not use this file except in compliance with the License.
1277# You may obtain a copy of the License at
1278#
1279# https://www.apache.org/licenses/LICENSE-2.0
1280#
1281# Unless required by applicable law or agreed to in writing, software
1282# distributed under the License is distributed on an "AS IS" BASIS,
1283# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1284# See the License for the specific language governing permissions and
1285# limitations under the License.
1286
1287apiVersion: v1
1288kind: ConfigMap
1289metadata:
1290 name: config-deployment
1291 namespace: knative-serving
1292 labels:
1293 serving.knative.dev/release: "v0.18.0"
1294 annotations:
1295 knative.dev/example-checksum: "52900e59"
1296data:
1297 # This is the Go import path for the binary that is containerized
1298 # and substituted here.
1299 queueSidecarImage: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:0db974f58b48b219ab8047e11b481c2bbda52b7a2d54db5ed58e8659748ec125
1300 _example: |
1301 ################################
1302 # #
1303 # EXAMPLE CONFIGURATION #
1304 # #
1305 ################################
1306
1307 # This block is not actually functional configuration,
1308 # but serves to illustrate the available configuration
1309 # options and document them in a way that is accessible
1310 # to users that `kubectl edit` this config map.
1311 #
1312 # These sample configuration options may be copied out of
1313 # this example block and unindented to be in the data block
1314 # to actually change the configuration.
1315
1316 # List of repositories for which tag to digest resolving should be skipped
1317 registriesSkippingTagResolving: "kind.local,ko.local,dev.local"
1318
1319 # digestResolutionTimeout is the maximum time allowed for an image's
1320 # digests to be resolved.
1321 digestResolutionTimeout: "10s"
1322
1323 # ProgressDeadline is the duration we wait for the deployment to
1324 # be ready before considering it failed.
1325 progressDeadline: "120s"
1326
1327 # queueSidecarCPURequest is the requests.cpu to set for the queue proxy sidecar container.
1328 # If omitted, a default value (currently "25m"), is used.
1329 queueSidecarCPURequest: "25m"
1330
1331 # queueSidecarCPULimit is the limits.cpu to set for the queue proxy sidecar container.
1332 # If omitted, no value is specified and the system default is used.
1333 queueSidecarCPULimit: "1000m"
1334
1335 # queueSidecarMemoryRequest is the requests.memory to set for the queue proxy container.
1336 # If omitted, no value is specified and the system default is used.
1337 queueSidecarMemoryRequest: "400Mi"
1338
1339 # queueSidecarMemoryLimit is the limits.memory to set for the queue proxy container.
1340 # If omitted, no value is specified and the system default is used.
1341 queueSidecarMemoryLimit: "800Mi"
1342
1343 # queueSidecarEphemeralStorageRequest is the requests.ephemeral-storage to
1344 # set for the queue proxy sidecar container.
1345 # If omitted, no value is specified and the system default is used.
1346 queueSidecarEphemeralStorageRequest: "512Mi"
1347
1348 # queueSidecarEphemeralStorageLimit is the limits.ephemeral-storage to set
1349 # for the queue proxy sidecar container.
1350 # If omitted, no value is specified and the system default is used.
1351 queueSidecarEphemeralStorageLimit: "1024Mi"
1352
1353---
1354# Copyright 2018 The Knative Authors
1355#
1356# Licensed under the Apache License, Version 2.0 (the "License");
1357# you may not use this file except in compliance with the License.
1358# You may obtain a copy of the License at
1359#
1360# https://www.apache.org/licenses/LICENSE-2.0
1361#
1362# Unless required by applicable law or agreed to in writing, software
1363# distributed under the License is distributed on an "AS IS" BASIS,
1364# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1365# See the License for the specific language governing permissions and
1366# limitations under the License.
1367
1368apiVersion: v1
1369kind: ConfigMap
1370metadata:
1371 name: config-domain
1372 namespace: knative-serving
1373 labels:
1374 serving.knative.dev/release: "v0.18.0"
1375 annotations:
1376 knative.dev/example-checksum: "f8e5beb4"
1377data:
1378 _example: |
1379 ################################
1380 # #
1381 # EXAMPLE CONFIGURATION #
1382 # #
1383 ################################
1384
1385 # This block is not actually functional configuration,
1386 # but serves to illustrate the available configuration
1387 # options and document them in a way that is accessible
1388 # to users that `kubectl edit` this config map.
1389 #
1390 # These sample configuration options may be copied out of
1391 # this example block and unindented to be in the data block
1392 # to actually change the configuration.
1393
1394 # Default value for domain.
1395 # Although it will match all routes, it is the least-specific rule so it
1396 # will only be used if no other domain matches.
1397 example.com: |
1398
1399 # These are example settings of domain.
1400 # example.org will be used for routes having app=nonprofit.
1401 example.org: |
1402 selector:
1403 app: nonprofit
1404
1405 # Routes having domain suffix of 'svc.cluster.local' will not be exposed
1406 # through Ingress. You can define your own label selector to assign that
1407 # domain suffix to your Route here, or you can set the label
1408 # "serving.knative.dev/visibility=cluster-local"
1409 # to achieve the same effect. This shows how to make routes having
1410 # the label app=secret only exposed to the local cluster.
1411 svc.cluster.local: |
1412 selector:
1413 app: secret
1414
1415---
1416# Copyright 2020 The Knative Authors
1417#
1418# Licensed under the Apache License, Version 2.0 (the "License");
1419# you may not use this file except in compliance with the License.
1420# You may obtain a copy of the License at
1421#
1422# https://www.apache.org/licenses/LICENSE-2.0
1423#
1424# Unless required by applicable law or agreed to in writing, software
1425# distributed under the License is distributed on an "AS IS" BASIS,
1426# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1427# See the License for the specific language governing permissions and
1428# limitations under the License.
1429
1430apiVersion: v1
1431kind: ConfigMap
1432metadata:
1433 name: config-features
1434 namespace: knative-serving
1435 labels:
1436 serving.knative.dev/release: "v0.18.0"
1437 annotations:
1438 knative.dev/example-checksum: "6a69cdef"
1439data:
1440 _example: |
1441 ################################
1442 # #
1443 # EXAMPLE CONFIGURATION #
1444 # #
1445 ################################
1446
1447 # This block is not actually functional configuration,
1448 # but serves to illustrate the available configuration
1449 # options and document them in a way that is accessible
1450 # to users that `kubectl edit` this config map.
1451 #
1452 # These sample configuration options may be copied out of
1453 # this example block and unindented to be in the data block
1454 # to actually change the configuration.
1455
1456 # Indicates whether multi container support is enabled
1457 #
1458 # WARNING: Cannot safely be disabled once enabled.
1459 multi-container: "enabled"
1460
1461 # Indicates whether Kubernetes affinity support is enabled
1462 #
1463 # WARNING: Cannot safely be disabled once enabled.
1464 kubernetes.podspec-affinity: "disabled"
1465
1466 # Indicates whether Kubernetes nodeSelector support is enabled
1467 #
1468 # WARNING: Cannot safely be disabled once enabled.
1469 kubernetes.podspec-nodeselector: "disabled"
1470
1471 # Indicates whether Kubernetes tolerations support is enabled
1472 #
1473 # WARNING: Cannot safely be disabled once enabled
1474 kubernetes.podspec-tolerations: "disabled"
1475
1476 # Indicates whether Kubernetes FieldRef support is enabled
1477 #
1478 # WARNING: Cannot safely be disabled once enabled.
1479 kubernetes.podspec-fieldref: "disabled"
1480
1481 # Indicates whether Kubernetes RuntimeClassName support is enabled
1482 #
1483 # WARNING: Cannot safely be disabled once enabled.
1484 kubernetes.podspec-runtimeclassname: "disabled"
1485
1486 # This feature allows end-users to set a subset of fields on the Pod's SecurityContext
1487 # in addition to expanding the allowable fields within a Container's SecurityContext.
1488 #
1489 # When set to "enabled" or "allowed" it allows the following
1490 # PodSecurityContext properties:
1491 # - FSGroup
1492 # - RunAsGroup
1493 # - RunAsNonRoot
1494 # - SupplementalGroups
1495 # - RunAsUser
1496 #
1497 # When set to "enabled" or "allowed" it allows the following
1498 # Container SecurityContext properties:
1499 # - RunAsNonRoot
1500 # - RunAsGroup
1501 # - RunAsUser (already allowed without this flag)
1502 #
1503 # This feature flag should be used with caution as the PodSecurityContext
1504 # properties may have a side-effect on non-user sidecar containers that come
1505 # from Knative or your service mesh
1506 #
1507 # WARNING: Cannot safely be disabled once enabled.
1508 kubernetes.podspec-securitycontext: "disabled"
1509
1510 # This feature validates PodSpecs from the validating webhook
1511 # against the K8s API Server.
1512 #
1513 # When "enabled", the server will always run the extra validation.
1514 # When "allowed", the server will not run the dry-run validation by default.
1515 # However, clients may enable the behavior on an individual Service by
1516 # attaching the following metadata annotation: "features.knative.dev/podspec-dryrun":"enabled".
1517 kubernetes.podspec-dryrun: "allowed"
1518
1519 # Indicates whether new responsive garbage collection is enabled. This
1520 # feature labels revisions in real-time as they become referenced and
1521 # dereferenced by Routes. This allows us to reap revisions shortly after
1522 # they are no longer active.
1523 responsive-revision-gc: "allowed"
1524
1525 # Controls whether tag header based routing feature are enabled or not.
1526 # 1. Enabled: enabling tag header based routing
1527 # 2. Disabled: disabling tag header based routing
1528 tag-header-based-routing: "disabled"
1529
1530---
1531# Copyright 2018 The Knative Authors
1532#
1533# Licensed under the Apache License, Version 2.0 (the "License");
1534# you may not use this file except in compliance with the License.
1535# You may obtain a copy of the License at
1536#
1537# https://www.apache.org/licenses/LICENSE-2.0
1538#
1539# Unless required by applicable law or agreed to in writing, software
1540# distributed under the License is distributed on an "AS IS" BASIS,
1541# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1542# See the License for the specific language governing permissions and
1543# limitations under the License.
1544
1545apiVersion: v1
1546kind: ConfigMap
1547metadata:
1548 name: config-gc
1549 namespace: knative-serving
1550 labels:
1551 serving.knative.dev/release: "v0.18.0"
1552 annotations:
1553 knative.dev/example-checksum: "4b89cfa0"
1554data:
1555 _example: |
1556 ################################
1557 # #
1558 # EXAMPLE CONFIGURATION #
1559 # #
1560 ################################
1561
1562 # This block is not actually functional configuration,
1563 # but serves to illustrate the available configuration
1564 # options and document them in a way that is accessible
1565 # to users that `kubectl edit` this config map.
1566 #
1567 # These sample configuration options may be copied out of
1568 # this example block and unindented to be in the data block
1569 # to actually change the configuration.
1570
1571 # Delay after revision creation before considering it for GC
1572 stale-revision-create-delay: "48h"
1573
1574 # Duration since a route has pointed at the revision before it
1575 # should be GC'd.
1576 # This minus lastpinned-debounce must be longer than the controller
1577 # resync period (10 hours).
1578 stale-revision-timeout: "15h"
1579
1580 # Minimum number of generations of non-active revisions to keep before
1581 # considering them for GC.
1582 stale-revision-minimum-generations: "20"
1583
1584 # To avoid constant updates, we allow an existing annotation to be stale by this
1585 # amount before we update the timestamp.
1586 stale-revision-lastpinned-debounce: "5h"
1587
1588
1589 # ---------------------------------------
1590 # V2 Garbage Collector Settings
1591 # ---------------------------------------
1592 #
1593 # These settings are enabled via the "responsive-revision-gc" feature flag.
1594 # ALPHA NOTE: This feature is still experimental and under active development.
1595 #
1596 # Active
1597 # * Revisions which are referenced by a Route are considered active.
1598 # * Individual revisions may be marked with the annotation
1599 # "knative.dev/no-gc":"true" to be permanently considered active.
1600 # * Active revisions are not considered for GC.
1601 # Retention
1602 # * Revisions are retained if they are any of the following:
1603 # 1. Active
1604 # 2. Were created within "retain-since-create-time"
1605 # 3. Were last referenced by a route within
1606 # "retain-since-last-active-time"
1607 # 4. There are fewer than "min-non-active-revisions"
1608 # If none of these conditions are met, or if the count of revisions exceed
1609 # "max-non-active-revisions", they will be deleted by GC.
1610 # The special value "disabled" may be used to turn off these limits.
1611 #
1612 # Example config to immediately collect any inactive revision:
1613 # min-non-active-revisions: "0"
1614 # retain-since-create-time: "disabled"
1615 # retain-since-last-active-time: "disabled"
1616 #
1617 # Example config to always keep around the last ten non-active revisions:
1618 # retain-since-create-time: "disabled"
1619 # retain-since-last-active-time: "disabled"
1620 # max-non-active-revisions: "10"
1621 #
1622 # Example config to disable all GC:
1623 # retain-since-create-time: "disabled"
1624 # retain-since-last-active-time: "disabled"
1625 # max-non-active-revisions: "disabled"
1626 #
1627 # Example config to keep recently deployed or active revisions,
1628 # always maintain the last two in case of rollback, and prevent
1629 # burst activity from exploding the count of old revisions:
1630 # retain-since-create-time: "48h"
1631 # retain-since-last-active-time: "15h"
1632 # min-non-active-revisions: "2"
1633 # max-non-active-revisions: "1000"
1634
1635 # Duration since creation before considering a revision for GC or "disabled".
1636 retain-since-create-time: "48h"
1637
1638 # Duration since active before considering a revision for GC or "disabled".
1639 retain-since-last-active-time: "15h"
1640
1641 # Minimum number of non-active revisions to retain.
1642 min-non-active-revisions: "20"
1643
1644 # Maximum number of non-active revisions to retain
1645 # or "disabled" to disable any maximum limit.
1646 max-non-active-revisions: "1000"
1647
1648---
1649# Copyright 2020 The Knative Authors
1650#
1651# Licensed under the Apache License, Version 2.0 (the "License");
1652# you may not use this file except in compliance with the License.
1653# You may obtain a copy of the License at
1654#
1655# https://www.apache.org/licenses/LICENSE-2.0
1656#
1657# Unless required by applicable law or agreed to in writing, software
1658# distributed under the License is distributed on an "AS IS" BASIS,
1659# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1660# See the License for the specific language governing permissions and
1661# limitations under the License.
1662
1663apiVersion: v1
1664kind: ConfigMap
1665metadata:
1666 name: config-leader-election
1667 namespace: knative-serving
1668 labels:
1669 serving.knative.dev/release: "v0.18.0"
1670 annotations:
1671 knative.dev/example-checksum: "a255a6cc"
1672data:
1673 _example: |
1674 ################################
1675 # #
1676 # EXAMPLE CONFIGURATION #
1677 # #
1678 ################################
1679
1680 # This block is not actually functional configuration,
1681 # but serves to illustrate the available configuration
1682 # options and document them in a way that is accessible
1683 # to users that `kubectl edit` this config map.
1684 #
1685 # These sample configuration options may be copied out of
1686 # this example block and unindented to be in the data block
1687 # to actually change the configuration.
1688
1689 # leaseDuration is how long non-leaders will wait to try to acquire the
1690 # lock; 15 seconds is the value used by core kubernetes controllers.
1691 leaseDuration: "15s"
1692
1693 # renewDeadline is how long a leader will try to renew the lease before
1694 # giving up; 10 seconds is the value used by core kubernetes controllers.
1695 renewDeadline: "10s"
1696
1697 # retryPeriod is how long the leader election client waits between tries of
1698 # actions; 2 seconds is the value used by core kubernetes controllers.
1699 retryPeriod: "2s"
1700
1701---
1702# Copyright 2018 The Knative Authors
1703#
1704# Licensed under the Apache License, Version 2.0 (the "License");
1705# you may not use this file except in compliance with the License.
1706# You may obtain a copy of the License at
1707#
1708# https://www.apache.org/licenses/LICENSE-2.0
1709#
1710# Unless required by applicable law or agreed to in writing, software
1711# distributed under the License is distributed on an "AS IS" BASIS,
1712# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1713# See the License for the specific language governing permissions and
1714# limitations under the License.
1715
1716apiVersion: v1
1717kind: ConfigMap
1718metadata:
1719 name: config-logging
1720 namespace: knative-serving
1721 labels:
1722 serving.knative.dev/release: "v0.18.0"
1723 annotations:
1724 knative.dev/example-checksum: "23eed3d8"
1725data:
1726 _example: |
1727 ################################
1728 # #
1729 # EXAMPLE CONFIGURATION #
1730 # #
1731 ################################
1732
1733 # This block is not actually functional configuration,
1734 # but serves to illustrate the available configuration
1735 # options and document them in a way that is accessible
1736 # to users that `kubectl edit` this config map.
1737 #
1738 # These sample configuration options may be copied out of
1739 # this example block and unindented to be in the data block
1740 # to actually change the configuration.
1741
1742 # Common configuration for all Knative codebase
1743 zap-logger-config: |
1744 {
1745 "level": "info",
1746 "development": false,
1747 "outputPaths": ["stdout"],
1748 "errorOutputPaths": ["stderr"],
1749 "encoding": "json",
1750 "encoderConfig": {
1751 "timeKey": "ts",
1752 "levelKey": "level",
1753 "nameKey": "logger",
1754 "callerKey": "caller",
1755 "messageKey": "msg",
1756 "stacktraceKey": "stacktrace",
1757 "lineEnding": "",
1758 "levelEncoder": "",
1759 "timeEncoder": "iso8601",
1760 "durationEncoder": "",
1761 "callerEncoder": ""
1762 }
1763 }
1764
1765 # Log level overrides
1766 # For all components except the autoscaler and queue proxy,
1767 # changes are be picked up immediately.
1768 # For autoscaler and queue proxy, changes require recreation of the pods.
1769 loglevel.controller: "info"
1770 loglevel.autoscaler: "info"
1771 loglevel.queueproxy: "info"
1772 loglevel.webhook: "info"
1773 loglevel.activator: "info"
1774 loglevel.hpaautoscaler: "info"
1775 loglevel.certcontroller: "info"
1776 loglevel.istiocontroller: "info"
1777 loglevel.nscontroller: "info"
1778
1779---
1780# Copyright 2018 The Knative Authors
1781#
1782# Licensed under the Apache License, Version 2.0 (the "License");
1783# you may not use this file except in compliance with the License.
1784# You may obtain a copy of the License at
1785#
1786# https://www.apache.org/licenses/LICENSE-2.0
1787#
1788# Unless required by applicable law or agreed to in writing, software
1789# distributed under the License is distributed on an "AS IS" BASIS,
1790# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1791# See the License for the specific language governing permissions and
1792# limitations under the License.
1793
1794apiVersion: v1
1795kind: ConfigMap
1796metadata:
1797 name: config-network
1798 namespace: knative-serving
1799 labels:
1800 serving.knative.dev/release: "v0.18.0"
1801 annotations:
1802 knative.dev/example-checksum: "5e3df87d"
1803data:
1804 _example: |
1805 ################################
1806 # #
1807 # EXAMPLE CONFIGURATION #
1808 # #
1809 ################################
1810
1811 # This block is not actually functional configuration,
1812 # but serves to illustrate the available configuration
1813 # options and document them in a way that is accessible
1814 # to users that `kubectl edit` this config map.
1815 #
1816 # These sample configuration options may be copied out of
1817 # this example block and unindented to be in the data block
1818 # to actually change the configuration.
1819
1820 # ingress.class specifies the default ingress class
1821 # to use when not dictated by Route annotation.
1822 #
1823 # If not specified, will use the Istio ingress.
1824 #
1825 # Note that changing the Ingress class of an existing Route
1826 # will result in undefined behavior. Therefore it is best to only
1827 # update this value during the setup of Knative, to avoid getting
1828 # undefined behavior.
1829 ingress.class: "istio.ingress.networking.knative.dev"
1830
1831 # certificate.class specifies the default Certificate class
1832 # to use when not dictated by Route annotation.
1833 #
1834 # If not specified, will use the Cert-Manager Certificate.
1835 #
1836 # Note that changing the Certificate class of an existing Route
1837 # will result in undefined behavior. Therefore it is best to only
1838 # update this value during the setup of Knative, to avoid getting
1839 # undefined behavior.
1840 certificate.class: "cert-manager.certificate.networking.knative.dev"
1841
1842 # domainTemplate specifies the golang text template string to use
1843 # when constructing the Knative service's DNS name. The default
1844 # value is "{{.Name}}.{{.Namespace}}.{{.Domain}}".
1845 #
1846 # Valid variables defined in the template include Name, Namespace, Domain,
1847 # Labels, and Annotations. Name will be the result of the tagTemplate
1848 # below, if a tag is specified for the route.
1849 #
1850 # Changing this value might be necessary when the extra levels in
1851 # the domain name generated is problematic for wildcard certificates
1852 # that only support a single level of domain name added to the
1853 # certificate's domain. In those cases you might consider using a value
1854 # of "{{.Name}}-{{.Namespace}}.{{.Domain}}", or removing the Namespace
1855 # entirely from the template. When choosing a new value be thoughtful
1856 # of the potential for conflicts - for example, when users choose to use
1857 # characters such as `-` in their service, or namespace, names.
1858 # {{.Annotations}} or {{.Labels}} can be used for any customization in the
1859 # go template if needed.
1860 # We strongly recommend keeping namespace part of the template to avoid
1861 # domain name clashes:
1862 # eg. '{{.Name}}-{{.Namespace}}.{{ index .Annotations "sub"}}.{{.Domain}}'
1863 # and you have an annotation {"sub":"foo"}, then the generated template
1864 # would be {Name}-{Namespace}.foo.{Domain}
1865 domainTemplate: "{{.Name}}.{{.Namespace}}.{{.Domain}}"
1866
1867 # tagTemplate specifies the golang text template string to use
1868 # when constructing the DNS name for "tags" within the traffic blocks
1869 # of Routes and Configuration. This is used in conjunction with the
1870 # domainTemplate above to determine the full URL for the tag.
1871 tagTemplate: "{{.Tag}}-{{.Name}}"
1872
1873 # Controls whether TLS certificates are automatically provisioned and
1874 # installed in the Knative ingress to terminate external TLS connection.
1875 # 1. Enabled: enabling auto-TLS feature.
1876 # 2. Disabled: disabling auto-TLS feature.
1877 autoTLS: "Disabled"
1878
1879 # Controls the behavior of the HTTP endpoint for the Knative ingress.
1880 # It requires autoTLS to be enabled.
1881 # 1. Enabled: The Knative ingress will be able to serve HTTP connection.
1882 # 2. Disabled: The Knative ingress will reject HTTP traffic.
1883 # 3. Redirected: The Knative ingress will send a 302 redirect for all
1884 # http connections, asking the clients to use HTTPS.
1885 httpProtocol: "Enabled"
1886
1887---
1888# Copyright 2018 The Knative Authors
1889#
1890# Licensed under the Apache License, Version 2.0 (the "License");
1891# you may not use this file except in compliance with the License.
1892# You may obtain a copy of the License at
1893#
1894# https://www.apache.org/licenses/LICENSE-2.0
1895#
1896# Unless required by applicable law or agreed to in writing, software
1897# distributed under the License is distributed on an "AS IS" BASIS,
1898# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1899# See the License for the specific language governing permissions and
1900# limitations under the License.
1901
1902apiVersion: v1
1903kind: ConfigMap
1904metadata:
1905 name: config-observability
1906 namespace: knative-serving
1907 labels:
1908 serving.knative.dev/release: "v0.18.0"
1909 annotations:
1910 knative.dev/example-checksum: "11674c15"
1911data:
1912 _example: |
1913 ################################
1914 # #
1915 # EXAMPLE CONFIGURATION #
1916 # #
1917 ################################
1918
1919 # This block is not actually functional configuration,
1920 # but serves to illustrate the available configuration
1921 # options and document them in a way that is accessible
1922 # to users that `kubectl edit` this config map.
1923 #
1924 # These sample configuration options may be copied out of
1925 # this example block and unindented to be in the data block
1926 # to actually change the configuration.
1927
1928 # logging.enable-var-log-collection defaults to false.
1929 # The fluentd daemon set will be set up to collect /var/log if
1930 # this flag is true.
1931 logging.enable-var-log-collection: "false"
1932
1933 # logging.revision-url-template provides a template to use for producing the
1934 # logging URL that is injected into the status of each Revision.
1935 # This value is what you might use the the Knative monitoring bundle, and provides
1936 # access to Kibana after setting up kubectl proxy.
1937 logging.revision-url-template: "http://localhost:8001/api/v1/namespaces/knative-monitoring/services/kibana-logging/proxy/app/kibana#/discover?_a=(query:(match:(kubernetes.labels.knative-dev%2FrevisionUID:(query:'${REVISION_UID}',type:phrase))))"
1938
1939 # If non-empty, this enables queue proxy writing user request logs to stdout, excluding probe
1940 # requests.
1941 # NB: after 0.18 release logging.enable-request-log must be explicitly set to true
1942 # in order for request logging to be enabled.
1943 #
1944 # The value determines the shape of the request logs and it must be a valid go text/template.
1945 # It is important to keep this as a single line. Multiple lines are parsed as separate entities
1946 # by most collection agents and will split the request logs into multiple records.
1947 #
1948 # The following fields and functions are available to the template:
1949 #
1950 # Request: An http.Request (see https://golang.org/pkg/net/http/#Request)
1951 # representing an HTTP request received by the server.
1952 #
1953 # Response:
1954 # struct {
1955 # Code int // HTTP status code (see https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml)
1956 # Size int // An int representing the size of the response.
1957 # Latency float64 // A float64 representing the latency of the response in seconds.
1958 # }
1959 #
1960 # Revision:
1961 # struct {
1962 # Name string // Knative revision name
1963 # Namespace string // Knative revision namespace
1964 # Service string // Knative service name
1965 # Configuration string // Knative configuration name
1966 # PodName string // Name of the pod hosting the revision
1967 # PodIP string // IP of the pod hosting the revision
1968 # }
1969 #
1970 logging.request-log-template: '{"httpRequest": {"requestMethod": "{{.Request.Method}}", "requestUrl": "{{js .Request.RequestURI}}", "requestSize": "{{.Request.ContentLength}}", "status": {{.Response.Code}}, "responseSize": "{{.Response.Size}}", "userAgent": "{{js .Request.UserAgent}}", "remoteIp": "{{js .Request.RemoteAddr}}", "serverIp": "{{.Revision.PodIP}}", "referer": "{{js .Request.Referer}}", "latency": "{{.Response.Latency}}s", "protocol": "{{.Request.Proto}}"}, "traceId": "{{index .Request.Header "X-B3-Traceid"}}"}'
1971
1972 # If true, the request logging will be enabled.
1973 # NB: up to and including Knative version 0.18 if logging.requst-log-template is non-empty, this value
1974 # will be ignored.
1975 logging.enable-request-log: "false"
1976
1977 # If true, this enables queue proxy writing request logs for probe requests to stdout.
1978 # It uses the same template for user requests, i.e. logging.request-log-template.
1979 logging.enable-probe-request-log: "false"
1980
1981 # metrics.backend-destination field specifies the system metrics destination.
1982 # It supports either prometheus (the default) or stackdriver.
1983 # Note: Using stackdriver will incur additional charges
1984 metrics.backend-destination: prometheus
1985
1986 # metrics.request-metrics-backend-destination specifies the request metrics
1987 # destination. It enables queue proxy to send request metrics.
1988 # Currently supported values: prometheus (the default), stackdriver.
1989 metrics.request-metrics-backend-destination: prometheus
1990
1991 # metrics.stackdriver-project-id field specifies the stackdriver project ID. This
1992 # field is optional. When running on GCE, application default credentials will be
1993 # used if this field is not provided.
1994 metrics.stackdriver-project-id: "<your stackdriver project id>"
1995
1996 # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to
1997 # Stackdriver using "global" resource type and custom metric type if the
1998 # metrics are not supported by "knative_revision" resource type. Setting this
1999 # flag to "true" could cause extra Stackdriver charge.
2000 # If metrics.backend-destination is not Stackdriver, this is ignored.
2001 metrics.allow-stackdriver-custom-metrics: "false"
2002
2003 # profiling.enable indicates whether it is allowed to retrieve runtime profiling data from
2004 # the pods via an HTTP server in the format expected by the pprof visualization tool. When
2005 # enabled, the Knative Serving pods expose the profiling data on an alternate HTTP port 8008.
2006 # The HTTP context root for profiling is then /debug/pprof/.
2007 profiling.enable: "false"
2008
2009---
2010# Copyright 2019 The Knative Authors
2011#
2012# Licensed under the Apache License, Version 2.0 (the "License");
2013# you may not use this file except in compliance with the License.
2014# You may obtain a copy of the License at
2015#
2016# https://www.apache.org/licenses/LICENSE-2.0
2017#
2018# Unless required by applicable law or agreed to in writing, software
2019# distributed under the License is distributed on an "AS IS" BASIS,
2020# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2021# See the License for the specific language governing permissions and
2022# limitations under the License.
2023
2024apiVersion: v1
2025kind: ConfigMap
2026metadata:
2027 name: config-tracing
2028 namespace: knative-serving
2029 labels:
2030 serving.knative.dev/release: "v0.18.0"
2031 annotations:
2032 knative.dev/example-checksum: "4002b4c2"
2033data:
2034 _example: |
2035 ################################
2036 # #
2037 # EXAMPLE CONFIGURATION #
2038 # #
2039 ################################
2040
2041 # This block is not actually functional configuration,
2042 # but serves to illustrate the available configuration
2043 # options and document them in a way that is accessible
2044 # to users that `kubectl edit` this config map.
2045 #
2046 # These sample configuration options may be copied out of
2047 # this example block and unindented to be in the data block
2048 # to actually change the configuration.
2049 #
2050 # This may be "zipkin" or "stackdriver", the default is "none"
2051 backend: "none"
2052
2053 # URL to zipkin collector where traces are sent.
2054 # This must be specified when backend is "zipkin"
2055 zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans"
2056
2057 # The GCP project into which stackdriver metrics will be written
2058 # when backend is "stackdriver". If unspecified, the project-id
2059 # is read from GCP metadata when running on GCP.
2060 stackdriver-project-id: "my-project"
2061
2062 # Enable zipkin debug mode. This allows all spans to be sent to the server
2063 # bypassing sampling.
2064 debug: "false"
2065
2066 # Percentage (0-1) of requests to trace
2067 sample-rate: "0.1"
2068
2069---
2070# Copyright 2020 The Knative Authors
2071#
2072# Licensed under the Apache License, Version 2.0 (the "License");
2073# you may not use this file except in compliance with the License.
2074# You may obtain a copy of the License at
2075#
2076# https://www.apache.org/licenses/LICENSE-2.0
2077#
2078# Unless required by applicable law or agreed to in writing, software
2079# distributed under the License is distributed on an "AS IS" BASIS,
2080# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2081# See the License for the specific language governing permissions and
2082# limitations under the License.
2083
2084apiVersion: autoscaling/v2beta1
2085kind: HorizontalPodAutoscaler
2086metadata:
2087 name: activator
2088 namespace: knative-serving
2089 labels:
2090 serving.knative.dev/release: "v0.18.0"
2091spec:
2092 minReplicas: 1
2093 maxReplicas: 20
2094 scaleTargetRef:
2095 apiVersion: apps/v1
2096 kind: Deployment
2097 name: activator
2098 metrics:
2099 - type: Resource
2100 resource:
2101 name: cpu
2102 # Percentage of the requested CPU
2103 targetAverageUtilization: 100
2104---
2105# Activator PDB. Currently we permit unavailability of 20% of tasks at the same time.
2106# Given the subsetting and that the activators are partially stateful systems, we want
2107# a slow rollout of the new versions and slow migration during node upgrades.
2108apiVersion: policy/v1beta1
2109kind: PodDisruptionBudget
2110metadata:
2111 name: activator-pdb
2112 namespace: knative-serving
2113 labels:
2114 serving.knative.dev/release: "v0.18.0"
2115spec:
2116 minAvailable: 80%
2117 selector:
2118 matchLabels:
2119 app: activator
2120
2121---
2122# Copyright 2018 The Knative Authors
2123#
2124# Licensed under the Apache License, Version 2.0 (the "License");
2125# you may not use this file except in compliance with the License.
2126# You may obtain a copy of the License at
2127#
2128# https://www.apache.org/licenses/LICENSE-2.0
2129#
2130# Unless required by applicable law or agreed to in writing, software
2131# distributed under the License is distributed on an "AS IS" BASIS,
2132# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2133# See the License for the specific language governing permissions and
2134# limitations under the License.
2135
2136apiVersion: apps/v1
2137kind: Deployment
2138metadata:
2139 name: activator
2140 namespace: knative-serving
2141 labels:
2142 serving.knative.dev/release: "v0.18.0"
2143spec:
2144 selector:
2145 matchLabels:
2146 app: activator
2147 role: activator
2148 template:
2149 metadata:
2150 annotations:
2151 cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
2152 labels:
2153 app: activator
2154 role: activator
2155 serving.knative.dev/release: "v0.18.0"
2156 spec:
2157 serviceAccountName: controller
2158 containers:
2159 - name: activator
2160 # This is the Go import path for the binary that is containerized
2161 # and substituted here.
2162 image: gcr.io/knative-releases/knative.dev/serving/cmd/activator@sha256:69065cec1c1d57d1b16eb448c1abd895c2c554ef0ec19bedd1c14dc3150d2ff1
2163 # The numbers are based on performance test results from
2164 # https://github.com/knative/serving/issues/1625#issuecomment-511930023
2165 resources:
2166 requests:
2167 cpu: 300m
2168 memory: 60Mi
2169 limits:
2170 cpu: 1000m
2171 memory: 600Mi
2172 env:
2173 - # Run Activator with GC collection when newly generated memory is 500%.
2174 name: GOGC
2175 value: "500"
2176 - name: POD_NAME
2177 valueFrom:
2178 fieldRef:
2179 fieldPath: metadata.name
2180 - name: POD_IP
2181 valueFrom:
2182 fieldRef:
2183 fieldPath: status.podIP
2184 - name: SYSTEM_NAMESPACE
2185 valueFrom:
2186 fieldRef:
2187 fieldPath: metadata.namespace
2188 - name: CONFIG_LOGGING_NAME
2189 value: config-logging
2190 - name: CONFIG_OBSERVABILITY_NAME
2191 value: config-observability
2192 - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config
2193 name: METRICS_DOMAIN
2194 value: knative.dev/internal/serving
2195 securityContext:
2196 allowPrivilegeEscalation: false
2197 ports:
2198 - name: metrics
2199 containerPort: 9090
2200 - name: profiling
2201 containerPort: 8008
2202 - name: http1
2203 containerPort: 8012
2204 - name: h2c
2205 containerPort: 8013
2206 readinessProbe:
2207 httpGet:
2208 port: 8012
2209 httpHeaders:
2210 - name: k-kubelet-probe
2211 value: "activator"
2212 failureThreshold: 12
2213 livenessProbe:
2214 httpGet:
2215 port: 8012
2216 httpHeaders:
2217 - name: k-kubelet-probe
2218 value: "activator"
2219 failureThreshold: 12
2220 initialDelaySeconds: 15
2221 # The activator (often) sits on the dataplane, and may proxy long (e.g.
2222 # streaming, websockets) requests. We give a long grace period for the
2223 # activator to "lame duck" and drain outstanding requests before we
2224 # forcibly terminate the pod (and outstanding connections). This value
2225 # should be at least as large as the upper bound on the Revision's
2226 # timeoutSeconds property to avoid servicing events disrupting
2227 # connections.
2228 terminationGracePeriodSeconds: 600
2229---
2230apiVersion: v1
2231kind: Service
2232metadata:
2233 name: activator-service
2234 namespace: knative-serving
2235 labels:
2236 app: activator
2237 serving.knative.dev/release: "v0.18.0"
2238spec:
2239 selector:
2240 app: activator
2241 ports:
2242 - # Define metrics and profiling for them to be accessible within service meshes.
2243 name: http-metrics
2244 port: 9090
2245 targetPort: 9090
2246 - name: http-profiling
2247 port: 8008
2248 targetPort: 8008
2249 - name: http
2250 port: 80
2251 targetPort: 8012
2252 - name: http2
2253 port: 81
2254 targetPort: 8013
2255 type: ClusterIP
2256
2257---
2258# Copyright 2018 The Knative Authors
2259#
2260# Licensed under the Apache License, Version 2.0 (the "License");
2261# you may not use this file except in compliance with the License.
2262# You may obtain a copy of the License at
2263#
2264# https://www.apache.org/licenses/LICENSE-2.0
2265#
2266# Unless required by applicable law or agreed to in writing, software
2267# distributed under the License is distributed on an "AS IS" BASIS,
2268# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2269# See the License for the specific language governing permissions and
2270# limitations under the License.
2271
2272apiVersion: apps/v1
2273kind: Deployment
2274metadata:
2275 name: autoscaler
2276 namespace: knative-serving
2277 labels:
2278 serving.knative.dev/release: "v0.18.0"
2279spec:
2280 replicas: 1
2281 selector:
2282 matchLabels:
2283 app: autoscaler
2284 template:
2285 metadata:
2286 annotations:
2287 cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
2288 labels:
2289 app: autoscaler
2290 serving.knative.dev/release: "v0.18.0"
2291 spec:
2292 # To avoid node becoming SPOF, spread our replicas to different nodes.
2293 affinity:
2294 podAntiAffinity:
2295 preferredDuringSchedulingIgnoredDuringExecution:
2296 - podAffinityTerm:
2297 labelSelector:
2298 matchLabels:
2299 app: autoscaler
2300 topologyKey: kubernetes.io/hostname
2301 weight: 100
2302 serviceAccountName: controller
2303 containers:
2304 - name: autoscaler
2305 # This is the Go import path for the binary that is containerized
2306 # and substituted here.
2307 image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler@sha256:bc1f5dc5594e880dcb126336d8344f0a87cf22075ef32eebd3280e6548ef22ef
2308 resources:
2309 requests:
2310 cpu: 30m
2311 memory: 40Mi
2312 limits:
2313 cpu: 300m
2314 memory: 400Mi
2315 env:
2316 - name: POD_NAME
2317 valueFrom:
2318 fieldRef:
2319 fieldPath: metadata.name
2320 - name: SYSTEM_NAMESPACE
2321 valueFrom:
2322 fieldRef:
2323 fieldPath: metadata.namespace
2324 - name: CONFIG_LOGGING_NAME
2325 value: config-logging
2326 - name: CONFIG_OBSERVABILITY_NAME
2327 value: config-observability
2328 - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config
2329 name: METRICS_DOMAIN
2330 value: knative.dev/serving
2331 securityContext:
2332 allowPrivilegeEscalation: false
2333 ports:
2334 - name: metrics
2335 containerPort: 9090
2336 - name: profiling
2337 containerPort: 8008
2338 - name: websocket
2339 containerPort: 8080
2340 readinessProbe:
2341 httpGet:
2342 port: 8080
2343 httpHeaders:
2344 - name: k-kubelet-probe
2345 value: "autoscaler"
2346 livenessProbe:
2347 httpGet:
2348 port: 8080
2349 httpHeaders:
2350 - name: k-kubelet-probe
2351 value: "autoscaler"
2352 failureThreshold: 6
2353---
2354apiVersion: v1
2355kind: Service
2356metadata:
2357 labels:
2358 app: autoscaler
2359 serving.knative.dev/release: "v0.18.0"
2360 name: autoscaler
2361 namespace: knative-serving
2362spec:
2363 ports:
2364 - # Define metrics and profiling for them to be accessible within service meshes.
2365 name: http-metrics
2366 port: 9090
2367 targetPort: 9090
2368 - name: http-profiling
2369 port: 8008
2370 targetPort: 8008
2371 - name: http
2372 port: 8080
2373 targetPort: 8080
2374 selector:
2375 app: autoscaler
2376
2377---
2378# Copyright 2018 The Knative Authors
2379#
2380# Licensed under the Apache License, Version 2.0 (the "License");
2381# you may not use this file except in compliance with the License.
2382# You may obtain a copy of the License at
2383#
2384# https://www.apache.org/licenses/LICENSE-2.0
2385#
2386# Unless required by applicable law or agreed to in writing, software
2387# distributed under the License is distributed on an "AS IS" BASIS,
2388# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2389# See the License for the specific language governing permissions and
2390# limitations under the License.
2391
2392apiVersion: apps/v1
2393kind: Deployment
2394metadata:
2395 name: controller
2396 namespace: knative-serving
2397 labels:
2398 serving.knative.dev/release: "v0.18.0"
2399spec:
2400 selector:
2401 matchLabels:
2402 app: controller
2403 template:
2404 metadata:
2405 annotations:
2406 cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
2407 labels:
2408 app: controller
2409 serving.knative.dev/release: "v0.18.0"
2410 spec:
2411 # To avoid node becoming SPOF, spread our replicas to different nodes.
2412 affinity:
2413 podAntiAffinity:
2414 preferredDuringSchedulingIgnoredDuringExecution:
2415 - podAffinityTerm:
2416 labelSelector:
2417 matchLabels:
2418 app: controller
2419 topologyKey: kubernetes.io/hostname
2420 weight: 100
2421 serviceAccountName: controller
2422 containers:
2423 - name: controller
2424 # This is the Go import path for the binary that is containerized
2425 # and substituted here.
2426 image: gcr.io/knative-releases/knative.dev/serving/cmd/controller@sha256:8b2b5d06ab5b3bbbe0f40393b3e39f6aceb80542d5cfbab97e89758b59b5ef6e
2427 resources:
2428 requests:
2429 cpu: 100m
2430 memory: 100Mi
2431 limits:
2432 cpu: 1000m
2433 memory: 1000Mi
2434 env:
2435 - name: POD_NAME
2436 valueFrom:
2437 fieldRef:
2438 fieldPath: metadata.name
2439 - name: SYSTEM_NAMESPACE
2440 valueFrom:
2441 fieldRef:
2442 fieldPath: metadata.namespace
2443 - name: CONFIG_LOGGING_NAME
2444 value: config-logging
2445 - name: CONFIG_OBSERVABILITY_NAME
2446 value: config-observability
2447 - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config
2448 name: METRICS_DOMAIN
2449 value: knative.dev/internal/serving
2450 securityContext:
2451 allowPrivilegeEscalation: false
2452 ports:
2453 - name: metrics
2454 containerPort: 9090
2455 - name: profiling
2456 containerPort: 8008
2457---
2458apiVersion: v1
2459kind: Service
2460metadata:
2461 labels:
2462 app: controller
2463 serving.knative.dev/release: "v0.18.0"
2464 name: controller
2465 namespace: knative-serving
2466spec:
2467 ports:
2468 - # Define metrics and profiling for them to be accessible within service meshes.
2469 name: http-metrics
2470 port: 9090
2471 targetPort: 9090
2472 - name: http-profiling
2473 port: 8008
2474 targetPort: 8008
2475 selector:
2476 app: controller
2477
2478---
2479# Copyright 2018 The Knative Authors
2480#
2481# Licensed under the Apache License, Version 2.0 (the "License");
2482# you may not use this file except in compliance with the License.
2483# You may obtain a copy of the License at
2484#
2485# https://www.apache.org/licenses/LICENSE-2.0
2486#
2487# Unless required by applicable law or agreed to in writing, software
2488# distributed under the License is distributed on an "AS IS" BASIS,
2489# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2490# See the License for the specific language governing permissions and
2491# limitations under the License.
2492
2493apiVersion: apps/v1
2494kind: Deployment
2495metadata:
2496 name: webhook
2497 namespace: knative-serving
2498 labels:
2499 serving.knative.dev/release: "v0.18.0"
2500spec:
2501 selector:
2502 matchLabels:
2503 app: webhook
2504 role: webhook
2505 template:
2506 metadata:
2507 annotations:
2508 cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
2509 labels:
2510 app: webhook
2511 role: webhook
2512 serving.knative.dev/release: "v0.18.0"
2513 spec:
2514 # To avoid node becoming SPOF, spread our replicas to different nodes.
2515 affinity:
2516 podAntiAffinity:
2517 preferredDuringSchedulingIgnoredDuringExecution:
2518 - podAffinityTerm:
2519 labelSelector:
2520 matchLabels:
2521 app: webhook
2522 topologyKey: kubernetes.io/hostname
2523 weight: 100
2524 serviceAccountName: controller
2525 containers:
2526 - name: webhook
2527 # This is the Go import path for the binary that is containerized
2528 # and substituted here.
2529 image: gcr.io/knative-releases/knative.dev/serving/cmd/webhook@sha256:e65e11bc8711ed619b346f0385de4d266f59dccf0781fe41a416559b85d414ed
2530 resources:
2531 requests:
2532 cpu: 100m
2533 memory: 100Mi
2534 limits:
2535 cpu: 500m
2536 memory: 500Mi
2537 env:
2538 - name: POD_NAME
2539 valueFrom:
2540 fieldRef:
2541 fieldPath: metadata.name
2542 - name: SYSTEM_NAMESPACE
2543 valueFrom:
2544 fieldRef:
2545 fieldPath: metadata.namespace
2546 - name: CONFIG_LOGGING_NAME
2547 value: config-logging
2548 - name: CONFIG_OBSERVABILITY_NAME
2549 value: config-observability
2550 - name: WEBHOOK_PORT
2551 value: "8443"
2552 - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config
2553 name: METRICS_DOMAIN
2554 value: knative.dev/serving
2555 securityContext:
2556 allowPrivilegeEscalation: false
2557 ports:
2558 - name: metrics
2559 containerPort: 9090
2560 - name: profiling
2561 containerPort: 8008
2562 - name: https-webhook
2563 containerPort: 8443
2564 readinessProbe:
2565 periodSeconds: 1
2566 httpGet:
2567 scheme: HTTPS
2568 port: 8443
2569 httpHeaders:
2570 - name: k-kubelet-probe
2571 value: "webhook"
2572 livenessProbe:
2573 periodSeconds: 1
2574 httpGet:
2575 scheme: HTTPS
2576 port: 8443
2577 httpHeaders:
2578 - name: k-kubelet-probe
2579 value: "webhook"
2580 failureThreshold: 6
2581 # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently
2582 # high value that we respect whatever value it has configured for the lame duck grace period.
2583 terminationGracePeriodSeconds: 300
2584---
2585apiVersion: v1
2586kind: Service
2587metadata:
2588 labels:
2589 role: webhook
2590 serving.knative.dev/release: "v0.18.0"
2591 name: webhook
2592 namespace: knative-serving
2593spec:
2594 ports:
2595 - # Define metrics and profiling for them to be accessible within service meshes.
2596 name: http-metrics
2597 port: 9090
2598 targetPort: 9090
2599 - name: http-profiling
2600 port: 8008
2601 targetPort: 8008
2602 - name: https-webhook
2603 port: 443
2604 targetPort: 8443
2605 selector:
2606 role: webhook
2607
2608---
2609# Copyright 2020 The Knative Authors
2610#
2611# Licensed under the Apache License, Version 2.0 (the "License");
2612# you may not use this file except in compliance with the License.
2613# You may obtain a copy of the License at
2614#
2615# https://www.apache.org/licenses/LICENSE-2.0
2616#
2617# Unless required by applicable law or agreed to in writing, software
2618# distributed under the License is distributed on an "AS IS" BASIS,
2619# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2620# See the License for the specific language governing permissions and
2621# limitations under the License.
2622
2623apiVersion: admissionregistration.k8s.io/v1
2624kind: ValidatingWebhookConfiguration
2625metadata:
2626 name: config.webhook.serving.knative.dev
2627 labels:
2628 serving.knative.dev/release: "v0.18.0"
2629webhooks:
2630- admissionReviewVersions: ["v1", "v1beta1"]
2631 clientConfig:
2632 service:
2633 name: webhook
2634 namespace: knative-serving
2635 failurePolicy: Fail
2636 sideEffects: None
2637 name: config.webhook.serving.knative.dev
2638 namespaceSelector:
2639 matchExpressions:
2640 - key: serving.knative.dev/release
2641 operator: Exists
2642 timeoutSeconds: 10
2643
2644---
2645# Copyright 2020 The Knative Authors
2646#
2647# Licensed under the Apache License, Version 2.0 (the "License");
2648# you may not use this file except in compliance with the License.
2649# You may obtain a copy of the License at
2650#
2651# https://www.apache.org/licenses/LICENSE-2.0
2652#
2653# Unless required by applicable law or agreed to in writing, software
2654# distributed under the License is distributed on an "AS IS" BASIS,
2655# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2656# See the License for the specific language governing permissions and
2657# limitations under the License.
2658
2659apiVersion: admissionregistration.k8s.io/v1
2660kind: MutatingWebhookConfiguration
2661metadata:
2662 name: webhook.serving.knative.dev
2663 labels:
2664 serving.knative.dev/release: "v0.18.0"
2665webhooks:
2666- admissionReviewVersions: ["v1", "v1beta1"]
2667 clientConfig:
2668 service:
2669 name: webhook
2670 namespace: knative-serving
2671 failurePolicy: Fail
2672 sideEffects: None
2673 name: webhook.serving.knative.dev
2674 timeoutSeconds: 10
2675
2676---
2677# Copyright 2020 The Knative Authors
2678#
2679# Licensed under the Apache License, Version 2.0 (the "License");
2680# you may not use this file except in compliance with the License.
2681# You may obtain a copy of the License at
2682#
2683# https://www.apache.org/licenses/LICENSE-2.0
2684#
2685# Unless required by applicable law or agreed to in writing, software
2686# distributed under the License is distributed on an "AS IS" BASIS,
2687# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2688# See the License for the specific language governing permissions and
2689# limitations under the License.
2690
2691apiVersion: admissionregistration.k8s.io/v1
2692kind: ValidatingWebhookConfiguration
2693metadata:
2694 name: validation.webhook.serving.knative.dev
2695 labels:
2696 serving.knative.dev/release: "v0.18.0"
2697webhooks:
2698- admissionReviewVersions: ["v1", "v1beta1"]
2699 clientConfig:
2700 service:
2701 name: webhook
2702 namespace: knative-serving
2703 failurePolicy: Fail
2704 sideEffects: None
2705 name: validation.webhook.serving.knative.dev
2706 timeoutSeconds: 10
2707
2708---
2709# Copyright 2020 The Knative Authors
2710#
2711# Licensed under the Apache License, Version 2.0 (the "License");
2712# you may not use this file except in compliance with the License.
2713# You may obtain a copy of the License at
2714#
2715# https://www.apache.org/licenses/LICENSE-2.0
2716#
2717# Unless required by applicable law or agreed to in writing, software
2718# distributed under the License is distributed on an "AS IS" BASIS,
2719# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2720# See the License for the specific language governing permissions and
2721# limitations under the License.
2722
2723apiVersion: v1
2724kind: Secret
2725metadata:
2726 name: webhook-certs
2727 namespace: knative-serving
2728 labels:
2729 serving.knative.dev/release: "v0.18.0"
2730# The data is populated at install time.
2731
2732---
View as plain text