diff --git a/.github/workflows/linting_bash_python_yaml_files.yaml b/.github/workflows/linting_bash_python_yaml_files.yaml
index 865438f70a..917d1f60c0 100644
--- a/.github/workflows/linting_bash_python_yaml_files.yaml
+++ b/.github/workflows/linting_bash_python_yaml_files.yaml
@@ -71,7 +71,10 @@ jobs:
- name: Set up changed files
id: changed_files
run: |
- git diff --name-only --diff-filter=AM origin/master...HEAD | grep -E '^common/.*\.ya?ml$|^example/.*\.ya?ml$|^hack/.*\.ya?ml$|^tests/.*\.ya?ml$|^.github/.*\.ya?ml$' > changed_files_in_PR.txt || true
+ git diff --name-only --diff-filter=AM origin/master...HEAD \
+ | grep -v 'upstream' \
+ | grep -E '^common/.*\.ya?ml$|^example/.*\.ya?ml$|^hack/.*\.ya?ml$|^tests/.*\.ya?ml$|^.github/.*\.ya?ml$' \
+ > changed_files_in_PR.txt || true
if [ ! -s changed_files_in_PR.txt ]; then
echo "No YAML files have changed in this PR." > changed_files_in_PR.txt
fi
diff --git a/.github/workflows/pipeline_run_from_notebook.yaml b/.github/workflows/pipeline_run_from_notebook.yaml
index 1cb526310a..3f1aee3914 100644
--- a/.github/workflows/pipeline_run_from_notebook.yaml
+++ b/.github/workflows/pipeline_run_from_notebook.yaml
@@ -11,7 +11,7 @@ on:
- common/cert-manager/**
- common/oauth2-proxy/**
- common/istio*/**
- - common/**
+ - common/kubeflow-namespace/**
- apps/jupyter/**
jobs:
diff --git a/README.md b/README.md
index 027369d48f..07d017d476 100644
--- a/README.md
+++ b/README.md
@@ -65,7 +65,7 @@ used from the different projects of Kubeflow:
| Component | Local Manifests Path | Upstream Revision |
| - | - | - |
| Istio | common/istio-1-23 | [1.23.2](https://github.com/istio/istio/releases/tag/1.23.2) |
-| Knative | common/knative/knative-serving
common/knative/knative-eventing | [v1.12.4](https://github.com/knative/serving/releases/tag/knative-v1.12.4)
[v1.12.6](https://github.com/knative/eventing/releases/tag/knative-v1.12.6) |
+| Knative | common/knative/knative-serving
common/knative/knative-eventing | [v1.16.0](https://github.com/knative/serving/releases/tag/knative-v1.16.0)
[v1.16.1](https://github.com/knative/eventing/releases/tag/knative-v1.16.1) |
| Cert Manager | common/cert-manager | [1.14.5](https://github.com/cert-manager/cert-manager/releases/tag/v1.12.2) |
## Installation
diff --git a/common/knative/README.md b/common/knative/README.md
index 2c2cc54110..504439f41b 100644
--- a/common/knative/README.md
+++ b/common/knative/README.md
@@ -4,8 +4,8 @@
The manifests for Knative Serving are based off the following:
- - [Knative serving (v1.12.4)](https://github.com/knative/serving/releases/tag/knative-v1.12.4)
- - [Knative ingress controller for Istio (v1.12.3)](https://github.com/knative-extensions/net-istio/releases/tag/knative-v1.12.3)
+ - [Knative serving (v1.16.0)](https://github.com/knative/serving/releases/tag/knative-v1.16.0)
+ - [Knative ingress controller for Istio (v1.16.0)](https://github.com/knative-extensions/net-istio/releases/tag/knative-v1.16.0)
1. Download the knative-serving manifests with the following commands:
@@ -54,7 +54,7 @@ The manifests for Knative Serving are based off the following:
## Knative-Eventing
-The manifests for Knative Eventing are based off the [v1.12.6 release](https://github.com/knative/eventing/releases/tag/knative-v1.12.6).
+The manifests for Knative Eventing are based off the [v1.16.1 release](https://github.com/knative/eventing/releases/tag/knative-v1.16.1).
- [Eventing Core](https://github.com/knative/eventing/releases/download/knative-v1.12.6/eventing-core.yaml)
- [In-Memory Channel](https://github.com/knative/eventing/releases/download/knative-v1.12.6/in-memory-channel.yaml)
diff --git a/common/knative/knative-eventing-post-install-jobs/base/eventing-post-install.yaml b/common/knative/knative-eventing-post-install-jobs/base/eventing-post-install.yaml
index 9d58bba2d9..c3c6f4c354 100644
--- a/common/knative/knative-eventing-post-install-jobs/base/eventing-post-install.yaml
+++ b/common/knative/knative-eventing-post-install-jobs/base/eventing-post-install.yaml
@@ -7,7 +7,7 @@ metadata:
app: "storage-version-migration-eventing"
app.kubernetes.io/name: knative-eventing
app.kubernetes.io/component: storage-version-migration-job
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
name: storage-version-migration-eventing
spec:
ttlSecondsAfterFinished: 600
@@ -18,34 +18,36 @@ spec:
app: "storage-version-migration-eventing"
app.kubernetes.io/name: knative-eventing
app.kubernetes.io/component: storage-version-migration-job
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
+ sidecar.istio.io/inject: "false"
annotations:
sidecar.istio.io/inject: "false"
spec:
serviceAccountName: knative-eventing-post-install-job
restartPolicy: OnFailure
containers:
- - name: migrate
- image: gcr.io/knative-releases/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:d438c3ad2fcef3c7ea1b3abb910f5fa911c8a1466d6460ac0b11bf034797d6f6
- args:
- - "apiserversources.sources.knative.dev"
- - "brokers.eventing.knative.dev"
- - "channels.messaging.knative.dev"
- - "containersources.sources.knative.dev"
- - "eventtypes.eventing.knative.dev"
- - "inmemorychannels.messaging.knative.dev"
- - "parallels.flows.knative.dev"
- - "pingsources.sources.knative.dev"
- - "sequences.flows.knative.dev"
- - "sinkbindings.sources.knative.dev"
- - "subscriptions.messaging.knative.dev"
- - "triggers.eventing.knative.dev"
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- capabilities:
- drop:
- - ALL
- seccompProfile:
- type: RuntimeDefault
+ - name: migrate
+ image: gcr.io/knative-releases/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:f1786ed71c979b93e3fba02c4cfb3df33d97be0cce2c9ef994bfba4cc15a5558
+ args:
+ - "apiserversources.sources.knative.dev"
+ - "brokers.eventing.knative.dev"
+ - "channels.messaging.knative.dev"
+ - "containersources.sources.knative.dev"
+ - "eventtypes.eventing.knative.dev"
+ - "inmemorychannels.messaging.knative.dev"
+ - "parallels.flows.knative.dev"
+ - "pingsources.sources.knative.dev"
+ - "sequences.flows.knative.dev"
+ - "sinkbindings.sources.knative.dev"
+ - "subscriptions.messaging.knative.dev"
+ - "triggers.eventing.knative.dev"
+ - "jobsinks.sinks.knative.dev"
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ capabilities:
+ drop:
+ - ALL
+ seccompProfile:
+ type: RuntimeDefault
diff --git a/common/knative/knative-eventing/base/upstream/eventing-core.yaml b/common/knative/knative-eventing/base/upstream/eventing-core.yaml
index 510a8b3dce..df1663fae4 100644
--- a/common/knative/knative-eventing/base/upstream/eventing-core.yaml
+++ b/common/knative/knative-eventing/base/upstream/eventing-core.yaml
@@ -3,7 +3,7 @@ kind: Namespace
metadata:
name: knative-eventing
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
---
apiVersion: v1
@@ -12,7 +12,7 @@ metadata:
name: eventing-controller
namespace: knative-eventing
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
---
apiVersion: rbac.authorization.k8s.io/v1
@@ -20,7 +20,7 @@ kind: ClusterRoleBinding
metadata:
name: eventing-controller
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
subjects:
- kind: ServiceAccount
@@ -36,7 +36,7 @@ kind: ClusterRoleBinding
metadata:
name: eventing-controller-resolver
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
subjects:
- kind: ServiceAccount
@@ -52,7 +52,7 @@ kind: ClusterRoleBinding
metadata:
name: eventing-controller-source-observer
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
subjects:
- kind: ServiceAccount
@@ -68,7 +68,7 @@ kind: ClusterRoleBinding
metadata:
name: eventing-controller-sources-controller
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
subjects:
- kind: ServiceAccount
@@ -84,7 +84,7 @@ kind: ClusterRoleBinding
metadata:
name: eventing-controller-manipulator
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
subjects:
- kind: ServiceAccount
@@ -95,13 +95,54 @@ roleRef:
name: channelable-manipulator
apiGroup: rbac.authorization.k8s.io
---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: eventing-controller-crossnamespace-subscriber
+ labels:
+ app.kubernetes.io/version: "1.16.1"
+ app.kubernetes.io/name: knative-eventing
+subjects:
+ - kind: ServiceAccount
+ name: eventing-controller
+ namespace: knative-eventing
+roleRef:
+ kind: ClusterRole
+ name: crossnamespace-subscriber
+ apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: job-sink
+ namespace: knative-eventing
+ labels:
+ app.kubernetes.io/version: "1.16.1"
+ app.kubernetes.io/name: knative-eventing
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: knative-eventing-job-sink
+ labels:
+ app.kubernetes.io/version: "1.16.1"
+ app.kubernetes.io/name: knative-eventing
+subjects:
+ - kind: ServiceAccount
+ name: job-sink
+ namespace: knative-eventing
+roleRef:
+ kind: ClusterRole
+ name: knative-eventing-job-sink
+ apiGroup: rbac.authorization.k8s.io
+---
apiVersion: v1
kind: ServiceAccount
metadata:
name: pingsource-mt-adapter
namespace: knative-eventing
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
---
apiVersion: rbac.authorization.k8s.io/v1
@@ -109,7 +150,7 @@ kind: ClusterRoleBinding
metadata:
name: knative-eventing-pingsource-mt-adapter
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
subjects:
- kind: ServiceAccount
@@ -126,7 +167,7 @@ metadata:
name: eventing-webhook
namespace: knative-eventing
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
---
apiVersion: rbac.authorization.k8s.io/v1
@@ -134,7 +175,7 @@ kind: ClusterRoleBinding
metadata:
name: eventing-webhook
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
subjects:
- kind: ServiceAccount
@@ -151,7 +192,7 @@ metadata:
namespace: knative-eventing
name: eventing-webhook
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
subjects:
- kind: ServiceAccount
@@ -167,7 +208,7 @@ kind: ClusterRoleBinding
metadata:
name: eventing-webhook-resolver
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
subjects:
- kind: ServiceAccount
@@ -183,7 +224,7 @@ kind: ClusterRoleBinding
metadata:
name: eventing-webhook-podspecable-binding
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
subjects:
- kind: ServiceAccount
@@ -200,7 +241,7 @@ metadata:
name: config-br-default-channel
namespace: knative-eventing
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
data:
channel-template-spec: |
@@ -213,7 +254,7 @@ metadata:
name: config-br-defaults
namespace: knative-eventing
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
data:
default-br-config: |
@@ -234,7 +275,7 @@ metadata:
name: default-ch-webhook
namespace: knative-eventing
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
data:
default-ch-config: |
@@ -251,10 +292,9 @@ kind: ConfigMap
metadata:
name: config-ping-defaults
namespace: knative-eventing
- labels:
annotations:
knative.dev/example-checksum: "9185c153"
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
data:
_example: |
@@ -285,17 +325,19 @@ metadata:
labels:
knative.dev/config-propagation: original
knative.dev/config-category: eventing
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
data:
kreference-group: "disabled"
delivery-retryafter: "disabled"
delivery-timeout: "enabled"
kreference-mapping: "disabled"
- new-trigger-filters: "enabled"
transport-encryption: "disabled"
eventtype-auto-create: "disabled"
- authentication.oidc: "disabled"
+ authentication-oidc: "disabled"
+ default-authorization-mode: "allow-same-namespace"
+ cross-namespace-event-links: "disabled"
+ new-apiserversource-filters: "disabled"
---
apiVersion: v1
kind: ConfigMap
@@ -336,7 +378,7 @@ metadata:
name: config-leader-election
namespace: knative-eventing
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
annotations:
knative.dev/example-checksum: "f7948630"
@@ -384,7 +426,7 @@ metadata:
labels:
knative.dev/config-propagation: original
knative.dev/config-category: eventing
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
data:
zap-logger-config: |
@@ -419,7 +461,7 @@ metadata:
labels:
knative.dev/config-propagation: original
knative.dev/config-category: eventing
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
annotations:
knative.dev/example-checksum: "f46cf09d"
@@ -478,7 +520,7 @@ metadata:
name: config-sugar
namespace: knative-eventing
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
annotations:
knative.dev/example-checksum: "62dfac6f"
@@ -522,7 +564,7 @@ metadata:
labels:
knative.dev/config-propagation: original
knative.dev/config-category: eventing
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
annotations:
knative.dev/example-checksum: "0492ceb0"
@@ -564,8 +606,9 @@ metadata:
labels:
knative.dev/high-availability: "true"
app.kubernetes.io/component: eventing-controller
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
+ bindings.knative.dev/exclude: "true"
spec:
selector:
matchLabels:
@@ -575,7 +618,7 @@ spec:
labels:
app: eventing-controller
app.kubernetes.io/component: eventing-controller
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
spec:
affinity:
@@ -592,7 +635,7 @@ spec:
containers:
- name: eventing-controller
terminationMessagePolicy: FallbackToLogsOnError
- image: gcr.io/knative-releases/knative.dev/eventing/cmd/controller@sha256:7579c5a8b1dee07c382120a8bc1a6594aea4519d0cf652989f5d9a675b11a0de
+ image: gcr.io/knative-releases/knative.dev/eventing/cmd/controller@sha256:8157c2d59c69b2fc658bad9f795aa8b5d9b72b052916ba3c5b83921e4230cecf
resources:
requests:
cpu: 100m
@@ -609,7 +652,7 @@ spec:
- name: METRICS_DOMAIN
value: knative.dev/eventing
- name: APISERVER_RA_IMAGE
- value: gcr.io/knative-releases/knative.dev/eventing/cmd/apiserver_receive_adapter@sha256:4ed3e39a11f4fc3358787433beaea4a9e72773ea7710bf4beb95aa8770515c9e
+ value: gcr.io/knative-releases/knative.dev/eventing/cmd/apiserver_receive_adapter@sha256:f3b6e75a19a1d7c2d2de15d15a5d3a5efac3a10120f2289584de2b139ea6b01a
- name: POD_NAME
valueFrom:
fieldRef:
@@ -649,13 +692,152 @@ spec:
---
apiVersion: apps/v1
kind: Deployment
+metadata:
+ name: job-sink
+ namespace: knative-eventing
+ labels:
+ app.kubernetes.io/component: job-sink
+ app.kubernetes.io/version: "1.16.1"
+ app.kubernetes.io/name: knative-eventing
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ sinks.knative.dev/sink: job-sink
+ template:
+ metadata:
+ labels:
+ sinks.knative.dev/sink: job-sink
+ app.kubernetes.io/component: job-sink
+ app.kubernetes.io/version: "1.16.1"
+ app.kubernetes.io/name: knative-eventing
+ spec:
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - podAffinityTerm:
+ labelSelector:
+ matchLabels:
+ sinks.knative.dev/sink: job-sink
+ topologyKey: kubernetes.io/hostname
+ weight: 100
+ enableServiceLinks: false
+ containers:
+ - name: job-sink
+ terminationMessagePolicy: FallbackToLogsOnError
+ image: gcr.io/knative-releases/knative.dev/eventing/cmd/jobsink@sha256:e9a6e5ba3d6838f9feb26197b0f521e503cb313aba38732fc876364fc7d72dac
+ env:
+ - name: SYSTEM_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.name
+ - name: CONTAINER_NAME
+ value: job-sink
+ - name: CONFIG_LOGGING_NAME
+ value: config-logging
+ - name: CONFIG_OBSERVABILITY_NAME
+ value: config-observability
+ - name: METRICS_DOMAIN
+ value: knative.dev/internal/eventing
+ - name: INGRESS_PORT
+ value: "8080"
+ - name: INGRESS_PORT_HTTPS
+ value: "8443"
+ readinessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /healthz
+ port: 8080
+ scheme: HTTP
+ periodSeconds: 2
+ successThreshold: 1
+ timeoutSeconds: 1
+ livenessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /healthz
+ port: 8080
+ scheme: HTTP
+ periodSeconds: 2
+ successThreshold: 1
+ timeoutSeconds: 1
+ initialDelaySeconds: 5
+ ports:
+ - containerPort: 8080
+ name: http
+ protocol: TCP
+ - containerPort: 8443
+ name: https
+ protocol: TCP
+ - containerPort: 9092
+ name: metrics
+ protocol: TCP
+ terminationMessagePath: /dev/termination-log
+ resources:
+ requests:
+ cpu: 125m
+ memory: 64Mi
+ limits:
+ cpu: 1000m
+ memory: 2048Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ capabilities:
+ drop:
+ - ALL
+ seccompProfile:
+ type: RuntimeDefault
+ serviceAccountName: job-sink
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ sinks.knative.dev/sink: job-sink
+ app.kubernetes.io/component: job-sink
+ app.kubernetes.io/version: "1.16.1"
+ app.kubernetes.io/name: knative-eventing
+ name: job-sink
+ namespace: knative-eventing
+spec:
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: 8080
+ - name: https
+ port: 443
+ protocol: TCP
+ targetPort: 8443
+ - name: http-metrics
+ port: 9092
+ protocol: TCP
+ targetPort: 9092
+ selector:
+ sinks.knative.dev/sink: job-sink
+---
+apiVersion: apps/v1
+kind: Deployment
metadata:
name: pingsource-mt-adapter
namespace: knative-eventing
labels:
app.kubernetes.io/component: pingsource-mt-adapter
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
+ bindings.knative.dev/exclude: "true"
spec:
replicas: 0
selector:
@@ -668,7 +850,7 @@ spec:
eventing.knative.dev/source: ping-source-controller
sources.knative.dev/role: adapter
app.kubernetes.io/component: pingsource-mt-adapter
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
spec:
affinity:
@@ -684,7 +866,7 @@ spec:
enableServiceLinks: false
containers:
- name: dispatcher
- image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtping@sha256:9d74e8c69d671ad10fdfd84d33569fde5c16c9f95824ea288d2cb6fd69e32f4d
+ image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtping@sha256:f242272f0224da5704adf9922138acfaa971d32a03130b2f24057995032c3698
env:
- name: SYSTEM_NAMESPACE
value: ''
@@ -741,7 +923,7 @@ metadata:
namespace: knative-eventing
labels:
app.kubernetes.io/component: eventing-webhook
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
spec:
scaleTargetRef:
@@ -765,7 +947,7 @@ metadata:
namespace: knative-eventing
labels:
app.kubernetes.io/component: eventing-webhook
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
spec:
minAvailable: 80%
@@ -780,8 +962,9 @@ metadata:
namespace: knative-eventing
labels:
app.kubernetes.io/component: eventing-webhook
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
+ bindings.knative.dev/exclude: "true"
spec:
selector:
matchLabels:
@@ -793,7 +976,7 @@ spec:
app: eventing-webhook
role: eventing-webhook
app.kubernetes.io/component: eventing-webhook
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
spec:
affinity:
@@ -810,7 +993,7 @@ spec:
containers:
- name: eventing-webhook
terminationMessagePolicy: FallbackToLogsOnError
- image: gcr.io/knative-releases/knative.dev/eventing/cmd/webhook@sha256:cd577cb977a2830b29bb799cf146bbffe0241d65eef1c680ec158af97b18d4fa
+ image: gcr.io/knative-releases/knative.dev/eventing/cmd/webhook@sha256:09f4923e016940fb87875a8d85b6d504ee3c696f45ffb3d4720cfa9b3b67cfca
resources:
requests:
cpu: 100m
@@ -878,7 +1061,7 @@ metadata:
labels:
role: eventing-webhook
app.kubernetes.io/component: eventing-webhook
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
name: eventing-webhook
namespace: knative-eventing
@@ -898,7 +1081,7 @@ metadata:
eventing.knative.dev/source: "true"
duck.knative.dev/source: "true"
knative.dev/crd-install: "true"
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
annotations:
registry.knative.dev/eventTypes: |
@@ -944,6 +1127,7 @@ spec:
properties:
spec:
type: object
+ x-kubernetes-preserve-unknown-fields: true
required:
- resources
properties:
@@ -1035,7 +1219,7 @@ spec:
description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink.
type: string
audience:
- description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence.
+ description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience.
type: string
namespaceSelector:
description: NamespaceSelector is a label selector to capture the namespaces that should be watched by the source.
@@ -1076,6 +1260,11 @@ spec:
serviceAccountName:
description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication.
type: string
+ serviceAccountNames:
+ description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication.
+ type: array
+ items:
+ type: string
ceAttributes:
description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.
type: array
@@ -1125,6 +1314,9 @@ spec:
sinkCACerts:
description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink.
type: string
+ sinkAudience:
+ description: Audience is the OIDC audience of the sink. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence.
+ type: string
namespaces:
description: Namespaces show the namespaces currently watched by the ApiServerSource
type: array
@@ -1160,7 +1352,7 @@ metadata:
labels:
knative.dev/crd-install: "true"
duck.knative.dev/addressable: "true"
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
spec:
group: eventing.knative.dev
@@ -1232,7 +1424,7 @@ spec:
description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink.
type: string
audience:
- description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence.
+ description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience.
type: string
retry:
description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink.
@@ -1273,6 +1465,18 @@ spec:
description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
type: object
x-kubernetes-preserve-unknown-fields: true
+ policies:
+ description: List of applied EventPolicies
+ type: array
+ items:
+ type: object
+ properties:
+ apiVersion:
+ description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource.
+ type: string
+ name:
+ description: The name of the applied EventPolicy
+ type: string
conditions:
description: Conditions the latest available observations of a resource's current state.
type: array
@@ -1306,6 +1510,9 @@ spec:
deadLetterSinkCACerts:
description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468.
type: string
+ deadLetterSinkAudience:
+ description: OIDC audience of the dead letter sink.
+ type: string
observedGeneration:
description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.
type: integer
@@ -1345,7 +1552,7 @@ metadata:
knative.dev/crd-install: "true"
messaging.knative.dev/subscribable: "true"
duck.knative.dev/addressable: "true"
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
spec:
group: messaging.knative.dev
@@ -1428,7 +1635,7 @@ spec:
description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink.
type: string
audience:
- description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence.
+ description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience.
type: string
retry:
description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink.
@@ -1483,6 +1690,9 @@ spec:
description: Generation of the origin of the subscriber with uid:UID.
type: integer
format: int64
+ name:
+ description: The name of the subscription
+ type: string
replyUri:
description: ReplyURI is the endpoint for the reply
type: string
@@ -1504,6 +1714,18 @@ spec:
uid:
description: UID is used to understand the origin of the subscriber.
type: string
+ auth:
+ description: Auth provides the relevant information for OIDC authentication.
+ type: object
+ properties:
+ serviceAccountName:
+ description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication.
+ type: string
+ serviceAccountNames:
+ description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication.
+ type: array
+ items:
+ type: string
status:
description: Status represents the current state of the Channel. This data may be out of date.
type: object
@@ -1554,6 +1776,18 @@ spec:
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.'
type: string
+ policies:
+ description: List of applied EventPolicies
+ type: array
+ items:
+ type: object
+ properties:
+ apiVersion:
+ description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource.
+ type: string
+ name:
+ description: The name of the applied EventPolicy
+ type: string
conditions:
description: Conditions the latest available observations of a resource's current state.
type: array
@@ -1603,6 +1837,9 @@ spec:
deadLetterSinkCACerts:
description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468.
type: string
+ deadLetterSinkAudience:
+ description: OIDC audience of the dead letter sink.
+ type: string
observedGeneration:
description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.
type: integer
@@ -1633,6 +1870,11 @@ spec:
serviceAccountName:
description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication.
type: string
+ serviceAccountNames:
+ description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication.
+ type: array
+ items:
+ type: string
names:
kind: Channel
plural: channels
@@ -1653,7 +1895,7 @@ metadata:
eventing.knative.dev/source: "true"
duck.knative.dev/source: "true"
knative.dev/crd-install: "true"
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
name: containersources.sources.knative.dev
spec:
@@ -1707,7 +1949,7 @@ spec:
description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink.
type: string
audience:
- description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence.
+ description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience.
type: string
template:
type: object
@@ -1727,6 +1969,11 @@ spec:
serviceAccountName:
description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication.
type: string
+ serviceAccountNames:
+ description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication.
+ type: array
+ items:
+ type: string
ceAttributes:
description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.
type: array
@@ -1776,6 +2023,9 @@ spec:
sinkCACerts:
description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink.
type: string
+ sinkAudience:
+ description: Audience is the OIDC audience of the sink.
+ type: string
additionalPrinterColumns:
- name: Sink
type: string
@@ -1802,15 +2052,15 @@ spec:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
- name: eventtypes.eventing.knative.dev
+ name: eventpolicies.eventing.knative.dev
labels:
knative.dev/crd-install: "true"
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
spec:
group: eventing.knative.dev
versions:
- - name: v1beta1
+ - name: v1alpha1
served: true
storage: true
subresources:
@@ -1818,95 +2068,303 @@ spec:
schema:
openAPIV3Schema:
type: object
- description: 'EventType represents a type of event that can be consumed from a Broker.'
properties:
spec:
- description: 'Spec defines the desired state of the EventType.'
- type: object
- properties:
- broker:
- type: string
- reference:
- description: Reference Broker. For example
- type: object
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- kind:
- description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
- type: string
- namespace:
- description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is an optional field, it gets defaulted to the object holding it if left out.'
- type: string
- description:
- description: 'Description is an optional field used to describe the EventType, in any meaningful way.'
- type: string
- schema:
- description: 'Schema is a URI, it represents the CloudEvents schemaurl extension attribute. It may be a JSON schema, a protobuf schema, etc. It is optional.'
- type: string
- schemaData:
- description: 'SchemaData allows the CloudEvents schema to be stored directly in the EventType. Content is dependent on the encoding. Optional attribute. The contents are not validated or manipulated by the system.'
- type: string
- source:
- description: 'Source is a URI, it represents the CloudEvents source.'
- type: string
- type:
- description: 'Type represents the CloudEvents type. It is authoritative.'
- type: string
- status:
- description: 'Status represents the current state of the EventType. This data may be out of date.'
+ description: Spec defines the desired state of the EventPolicy.
type: object
properties:
- annotations:
- description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.'
- type: object
- x-kubernetes-preserve-unknown-fields: true
- conditions:
- description: 'Conditions the latest available observations of a resource''s current state.'
+ from:
+ description: From is the list of sources or oidc identities, which are allowed to send events to the targets (.spec.to).
type: array
items:
type: object
- required:
- - type
- - status
properties:
- lastTransitionTime:
- description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).'
- type: string
- message:
- description: 'A human readable message indicating details about the transition.'
- type: string
- reason:
- description: 'The reason for the condition''s last transition.'
- type: string
- severity:
- description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.'
- type: string
- status:
- description: 'Status of the condition, one of True, False, Unknown.'
- type: string
- type:
- description: 'Type of condition.'
+ ref:
+ description: Ref contains a direct reference to a resource which is allowed to send events to the target.
+ type: object
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.'
+ type: string
+ sub:
+ description: Sub sets the OIDC identity name to be allowed to send events to the target. It is also possible to set a glob-like pattern to match any suffix.
type: string
- observedGeneration:
- description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.'
- type: integer
- format: int64
- additionalPrinterColumns:
- - name: Type
- type: string
- jsonPath: ".spec.type"
- - name: Source
- type: string
- jsonPath: ".spec.source"
- - name: Schema
- type: string
- jsonPath: ".spec.schema"
- - name: Reference Name
+ to:
+ description: To lists all resources for which this policy applies. Resources in this list must act like an ingress and have an audience. The resources are part of the same namespace as the EventPolicy. An empty list means it applies to all resources in the EventPolicies namespace
+ type: array
+ items:
+ type: object
+ properties:
+ ref:
+ description: Ref contains the direct reference to a target
+ type: object
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ selector:
+ description: Selector contains a selector to group targets
+ type: object
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ type: array
+ items:
+ type: object
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ matchLabels:
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ filters:
+ description: 'Filters is an array of SubscriptionsAPIFilters that evaluate to true or false. If any filter expression in the array evaluates to false, the event will not continue pass the ingress of the target resources of the policy'
+ type: array
+ items:
+ type: object
+ properties:
+ all:
+ description: 'All evaluates to true if all the nested expressions evaluate to true. It must contain at least one filter expression'
+ type: array
+ items:
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ any:
+ description: 'Any evaluates to true if any of the nested expressions evaluate to true. It must contain at least one filter expression'
+ type: array
+ items:
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ cesql:
+ description: 'CESQL is a CloudEvents SQL v1 expression that will evaluate to true or false for each CloudEvent.'
+ type: string
+ exact:
+ description: 'Exact evaluates to true if the values of the matching CloudEvents attributes all exactly match with the associated value string specified (case sensitive)'
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ not:
+ description: 'Not evaluates to true if the nested expression evaluates to false.'
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ prefix:
+ description: 'Prefix evaluates to true if the values of the matching CloudEvents attributes all start with the associated value string specified (case sensitive)'
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ suffix:
+ description: 'Exact evaluates to true if the values of the matching CloudEvents attributes all end with the associated value string specified (case sensitive)'
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ description: Status represents the current state of the EventPolicy. This data may be out of date.
+ type: object
+ properties:
+ annotations:
+ description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ conditions:
+ description: Conditions the latest available observations of a resource's current state.
+ type: array
+ items:
+ type: object
+ required:
+ - type
+ - status
+ properties:
+ lastTransitionTime:
+ description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).
+ type: string
+ message:
+ description: A human readable message indicating details about the transition.
+ type: string
+ reason:
+ description: The reason for the condition's last transition.
+ type: string
+ severity:
+ description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition.
+ type: string
+ from:
+ description: From is the list of resolved oidc identities from .spec.from
+ type: array
+ items:
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.
+ type: integer
+ format: int64
+ additionalPrinterColumns:
+ - name: Ready
+ type: string
+ jsonPath: ".status.conditions[?(@.type==\"Ready\")].status"
+ - name: Reason
+ type: string
+ jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason"
+ names:
+ kind: EventPolicy
+ plural: eventpolicies
+ singular: eventpolicy
+ categories:
+ - all
+ - knative
+ - eventing
+ scope: Namespaced
+ conversion:
+ strategy: Webhook
+ webhook:
+ conversionReviewVersions: ["v1", "v1beta1"]
+ clientConfig:
+ service:
+ name: eventing-webhook
+ namespace: knative-eventing
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: eventtypes.eventing.knative.dev
+ labels:
+ knative.dev/crd-install: "true"
+ app.kubernetes.io/version: "1.16.1"
+ app.kubernetes.io/name: knative-eventing
+spec:
+ group: eventing.knative.dev
+ versions:
+ - name: v1beta3
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ schema:
+ openAPIV3Schema:
+ type: object
+ description: 'EventType represents a type of event that can be consumed from a resource.'
+ properties:
+ spec:
+ description: 'Spec defines the desired state of the EventType.'
+ type: object
+ properties:
+ reference:
+ description: Reference a resource. For example, Broker.
+ type: object
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is an optional field, it gets defaulted to the object holding it if left out.'
+ type: string
+ address:
+ description: 'Address points to a specific Address Name'
+ type: string
+ description:
+ description: 'Description is an optional field used to describe the EventType, in any meaningful way.'
+ type: string
+ attributes:
+ description: "CloudEvent attribute and extension attributes."
+ type: array
+ items:
+ type: object
+ required:
+ - name
+ properties:
+ name:
+ type: string
+ description: "Name of the CloudEvent attribute."
+ required:
+ type: boolean
+ description: "Indicates whether the attribute is required."
+ value:
+ type: string
+ description: "Value of the attribute. May be a template string using curly brackets {} to represent variable sections of the string."
+ status:
+ description: 'Status represents the current state of the EventType. This data may be out of date.'
+ type: object
+ properties:
+ annotations:
+ description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.'
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ conditions:
+ description: 'Conditions the latest available observations of a resource''s current state.'
+ type: array
+ items:
+ type: object
+ required:
+ - type
+ - status
+ properties:
+ lastTransitionTime:
+ description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).'
+ type: string
+ message:
+ description: 'A human readable message indicating details about the transition.'
+ type: string
+ reason:
+ description: 'The reason for the condition''s last transition.'
+ type: string
+ severity:
+ description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.'
+ type: string
+ status:
+ description: 'Status of the condition, one of True, False, Unknown.'
+ type: string
+ type:
+ description: 'Type of condition.'
+ type: string
+ observedGeneration:
+ description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.'
+ type: integer
+ format: int64
+ additionalPrinterColumns:
+ - name: Type
+ type: string
+ jsonPath: ".spec.attributes[?(@.name=='type')].value"
+ - name: Source
+ type: string
+ jsonPath: ".spec.attributes[?(@.name=='source')].value"
+ - name: Reference Name
type: string
jsonPath: ".spec.reference.name"
- name: Reference Kind
@@ -1921,12 +2379,15 @@ spec:
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason"
- - subresources:
+ - name: v1beta2
+ served: true
+ storage: true
+ subresources:
status: {}
schema:
openAPIV3Schema:
type: object
- description: 'EventType represents a type of event that can be consumed from a Broker.'
+ description: 'EventType represents a type of event that can be consumed from a resource.'
properties:
spec:
description: 'Spec defines the desired state of the EventType.'
@@ -1935,7 +2396,7 @@ spec:
broker:
type: string
reference:
- description: Reference Broker. For example
+ description: Reference a resource. For example, Broker.
type: object
properties:
apiVersion:
@@ -1950,6 +2411,9 @@ spec:
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is an optional field, it gets defaulted to the object holding it if left out.'
type: string
+ address:
+ description: 'Address points to a specific Address Name'
+ type: string
description:
description: 'Description is an optional field used to describe the EventType, in any meaningful way.'
type: string
@@ -2029,9 +2493,122 @@ spec:
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason"
- name: v1beta2
+ - name: v1beta1
served: true
storage: false
+ subresources:
+ status: {}
+ schema:
+ openAPIV3Schema:
+ type: object
+ description: 'EventType represents a type of event that can be consumed from a resource.'
+ properties:
+ spec:
+ description: 'Spec defines the desired state of the EventType.'
+ type: object
+ properties:
+ broker:
+ type: string
+ reference:
+ description: Reference a resource. For example, Broker.
+ type: object
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is an optional field, it gets defaulted to the object holding it if left out.'
+ type: string
+ address:
+ description: 'Address points to a specific Address Name'
+ type: string
+ description:
+ description: 'Description is an optional field used to describe the EventType, in any meaningful way.'
+ type: string
+ schema:
+ description: 'Schema is a URI, it represents the CloudEvents schemaurl extension attribute. It may be a JSON schema, a protobuf schema, etc. It is optional.'
+ type: string
+ schemaData:
+ description: 'SchemaData allows the CloudEvents schema to be stored directly in the EventType. Content is dependent on the encoding. Optional attribute. The contents are not validated or manipulated by the system.'
+ type: string
+ source:
+ description: 'Source is a URI, it represents the CloudEvents source.'
+ type: string
+ type:
+ description: 'Type represents the CloudEvents type. It is authoritative.'
+ type: string
+ status:
+ description: 'Status represents the current state of the EventType. This data may be out of date.'
+ type: object
+ properties:
+ annotations:
+ description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.'
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ conditions:
+ description: 'Conditions the latest available observations of a resource''s current state.'
+ type: array
+ items:
+ type: object
+ required:
+ - type
+ - status
+ properties:
+ lastTransitionTime:
+ description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).'
+ type: string
+ message:
+ description: 'A human readable message indicating details about the transition.'
+ type: string
+ reason:
+ description: 'The reason for the condition''s last transition.'
+ type: string
+ severity:
+ description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.'
+ type: string
+ status:
+ description: 'Status of the condition, one of True, False, Unknown.'
+ type: string
+ type:
+ description: 'Type of condition.'
+ type: string
+ observedGeneration:
+ description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.'
+ type: integer
+ format: int64
+ additionalPrinterColumns:
+ - name: Type
+ type: string
+ jsonPath: ".spec.type"
+ - name: Source
+ type: string
+ jsonPath: ".spec.source"
+ - name: Schema
+ type: string
+ jsonPath: ".spec.schema"
+ - name: Reference Name
+ type: string
+ jsonPath: ".spec.reference.name"
+ - name: Reference Kind
+ type: string
+ jsonPath: ".spec.reference.kind"
+ - name: Description
+ type: string
+ jsonPath: ".spec.description"
+ - name: Ready
+ type: string
+ jsonPath: ".status.conditions[?(@.type==\"Ready\")].status"
+ - name: Reason
+ type: string
+ jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason"
+ deprecated: true
+ deprecationWarning: "eventing.knative.dev/v1beta1 EventType is deprecated; see https://knative.dev/docs/eventing/event-registry/ for instructions to migrate to eventing.knative.dev/v1beta2 EventType"
names:
kind: EventType
plural: eventtypes
@@ -2052,12 +2629,153 @@ spec:
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
+metadata:
+ name: jobsinks.sinks.knative.dev
+ labels:
+ knative.dev/crd-install: "true"
+ duck.knative.dev/addressable: "true"
+ app.kubernetes.io/version: "1.16.1"
+ app.kubernetes.io/name: knative-eventing
+spec:
+ group: sinks.knative.dev
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ schema:
+ openAPIV3Schema:
+ description: 'JobSink triggers long-running jobs when an event occur.'
+ type: object
+ properties:
+ spec:
+ description: Spec defines the desired state of the JobSink.
+ type: object
+ properties:
+ job:
+ type: object
+ description: Full Job resource object, see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#job-v1-batch for more details.
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ description: Status represents the current state of the JobSink. This data may be out of date.
+ type: object
+ properties:
+ address:
+ description: JobSink is Addressable. It exposes the endpoint as an URI to schedule long running jobs when an even occurs.
+ type: object
+ properties:
+ name:
+ type: string
+ url:
+ type: string
+ CACerts:
+ type: string
+ audience:
+ type: string
+ addresses:
+ description: JobSink is Addressable. It exposes the endpoint as an URI to schedule long running jobs when an even occurs.
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ url:
+ type: string
+ CACerts:
+ type: string
+ audience:
+ type: string
+ job:
+ type: object
+ properties:
+ selector:
+ type: string
+ description: Label selector for all scheduled jobs
+ annotations:
+ description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ policies:
+ description: List of applied EventPolicies
+ type: array
+ items:
+ type: object
+ properties:
+ apiVersion:
+ description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource.
+ type: string
+ name:
+ description: The name of the applied EventPolicy
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.
+ type: integer
+ format: int64
+ conditions:
+ description: Conditions the latest available observations of a resource's current state.
+ type: array
+ items:
+ type: object
+ required:
+ - type
+ - status
+ properties:
+ lastTransitionTime:
+ description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).'
+ type: string
+ message:
+ description: 'A human readable message indicating details about the transition.'
+ type: string
+ reason:
+ description: 'The reason for the condition''s last transition.'
+ type: string
+ severity:
+ description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.'
+ type: string
+ status:
+ description: 'Status of the condition, one of True, False, Unknown.'
+ type: string
+ type:
+ description: 'Type of condition.'
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.
+ type: integer
+ format: int64
+ additionalPrinterColumns:
+ - name: URL
+ type: string
+ jsonPath: .status.address.url
+ - name: Age
+ type: date
+ jsonPath: .metadata.creationTimestamp
+ - name: Ready
+ type: string
+ jsonPath: ".status.conditions[?(@.type==\"Ready\")].status"
+ - name: Reason
+ type: string
+ jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason"
+ names:
+ kind: JobSink
+ plural: jobsinks
+ singular: jobsink
+ categories:
+ - all
+ - knative
+ - eventing
+ - sink
+ scope: Namespaced
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
metadata:
name: parallels.flows.knative.dev
labels:
knative.dev/crd-install: "true"
duck.knative.dev/addressable: "true"
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
spec:
group: flows.knative.dev
@@ -2120,7 +2838,7 @@ spec:
description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink.
type: string
audience:
- description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence.
+ description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience.
type: string
retry:
description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink.
@@ -2154,7 +2872,7 @@ spec:
description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink.
type: string
audience:
- description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence.
+ description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience.
type: string
reply:
description: Reply is a Reference to where the result of Subscriber of this case gets sent to. If not specified, sent the result to the Parallel Reply
@@ -2183,7 +2901,7 @@ spec:
description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink.
type: string
audience:
- description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence.
+ description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience.
type: string
subscriber:
description: Subscriber receiving the event when the filter passes
@@ -2212,7 +2930,7 @@ spec:
description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink.
type: string
audience:
- description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence.
+ description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience.
type: string
channelTemplate:
description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace).
@@ -2255,7 +2973,7 @@ spec:
description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink.
type: string
audience:
- description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence.
+ description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience.
type: string
status:
description: Status represents the current state of the Parallel. This data may be out of date.
@@ -2298,6 +3016,11 @@ spec:
serviceAccountName:
description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication.
type: string
+ serviceAccountNames:
+ description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication.
+ type: array
+ items:
+ type: string
branchStatuses:
description: BranchStatuses is an array of corresponding to branch statuses. Matches the Spec.Branches array in the order.
type: array
@@ -2449,6 +3172,18 @@ spec:
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
+ policies:
+ description: List of applied EventPolicies
+ type: array
+ items:
+ type: object
+ properties:
+ apiVersion:
+ description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource.
+ type: string
+ name:
+ description: The name of the applied EventPolicy
+ type: string
conditions:
description: Conditions the latest available observations of a resource's current state.
type: array
@@ -2553,7 +3288,7 @@ metadata:
eventing.knative.dev/source: "true"
duck.knative.dev/source: "true"
knative.dev/crd-install: "true"
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
annotations:
registry.knative.dev/eventTypes: |
@@ -2567,9 +3302,9 @@ metadata:
spec:
group: sources.knative.dev
versions:
- - name: v1beta2
+ - name: v1
served: true
- storage: false
+ storage: true
subresources:
status: {}
schema:
@@ -2630,7 +3365,7 @@ spec:
description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink.
type: string
audience:
- description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence.
+ description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience.
type: string
timezone:
description: 'Timezone modifies the actual time relative to the specified timezone. Defaults to the system time zone. More general information about time zones: https://www.iana.org/time-zones List of valid timezone values: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones'
@@ -2650,6 +3385,11 @@ spec:
serviceAccountName:
description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication.
type: string
+ serviceAccountNames:
+ description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication.
+ type: array
+ items:
+ type: string
ceAttributes:
description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.'
type: array
@@ -2699,6 +3439,9 @@ spec:
sinkCACerts:
description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink.
type: string
+ sinkAudience:
+ description: sinkAudience is the OIDC audience of the sink.
+ type: string
additionalPrinterColumns:
- name: Sink
type: string
@@ -2715,7 +3458,10 @@ spec:
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
- - subresources:
+ - name: v1beta2
+ served: true
+ storage: false
+ subresources:
status: {}
schema:
openAPIV3Schema:
@@ -2775,7 +3521,7 @@ spec:
description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink.
type: string
audience:
- description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence.
+ description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience.
type: string
timezone:
description: 'Timezone modifies the actual time relative to the specified timezone. Defaults to the system time zone. More general information about time zones: https://www.iana.org/time-zones List of valid timezone values: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones'
@@ -2795,6 +3541,11 @@ spec:
serviceAccountName:
description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication.
type: string
+ serviceAccountNames:
+ description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication.
+ type: array
+ items:
+ type: string
ceAttributes:
description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.'
type: array
@@ -2844,6 +3595,9 @@ spec:
sinkCACerts:
description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink.
type: string
+ sinkAudience:
+ description: sinkAudience is the OIDC audience of the sink.
+ type: string
additionalPrinterColumns:
- name: Sink
type: string
@@ -2860,9 +3614,8 @@ spec:
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
- name: v1
- served: true
- storage: true
+ deprecated: true
+ deprecationWarning: "sources.knative.dev/v1beta2 PingSource is deprecated; see https://knative.dev/docs/eventing/sources/ping-source/ for instructions to migrate to sources.knative.dev/v1 PingSource"
names:
categories:
- all
@@ -2888,7 +3641,7 @@ metadata:
labels:
knative.dev/crd-install: "true"
duck.knative.dev/addressable: "true"
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
spec:
group: flows.knative.dev
@@ -2947,6 +3700,9 @@ spec:
CACerts:
type: string
description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the reply.
+ audience:
+ description: Audience is the OIDC audience of the reply. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience.
+ type: string
steps:
description: Steps is the list of Destinations (processors / functions) that will be called in the order provided. Each step has its own delivery options
type: array
@@ -2990,7 +3746,7 @@ spec:
description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink.
type: string
audience:
- description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence.
+ description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience.
type: string
retry:
description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink.
@@ -3063,6 +3819,11 @@ spec:
serviceAccountName:
description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication.
type: string
+ serviceAccountNames:
+ description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication.
+ type: array
+ items:
+ type: string
channelStatuses:
description: ChannelStatuses is an array of corresponding Channel statuses. Matches the Spec.Steps array in the order.
type: array
@@ -3119,6 +3880,18 @@ spec:
type:
description: Type of condition.
type: string
+ policies:
+ description: List of applied EventPolicies
+ type: array
+ items:
+ type: object
+ properties:
+ apiVersion:
+ description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource.
+ type: string
+ name:
+ description: The name of the applied EventPolicy
+ type: string
conditions:
description: Conditions the latest available observations of a resource's current state.
type: array
@@ -3237,7 +4010,7 @@ metadata:
duck.knative.dev/source: "true"
duck.knative.dev/binding: "true"
knative.dev/crd-install: "true"
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
name: sinkbindings.sources.knative.dev
spec:
@@ -3291,7 +4064,7 @@ spec:
description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink.
type: string
audience:
- description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence.
+ description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience.
type: string
subject:
description: Subject references the resource(s) whose "runtime contract" should be augmented by Binding implementations.
@@ -3348,6 +4121,11 @@ spec:
serviceAccountName:
description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication.
type: string
+ serviceAccountNames:
+ description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication.
+ type: array
+ items:
+ type: string
ceAttributes:
description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.
type: array
@@ -3397,6 +4175,12 @@ spec:
sinkCACerts:
description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink.
type: string
+ sinkAudience:
+ description: Audience is the OIDC audience of the sink.
+ type: string
+ oidcTokenSecretName:
+ description: Name of the secret with the OIDC token for the sink.
+ type: string
additionalPrinterColumns:
- name: Sink
type: string
@@ -3427,7 +4211,7 @@ metadata:
name: subscriptions.messaging.knative.dev
labels:
knative.dev/crd-install: "true"
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
spec:
group: messaging.knative.dev
@@ -3446,7 +4230,7 @@ spec:
type: object
properties:
channel:
- description: 'Reference to a channel that will be used to create the subscription. You can specify only the following fields of the KReference: kind, apiVersion and name. The resource pointed by this KReference must meet the contract to the ChannelableSpec duck type. If the resource does not meet this contract it will be reflected in the Subscription''s status. This field is immutable. We have no good answer on what happens to the events that are currently in the channel being consumed from and what the semantics there should be. For now, you can always delete the Subscription and recreate it to point to a different channel, giving the user more control over what semantics should be used (drain the channel first, possibly have events dropped, etc.)'
+ description: 'Reference to a channel that will be used to create the subscription. You can specify only the following fields of the KReference: kind, apiVersion, name and namespace. The resource pointed by this KReference must meet the contract to the ChannelableSpec duck type. If the resource does not meet this contract it will be reflected in the Subscription''s status. This field is immutable. We have no good answer on what happens to the events that are currently in the channel being consumed from and what the semantics there should be. For now, you can always delete the Subscription and recreate it to point to a different channel, giving the user more control over what semantics should be used (drain the channel first, possibly have events dropped, etc.)'
type: object
properties:
apiVersion:
@@ -3458,6 +4242,9 @@ spec:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.'
+ type: string
x-kubernetes-preserve-unknown-fields: true
delivery:
description: Delivery configuration
@@ -3496,7 +4283,7 @@ spec:
description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink.
type: string
audience:
- description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence.
+ description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience.
type: string
retry:
description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink.
@@ -3530,7 +4317,7 @@ spec:
description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink.
type: string
audience:
- description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence.
+ description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience.
type: string
subscriber:
description: Subscriber is reference to (optional) function for processing events. Events from the Channel will be delivered here and replies are sent to a Destination as specified by the Reply.
@@ -3560,7 +4347,7 @@ spec:
description: Certification Authority (CA) certificates in PEM format that the subscription trusts when sending events to the sink.
type: string
audience:
- description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence.
+ description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience.
type: string
status:
type: object
@@ -3576,6 +4363,11 @@ spec:
serviceAccountName:
description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication.
type: string
+ serviceAccountNames:
+ description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication.
+ type: array
+ items:
+ type: string
conditions:
description: Conditions the latest available observations of a resource's current state.
type: array
@@ -3617,6 +4409,9 @@ spec:
deadLetterSinkCACerts:
description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468.
type: string
+ deadLetterSinkAudience:
+ description: OIDC audience of the dead letter sink.
+ type: string
replyUri:
description: ReplyURI is the fully resolved URI for the spec.reply.
type: string
@@ -3663,7 +4458,7 @@ metadata:
name: triggers.eventing.knative.dev
labels:
knative.dev/crd-install: "true"
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
spec:
group: eventing.knative.dev
@@ -3702,6 +4497,22 @@ spec:
broker:
description: Broker is the broker that this trigger receives events from.
type: string
+ brokerRef:
+ description: 'Reference to a broker that is enabled for cross-namespace referencing. You can specify only the following fields of the KReference: kind, apiVersion, name and namespace.'
+ type: object
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
delivery:
description: Delivery contains the delivery spec for this specific trigger.
type: object
@@ -3740,20 +4551,60 @@ spec:
description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink.
type: string
audience:
- description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence.
+ description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience.
type: string
retry:
description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink.
type: integer
format: int32
+ format:
+ description: Format is the format used to serialize the event into a http request when delivering the event. It can be json (for structured events), binary (for binary events), or unset.
+ type: string
filter:
- description: 'Filter is the filter to apply against all events from the Broker. Only events that pass this filter will be sent to the Subscriber. If not specified, will default to allowing all events. '
+ description: 'Filter is the filter to apply against all events from the Broker. Only events that pass this filter will be sent to the Subscriber. If not specified, will default to allowing all events.'
type: object
properties:
attributes:
- description: 'Attributes filters events by exact match on event context attributes. Each key in the map is compared with the equivalent key in the event context. An event passes the filter if all values are equal to the specified values. Nested context attributes are not supported as keys. Only string values are supported. '
+ description: 'Attributes filters events by exact match on event context attributes. Each key in the map is compared with the equivalent key in the event context. An event passes the filter if all values are equal to the specified values. Nested context attributes are not supported as keys. Only string values are supported.'
type: object
x-kubernetes-preserve-unknown-fields: true
+ filters:
+ description: 'Filters is an array of SubscriptionsAPIFilter that evaluate to true or false. If any filter expression in the array evaluates to false, the event must not be sent to the Subscriber. If all the filter expressions in the array evaluate to true, the event must be attempted to be delivered. Absence of a filter or empty array implies a value of true. In the event of users specifying both Filter and Filters, then the latter will override the former. This will allow users to try out the effect of the new Filters field without compromising the existing attribute-based Filter and try it out on existing Trigger objects.'
+ type: array
+ items:
+ type: object
+ properties:
+ all:
+ description: 'All evaluates to true if all the nested expressions evaluate to true. It must contain at least one filter expression.'
+ type: array
+ items:
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ any:
+ description: 'Any evaluates to true if at least one of the nested expressions evaluates to true. It must contain at least one filter expression.'
+ type: array
+ items:
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ cesql:
+ description: 'CESQL is a CloudEvents SQL expression that will be evaluated to true or false against each CloudEvent.'
+ type: string
+ exact:
+ description: 'Exact evaluates to true if the values of the matching CloudEvents attributes all exactly match with the associated value String specified (case-sensitive). The keys are the names of the CloudEvents attributes to be matched, and their values are the String values to use in the comparison. The attribute name and value specified in the filter express must not be empty strings.'
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ not:
+ description: 'Not evaluates to true if the nested expression evaluates to false.'
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ prefix:
+ description: 'Prefix evaluates to true if the values of the matching CloudEvents attributes all start with the associated value String specified (case sensitive). The keys are the names of the CloudEvents attributes to be matched, and their values are the String values to use in the comparison. The attribute name and value specified in the filter express must not be empty strings.'
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ suffix:
+ description: 'Suffix evaluates to true if the values of the matching CloudEvents attributes all end with the associated value String specified (case sensitive). The keys are the names of the CloudEvents attributes to be matched, and their values are the String values to use in the comparison. The attribute name and value specified in the filter express must not be empty strings.'
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
subscriber:
description: Subscriber is the addressable that receives events from the Broker that pass the Filter. It is required.
type: object
@@ -3781,7 +4632,7 @@ spec:
description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink.
type: string
audience:
- description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence.
+ description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience.
type: string
status:
description: Status represents the current state of the Trigger. This data may be out of date.
@@ -3798,6 +4649,11 @@ spec:
serviceAccountName:
description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication.
type: string
+ serviceAccountNames:
+ description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication.
+ type: array
+ items:
+ type: string
conditions:
description: Conditions the latest available observations of a resource's current state.
type: array
@@ -3831,6 +4687,9 @@ spec:
deadLetterSinkCACerts:
description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468.
type: string
+ deadLetterSinkAudience:
+ description: OIDC audience of the dead letter sink.
+ type: string
observedGeneration:
description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.
type: integer
@@ -3841,6 +4700,9 @@ spec:
subscriberCACerts:
description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468.
type: string
+ subscriberAudience:
+ description: OIDC audience of the subscriber.
+ type: string
names:
kind: Trigger
plural: triggers
@@ -3856,7 +4718,7 @@ kind: ClusterRole
metadata:
name: addressable-resolver
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
aggregationRule:
clusterRoleSelectors:
@@ -3870,7 +4732,7 @@ metadata:
name: service-addressable-resolver
labels:
duck.knative.dev/addressable: "true"
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
rules:
- apiGroups:
@@ -3888,7 +4750,7 @@ metadata:
name: serving-addressable-resolver
labels:
duck.knative.dev/addressable: "true"
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
rules:
- apiGroups:
@@ -3909,7 +4771,7 @@ metadata:
name: channel-addressable-resolver
labels:
duck.knative.dev/addressable: "true"
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
rules:
- apiGroups:
@@ -3934,7 +4796,7 @@ metadata:
name: broker-addressable-resolver
labels:
duck.knative.dev/addressable: "true"
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
rules:
- apiGroups:
@@ -3953,7 +4815,7 @@ metadata:
name: flows-addressable-resolver
labels:
duck.knative.dev/addressable: "true"
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
rules:
- apiGroups:
@@ -3973,7 +4835,7 @@ kind: ClusterRole
metadata:
name: eventing-broker-filter
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
rules:
- apiGroups:
@@ -3999,7 +4861,7 @@ kind: ClusterRole
metadata:
name: eventing-broker-ingress
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
rules:
- apiGroups:
@@ -4016,7 +4878,7 @@ kind: ClusterRole
metadata:
name: eventing-config-reader
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
rules:
- apiGroups:
@@ -4033,7 +4895,7 @@ kind: ClusterRole
metadata:
name: channelable-manipulator
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
aggregationRule:
clusterRoleSelectors:
@@ -4047,7 +4909,7 @@ metadata:
name: meta-channelable-manipulator
labels:
duck.knative.dev/channelable: "true"
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
rules:
- apiGroups:
@@ -4070,7 +4932,7 @@ metadata:
name: knative-eventing-namespaced-admin
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
rules:
- apiGroups: ["eventing.knative.dev"]
@@ -4083,7 +4945,7 @@ metadata:
name: knative-messaging-namespaced-admin
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
rules:
- apiGroups: ["messaging.knative.dev"]
@@ -4096,7 +4958,7 @@ metadata:
name: knative-flows-namespaced-admin
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
rules:
- apiGroups: ["flows.knative.dev"]
@@ -4109,7 +4971,7 @@ metadata:
name: knative-sources-namespaced-admin
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
rules:
- apiGroups: ["sources.knative.dev"]
@@ -4122,7 +4984,7 @@ metadata:
name: knative-bindings-namespaced-admin
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
rules:
- apiGroups: ["bindings.knative.dev"]
@@ -4135,7 +4997,7 @@ metadata:
name: knative-eventing-namespaced-edit
labels:
rbac.authorization.k8s.io/aggregate-to-edit: "true"
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
rules:
- apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev"]
@@ -4148,7 +5010,7 @@ metadata:
name: knative-eventing-namespaced-view
labels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
rules:
- apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev"]
@@ -4160,7 +5022,7 @@ kind: ClusterRole
metadata:
name: knative-eventing-controller
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
rules:
- apiGroups:
@@ -4174,6 +5036,7 @@ rules:
- "events"
- "serviceaccounts"
- "pods"
+ - "serviceaccounts/token"
verbs:
- "get"
- "list"
@@ -4194,6 +5057,14 @@ rules:
- "delete"
- "patch"
- "watch"
+ - apiGroups:
+ - "batch"
+ resources:
+ - "jobs"
+ verbs:
+ - "get"
+ - "list"
+ - "watch"
- apiGroups:
- "apps"
resources:
@@ -4204,6 +5075,7 @@ rules:
- "rbac.authorization.k8s.io"
resources:
- "rolebindings"
+ - "roles"
verbs:
- "get"
- "list"
@@ -4221,6 +5093,21 @@ rules:
- "triggers/status"
- "eventtypes"
- "eventtypes/status"
+ - "eventpolicies"
+ - "eventpolicies/status"
+ verbs:
+ - "get"
+ - "list"
+ - "create"
+ - "update"
+ - "delete"
+ - "patch"
+ - "watch"
+ - apiGroups:
+ - "sinks.knative.dev"
+ resources:
+ - "jobsinks"
+ - "jobsinks/status"
verbs:
- "get"
- "list"
@@ -4236,6 +5123,12 @@ rules:
- "triggers/finalizers"
verbs:
- "update"
+ - apiGroups:
+ - "sinks.knative.dev"
+ resources:
+ - "jobsinks/finalizers"
+ verbs:
+ - "update"
- apiGroups:
- "messaging.knative.dev"
resources:
@@ -4308,10 +5201,134 @@ rules:
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
+metadata:
+ name: crossnamespace-subscriber
+ labels:
+ app.kubernetes.io/version: "1.16.1"
+ app.kubernetes.io/name: knative-eventing
+aggregationRule:
+ clusterRoleSelectors:
+ - matchLabels:
+ duck.knative.dev/crossnamespace-subscribable: "true"
+rules: []
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: channel-subscriber
+ labels:
+ duck.knative.dev/crossnamespace-subscribable: "true"
+ app.kubernetes.io/version: "1.16.1"
+ app.kubernetes.io/name: knative-eventing
+rules:
+ - apiGroups:
+ - messaging.knative.dev
+ resources:
+ - channels
+ verbs:
+ - knsubscribe
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: broker-subscriber
+ labels:
+ duck.knative.dev/crossnamespace-subscribable: "true"
+ app.kubernetes.io/version: "1.16.1"
+ app.kubernetes.io/name: knative-eventing
+rules:
+ - apiGroups:
+ - eventing.knative.dev
+ resources:
+ - brokers
+ verbs:
+ - knsubscribe
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: knative-eventing-job-sink
+ labels:
+ app.kubernetes.io/version: "1.16.1"
+ app.kubernetes.io/name: knative-eventing
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - "configmaps"
+ - "secrets"
+ verbs:
+ - "get"
+ - "list"
+ - "watch"
+ - apiGroups:
+ - ""
+ resources:
+ - "secrets"
+ verbs:
+ - "create"
+ - "update"
+ - "delete"
+ - apiGroups:
+ - "batch"
+ resources:
+ - "jobs"
+ verbs:
+ - "create"
+ - "update"
+ - "delete"
+ - "get"
+ - "list"
+ - "watch"
+ - apiGroups:
+ - sinks.knative.dev
+ resources:
+ - jobsinks
+ - jobsinks/status
+ verbs:
+ - get
+ - list
+ - watch
+ - patch
+ - apiGroups:
+ - sinks.knative.dev
+ resources:
+ - jobsinks/finalizers
+ verbs:
+ - "patch"
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - "create"
+ - "patch"
+ - apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - apiGroups:
+ - eventing.knative.dev
+ resources:
+ - eventpolicies
+ verbs:
+ - get
+ - list
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
metadata:
name: knative-eventing-pingsource-mt-adapter
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
rules:
- apiGroups:
@@ -4322,6 +5339,12 @@ rules:
- "get"
- "list"
- "watch"
+ - apiGroups:
+ - ""
+ resources:
+ - "serviceaccounts/token"
+ verbs:
+ - "create"
- apiGroups:
- sources.knative.dev
resources:
@@ -4362,7 +5385,7 @@ kind: ClusterRole
metadata:
name: podspecable-binding
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
aggregationRule:
clusterRoleSelectors:
@@ -4376,7 +5399,7 @@ metadata:
name: builtin-podspecable-binding
labels:
duck.knative.dev/podspecable: "true"
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
rules:
- apiGroups:
@@ -4404,7 +5427,7 @@ kind: ClusterRole
metadata:
name: source-observer
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
aggregationRule:
clusterRoleSelectors:
@@ -4418,7 +5441,7 @@ metadata:
name: eventing-sources-source-observer
labels:
duck.knative.dev/source: "true"
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
rules:
- apiGroups:
@@ -4438,7 +5461,7 @@ kind: ClusterRole
metadata:
name: knative-eventing-sources-controller
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
rules:
- apiGroups:
@@ -4538,7 +5561,7 @@ kind: ClusterRole
metadata:
name: knative-eventing-webhook
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
rules:
- apiGroups:
@@ -4546,6 +5569,9 @@ rules:
resources:
- "configmaps"
verbs:
+ - "create"
+ - "update"
+ - "delete"
- "get"
- "list"
- "watch"
@@ -4627,6 +5653,14 @@ rules:
- "list"
- "create"
- "patch"
+ - apiGroups:
+ - eventing.knative.dev
+ resources:
+ - eventpolicies
+ verbs:
+ - get
+ - list
+ - watch
- apiGroups:
- ""
resources:
@@ -4639,9 +5673,36 @@ rules:
- "delete"
- "patch"
- "watch"
+ - apiGroups:
+ - ""
+ resources:
+ - "serviceaccounts/token"
+ verbs:
+ - "create"
+ - apiGroups:
+ - ""
+ resources:
+ - "secrets"
+ verbs:
+ - "get"
+ - "list"
+ - "create"
+ - "update"
+ - "delete"
+ - "patch"
+ - "watch"
+ - apiGroups:
+ - "authorization.k8s.io"
+ resources:
+ - "subjectaccessreviews"
+ verbs:
+ - "create"
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
+ - apiGroups: ["batch"]
+ resources: ["jobs"]
+ verbs: ["create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
@@ -4649,7 +5710,7 @@ metadata:
namespace: knative-eventing
name: knative-eventing-webhook
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
rules:
- apiGroups:
@@ -4669,7 +5730,7 @@ kind: ValidatingWebhookConfiguration
metadata:
name: config.webhook.eventing.knative.dev
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
webhooks:
- admissionReviewVersions: ["v1", "v1beta1"]
@@ -4682,6 +5743,9 @@ webhooks:
name: config.webhook.eventing.knative.dev
namespaceSelector:
matchExpressions:
+ - key: kubernetes.io/metadata.name
+ operator: In
+ values: ["knative-eventing"]
timeoutSeconds: 10
---
apiVersion: admissionregistration.k8s.io/v1
@@ -4689,7 +5753,7 @@ kind: MutatingWebhookConfiguration
metadata:
name: webhook.eventing.knative.dev
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
webhooks:
- admissionReviewVersions: ["v1", "v1beta1"]
@@ -4707,7 +5771,7 @@ kind: ValidatingWebhookConfiguration
metadata:
name: validation.webhook.eventing.knative.dev
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
webhooks:
- admissionReviewVersions: ["v1", "v1beta1"]
@@ -4726,7 +5790,7 @@ metadata:
name: eventing-webhook-certs
namespace: knative-eventing
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
---
apiVersion: admissionregistration.k8s.io/v1
@@ -4734,7 +5798,7 @@ kind: MutatingWebhookConfiguration
metadata:
name: sinkbindings.webhook.sources.knative.dev
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
webhooks:
- admissionReviewVersions: ["v1", "v1beta1"]
diff --git a/common/knative/knative-eventing/base/upstream/in-memory-channel.yaml b/common/knative/knative-eventing/base/upstream/in-memory-channel.yaml
index aee529742d..f1af1b4b73 100644
--- a/common/knative/knative-eventing/base/upstream/in-memory-channel.yaml
+++ b/common/knative/knative-eventing/base/upstream/in-memory-channel.yaml
@@ -4,7 +4,7 @@ metadata:
name: imc-controller
namespace: knative-eventing
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
---
apiVersion: rbac.authorization.k8s.io/v1
@@ -12,7 +12,7 @@ kind: ClusterRoleBinding
metadata:
name: imc-controller
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
subjects:
- kind: ServiceAccount
@@ -29,7 +29,7 @@ metadata:
namespace: knative-eventing
name: imc-controller
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
subjects:
- kind: ServiceAccount
@@ -45,7 +45,7 @@ kind: ClusterRoleBinding
metadata:
name: imc-controller-resolver
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
subjects:
- kind: ServiceAccount
@@ -62,7 +62,7 @@ metadata:
name: imc-dispatcher
namespace: knative-eventing
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
---
apiVersion: rbac.authorization.k8s.io/v1
@@ -70,7 +70,7 @@ kind: ClusterRoleBinding
metadata:
name: imc-dispatcher
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
subjects:
- kind: ServiceAccount
@@ -117,7 +117,7 @@ metadata:
namespace: knative-eventing
labels:
app.kubernetes.io/component: imc-controller
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
data:
MaxIdleConnections: "1000"
@@ -131,8 +131,9 @@ metadata:
labels:
knative.dev/high-availability: "true"
app.kubernetes.io/component: imc-controller
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
+ bindings.knative.dev/exclude: "true"
spec:
selector:
matchLabels:
@@ -144,7 +145,7 @@ spec:
messaging.knative.dev/channel: in-memory-channel
messaging.knative.dev/role: controller
app.kubernetes.io/component: imc-controller
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
spec:
affinity:
@@ -161,7 +162,7 @@ spec:
enableServiceLinks: false
containers:
- name: controller
- image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_controller@sha256:5386029f1fdcce1398dcca436864051a2f7eb5abed176453104f41b7b9b587f9
+ image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_controller@sha256:c4a1ea7b53b8e9084b99e41d8558e094cacd6f3c1b59d3a0f37993d53a36020f
env:
- name: WEBHOOK_NAME
value: inmemorychannel-webhook
@@ -178,7 +179,7 @@ spec:
fieldRef:
fieldPath: metadata.namespace
- name: DISPATCHER_IMAGE
- value: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:fa64db1ad126874f4e5ce1c17c2414b0fc3dde2a7e0db6fde939cafdbd4d96cd
+ value: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:5bdef6a2eba6e4958ddda765b5d1f38ba390324cfb2aed1846b7ec58b53022a6
- name: POD_NAME
valueFrom:
fieldRef:
@@ -223,7 +224,7 @@ kind: Service
metadata:
labels:
app.kubernetes.io/component: imc-controller
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
name: inmemorychannel-webhook
namespace: knative-eventing
@@ -251,7 +252,7 @@ metadata:
messaging.knative.dev/channel: in-memory-channel
messaging.knative.dev/role: dispatcher
app.kubernetes.io/component: imc-dispatcher
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
spec:
selector:
@@ -278,8 +279,9 @@ metadata:
labels:
knative.dev/high-availability: "true"
app.kubernetes.io/component: imc-dispatcher
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
+ bindings.knative.dev/exclude: "true"
spec:
selector:
matchLabels:
@@ -291,7 +293,7 @@ spec:
messaging.knative.dev/channel: in-memory-channel
messaging.knative.dev/role: dispatcher
app.kubernetes.io/component: imc-dispatcher
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
spec:
affinity:
@@ -308,7 +310,7 @@ spec:
enableServiceLinks: false
containers:
- name: dispatcher
- image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:fa64db1ad126874f4e5ce1c17c2414b0fc3dde2a7e0db6fde939cafdbd4d96cd
+ image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:5bdef6a2eba6e4958ddda765b5d1f38ba390324cfb2aed1846b7ec58b53022a6
readinessProbe:
failureThreshold: 3
httpGet:
@@ -376,7 +378,7 @@ metadata:
knative.dev/crd-install: "true"
messaging.knative.dev/subscribable: "true"
duck.knative.dev/addressable: "true"
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
spec:
group: messaging.knative.dev
@@ -432,7 +434,7 @@ spec:
description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink.
type: string
audience:
- description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence.
+ description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience.
type: string
retry:
description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink.
@@ -482,7 +484,7 @@ spec:
description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink.
type: string
audience:
- description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence.
+ description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience.
type: string
retry:
description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink.
@@ -493,6 +495,12 @@ spec:
description: Generation of the origin of the subscriber with uid:UID.
type: integer
format: int64
+ name:
+ description: The name of the subscription
+ type: string
+ namespace:
+ description: The namespace of the subscription
+ type: string
replyUri:
description: ReplyURI is the endpoint for the reply
type: string
@@ -514,6 +522,18 @@ spec:
uid:
description: UID is used to understand the origin of the subscriber.
type: string
+ auth:
+ description: Auth provides the relevant information for OIDC authentication.
+ type: object
+ properties:
+ serviceAccountName:
+ description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication.
+ type: string
+ serviceAccountNames:
+ description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication.
+ type: array
+ items:
+ type: string
status:
description: Status represents the current state of the Channel. This data may be out of date.
type: object
@@ -548,6 +568,18 @@ spec:
description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
type: object
x-kubernetes-preserve-unknown-fields: true
+ policies:
+ description: List of applied EventPolicies
+ type: array
+ items:
+ type: object
+ properties:
+ apiVersion:
+ description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource.
+ type: string
+ name:
+ description: The name of the applied EventPolicy
+ type: string
conditions:
description: Conditions the latest available observations of a resource's current state.
type: array
@@ -597,6 +629,9 @@ spec:
deadLetterSinkCACerts:
description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468.
type: string
+ deadLetterSinkAudience:
+ description: OIDC audience of the dead letter sink.
+ type: string
observedGeneration:
description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.
type: integer
@@ -627,6 +662,11 @@ spec:
serviceAccountName:
description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication.
type: string
+ serviceAccountNames:
+ description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication.
+ type: array
+ items:
+ type: string
additionalPrinterColumns:
- name: URL
type: string
@@ -659,7 +699,7 @@ metadata:
name: imc-addressable-resolver
labels:
duck.knative.dev/addressable: "true"
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
rules:
- apiGroups:
@@ -678,7 +718,7 @@ metadata:
name: imc-channelable-manipulator
labels:
duck.knative.dev/channelable: "true"
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
rules:
- apiGroups:
@@ -700,7 +740,7 @@ kind: ClusterRole
metadata:
name: imc-controller
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
rules:
- apiGroups:
@@ -713,6 +753,7 @@ rules:
- list
- watch
- update
+ - knsubscribe
- apiGroups:
- messaging.knative.dev
resources:
@@ -727,6 +768,14 @@ rules:
- inmemorychannels
verbs:
- patch
+ - apiGroups:
+ - eventing.knative.dev
+ resources:
+ - eventpolicies
+ verbs:
+ - get
+ - list
+ - watch
- apiGroups:
- ""
resources:
@@ -836,10 +885,26 @@ rules:
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
+metadata:
+ name: imc-subscriber
+ labels:
+ duck.knative.dev/crossnamespace-subscribable: "true"
+ app.kubernetes.io/version: "1.16.1"
+ app.kubernetes.io/name: knative-eventing
+rules:
+ - apiGroups:
+ - messaging.knative.dev
+ resources:
+ - inmemorychannels
+ verbs:
+ - knsubscribe
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
metadata:
name: imc-dispatcher
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
rules:
- apiGroups:
@@ -866,6 +931,12 @@ rules:
verbs:
- create
- patch
+ - apiGroups:
+ - ""
+ resources:
+ - "serviceaccounts/token"
+ verbs:
+ - create
- apiGroups:
- messaging.knative.dev
resources:
@@ -889,11 +960,17 @@ rules:
- eventing.knative.dev
resources:
- eventtypes
+ - eventpolicies
verbs:
- - create
- get
- list
- watch
+ - apiGroups:
+ - eventing.knative.dev
+ resources:
+ - eventtypes
+ verbs:
+ - create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
@@ -901,7 +978,7 @@ metadata:
namespace: knative-eventing
name: knative-inmemorychannel-webhook
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
rules:
- apiGroups:
@@ -921,7 +998,7 @@ kind: MutatingWebhookConfiguration
metadata:
name: inmemorychannel.eventing.knative.dev
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
webhooks:
- admissionReviewVersions: ["v1"]
@@ -939,7 +1016,7 @@ kind: ValidatingWebhookConfiguration
metadata:
name: validation.inmemorychannel.eventing.knative.dev
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
webhooks:
- admissionReviewVersions: ["v1"]
@@ -958,7 +1035,7 @@ metadata:
name: inmemorychannel-webhook-certs
namespace: knative-eventing
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
---
diff --git a/common/knative/knative-eventing/base/upstream/mt-channel-broker.yaml b/common/knative/knative-eventing/base/upstream/mt-channel-broker.yaml
index 94fddb06a4..31128dfe86 100644
--- a/common/knative/knative-eventing/base/upstream/mt-channel-broker.yaml
+++ b/common/knative/knative-eventing/base/upstream/mt-channel-broker.yaml
@@ -3,7 +3,7 @@ kind: ClusterRole
metadata:
name: knative-eventing-mt-channel-broker-controller
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
rules:
- apiGroups:
@@ -24,20 +24,37 @@ rules:
- "delete"
- "patch"
- "watch"
+ - apiGroups:
+ - eventing.knative.dev
+ resources:
+ - brokers
+ verbs:
+ - "knsubscribe"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: knative-eventing-mt-broker-filter
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
rules:
- apiGroups:
- eventing.knative.dev
resources:
+ - brokers
+ - brokers/status
- triggers
- triggers/status
+ - eventpolicies
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - messaging.knative.dev
+ resources:
+ - subscriptions
verbs:
- get
- list
@@ -50,6 +67,21 @@ rules:
- get
- list
- watch
+ - apiGroups:
+ - ""
+ resources:
+ - "serviceaccounts/token"
+ verbs:
+ - create
+ - apiGroups:
+ - "eventing.knative.dev"
+ resources:
+ - "eventtypes"
+ verbs:
+ - "get"
+ - "list"
+ - "watch"
+ - "create"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
@@ -72,7 +104,7 @@ metadata:
name: mt-broker-filter
namespace: knative-eventing
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
---
apiVersion: rbac.authorization.k8s.io/v1
@@ -80,7 +112,7 @@ kind: ClusterRole
metadata:
name: knative-eventing-mt-broker-ingress
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
rules:
- apiGroups:
@@ -96,6 +128,7 @@ rules:
- eventing.knative.dev
resources:
- brokers
+ - eventpolicies
verbs:
- get
- list
@@ -123,6 +156,23 @@ rules:
- get
- list
- watch
+ - apiGroups:
+ - ""
+ resources:
+ - "serviceaccounts/token"
+ resourceNames:
+ - "mt-broker-ingress-oidc"
+ verbs:
+ - create
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: mt-broker-ingress-oidc
+ namespace: knative-eventing
+ labels:
+ app.kubernetes.io/version: "1.16.1"
+ app.kubernetes.io/name: knative-eventing
---
apiVersion: v1
kind: ServiceAccount
@@ -130,7 +180,7 @@ metadata:
name: mt-broker-ingress
namespace: knative-eventing
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
---
apiVersion: rbac.authorization.k8s.io/v1
@@ -138,7 +188,7 @@ kind: ClusterRoleBinding
metadata:
name: eventing-mt-channel-broker-controller
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
subjects:
- kind: ServiceAccount
@@ -154,7 +204,7 @@ kind: ClusterRoleBinding
metadata:
name: knative-eventing-mt-broker-filter
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
subjects:
- kind: ServiceAccount
@@ -184,7 +234,7 @@ kind: ClusterRoleBinding
metadata:
name: knative-eventing-mt-broker-ingress
labels:
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
subjects:
- kind: ServiceAccount
@@ -216,8 +266,9 @@ metadata:
namespace: knative-eventing
labels:
app.kubernetes.io/component: broker-filter
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
+ bindings.knative.dev/exclude: "true"
spec:
selector:
matchLabels:
@@ -227,7 +278,7 @@ spec:
labels:
eventing.knative.dev/brokerRole: filter
app.kubernetes.io/component: broker-filter
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
spec:
serviceAccountName: mt-broker-filter
@@ -235,7 +286,7 @@ spec:
containers:
- name: filter
terminationMessagePolicy: FallbackToLogsOnError
- image: gcr.io/knative-releases/knative.dev/eventing/cmd/broker/filter@sha256:4e3cf0703024129c60b66529f41a1d29310f61f6aced24d25fd241e43b1a2e8e
+ image: gcr.io/knative-releases/knative.dev/eventing/cmd/broker/filter@sha256:3fe93eca5e162e2a594911dd5ea32f9c5b0573c8725d151d21d9b773ab8fde78
readinessProbe:
failureThreshold: 3
httpGet:
@@ -313,7 +364,7 @@ metadata:
labels:
eventing.knative.dev/brokerRole: filter
app.kubernetes.io/component: broker-filter
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
name: broker-filter
namespace: knative-eventing
@@ -341,8 +392,9 @@ metadata:
namespace: knative-eventing
labels:
app.kubernetes.io/component: broker-ingress
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
+ bindings.knative.dev/exclude: "true"
spec:
selector:
matchLabels:
@@ -352,7 +404,7 @@ spec:
labels:
eventing.knative.dev/brokerRole: ingress
app.kubernetes.io/component: broker-ingress
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
spec:
serviceAccountName: mt-broker-ingress
@@ -360,7 +412,7 @@ spec:
containers:
- name: ingress
terminationMessagePolicy: FallbackToLogsOnError
- image: gcr.io/knative-releases/knative.dev/eventing/cmd/broker/ingress@sha256:65412cf797d0bb7c7e22454431f57f8d9dcedf93620769f4c1206947acf05abb
+ image: gcr.io/knative-releases/knative.dev/eventing/cmd/broker/ingress@sha256:e40b14c0238385afc13ecb408800a2ea2550835ef2a7627beb98fc04ed131cc8
readinessProbe:
failureThreshold: 3
httpGet:
@@ -438,7 +490,7 @@ metadata:
labels:
eventing.knative.dev/brokerRole: ingress
app.kubernetes.io/component: broker-ingress
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
name: broker-ingress
namespace: knative-eventing
@@ -466,8 +518,9 @@ metadata:
namespace: knative-eventing
labels:
app.kubernetes.io/component: mt-broker-controller
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
+ bindings.knative.dev/exclude: "true"
spec:
selector:
matchLabels:
@@ -477,7 +530,7 @@ spec:
labels:
app: mt-broker-controller
app.kubernetes.io/component: broker-controller
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
spec:
affinity:
@@ -494,7 +547,7 @@ spec:
containers:
- name: mt-broker-controller
terminationMessagePolicy: FallbackToLogsOnError
- image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtchannel_broker@sha256:9dc9e0b00325f1ec994ef6f48761ba7d9217333fa0c2cbfccfa9b204e3f616a9
+ image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtchannel_broker@sha256:f76d14e43d6e907e8f50d2ebcc61cd2f14e9aa9a45f9936d1e4ae47532ad4fb4
resources:
requests:
cpu: 100m
@@ -536,7 +589,7 @@ metadata:
namespace: knative-eventing
labels:
app.kubernetes.io/component: broker-ingress
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
spec:
scaleTargetRef:
@@ -560,7 +613,7 @@ metadata:
namespace: knative-eventing
labels:
app.kubernetes.io/component: broker-filter
- app.kubernetes.io/version: "1.12.6"
+ app.kubernetes.io/version: "1.16.1"
app.kubernetes.io/name: knative-eventing
spec:
scaleTargetRef:
diff --git a/common/knative/knative-serving-post-install-jobs/base/serving-post-install-jobs.yaml b/common/knative/knative-serving-post-install-jobs/base/serving-post-install-jobs.yaml
index aa50b92583..f88f8aa19e 100644
--- a/common/knative/knative-serving-post-install-jobs/base/serving-post-install-jobs.yaml
+++ b/common/knative/knative-serving-post-install-jobs/base/serving-post-install-jobs.yaml
@@ -7,45 +7,44 @@ metadata:
app: storage-version-migration-serving
app.kubernetes.io/name: knative-serving
app.kubernetes.io/component: storage-version-migration-job
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
name: storage-version-migration-serving
spec:
ttlSecondsAfterFinished: 600
backoffLimit: 10
template:
metadata:
- annotations:
- sidecar.istio.io/inject: "false"
labels:
app: storage-version-migration-serving
app.kubernetes.io/name: knative-serving
app.kubernetes.io/component: storage-version-migration-job
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
+ sidecar.istio.io/inject: "false"
spec:
serviceAccountName: controller
restartPolicy: OnFailure
containers:
- - name: migrate
- image: gcr.io/knative-releases/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:232d6ffd88dfc0d0ec02c6f3a95520283d076c16b77543cee04f4ef276e0b7ae
- args:
- - "services.serving.knative.dev"
- - "configurations.serving.knative.dev"
- - "revisions.serving.knative.dev"
- - "routes.serving.knative.dev"
- - "domainmappings.serving.knative.dev"
- resources:
- requests:
- cpu: 100m
- memory: 100Mi
- limits:
- cpu: 1000m
- memory: 1000Mi
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- capabilities:
- drop:
- - ALL
- seccompProfile:
- type: RuntimeDefault
+ - name: migrate
+ image: gcr.io/knative-releases/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:c2f7830569ab0b9f40ba785796d7a1d3e2069987528f5ca945ab7a339b0d96e7
+ args:
+ - "services.serving.knative.dev"
+ - "configurations.serving.knative.dev"
+ - "revisions.serving.knative.dev"
+ - "routes.serving.knative.dev"
+ - "domainmappings.serving.knative.dev"
+ resources:
+ requests:
+ cpu: 100m
+ memory: 100Mi
+ limits:
+ cpu: 1000m
+ memory: 1000Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ capabilities:
+ drop:
+ - ALL
+ seccompProfile:
+ type: RuntimeDefault
diff --git a/common/knative/knative-serving/base/upstream/net-istio.yaml b/common/knative/knative-serving/base/upstream/net-istio.yaml
index cebf3fea5f..e5f8874b50 100644
--- a/common/knative/knative-serving/base/upstream/net-istio.yaml
+++ b/common/knative/knative-serving/base/upstream/net-istio.yaml
@@ -5,7 +5,7 @@ metadata:
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.3"
+ app.kubernetes.io/version: "1.16.0"
serving.knative.dev/controller: "true"
networking.knative.dev/ingress-provider: istio
rules:
@@ -21,7 +21,7 @@ metadata:
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.3"
+ app.kubernetes.io/version: "1.16.0"
networking.knative.dev/ingress-provider: istio
spec:
selector:
@@ -42,7 +42,7 @@ metadata:
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.3"
+ app.kubernetes.io/version: "1.16.0"
networking.knative.dev/ingress-provider: istio
spec:
selector:
@@ -63,7 +63,7 @@ metadata:
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.3"
+ app.kubernetes.io/version: "1.16.0"
networking.knative.dev/ingress-provider: istio
experimental.istio.io/disable-gateway-port-translation: "true"
spec:
@@ -74,6 +74,9 @@ spec:
- name: http2
port: 80
targetPort: 8081
+ - name: https
+ port: 443
+ targetPort: 8444
---
apiVersion: v1
kind: ConfigMap
@@ -83,7 +86,7 @@ metadata:
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.3"
+ app.kubernetes.io/version: "1.16.0"
networking.knative.dev/ingress-provider: istio
data:
_example: |
@@ -102,27 +105,83 @@ data:
# this example block and unindented to be in the data block
# to actually change the configuration.
- # A gateway and Istio service to serve external traffic.
- # The configuration format should be
- # `gateway.{{gateway_namespace}}.{{gateway_name}}: "{{ingress_name}}.{{ingress_namespace}}.svc.cluster.local"`.
- # The {{gateway_namespace}} is optional; when it is omitted, the system will search for
- # the gateway in the serving system namespace `knative-serving`
+
+ # external-gateways defines a gateway and Istio service to serve external traffic.
+ # It is the new and preferred way to define the configuration.
+ # The format is as follow:
+ # ```
+ # external-gateways: |
+ # - name: {{gateway_name}}
+ # namespace: {{gateway_namespace}}
+ # service: {{ingress_name}}.{{ingress_namespace}}.svc.cluster.local
+ # labelSelector:
+ # matchExpressions:
+ # - key: {{label_key}}
+ # operator: {{operator}}
+ # values: [{{label_value}}]
+ # matchLabels:
+ # {{label_key}}: {{label_value}}
+ # ```
+ # name, namespace & service are mandatory and can't be empty. labelSelector is optional.
+ # If labelSelector is specified, the external gateway will be used by the knative service with matching labels.
+ # See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more details about labelSelector.
+ # Only one external gateway can be specified without a selector. It will act as the default external gateway.
+ external-gateways: |
+ - name: knative-ingress-gateway
+ namespace: knative-serving
+ service: istio-ingressgateway.istio-system.svc.cluster.local
+ #
+ #
+ # The old format has the following pattern:
+ # ```
+ # gateway.{{gateway_namespace}}.{{gateway_name}}: "{{ingress_name}}.{{ingress_namespace}}.svc.cluster.local"
+ # ```
+ # Please use the new configuration format `external-gateways` for future compatibility.
+ # This configuration will raise an error if either `external-gateways` or `local-gateways` is defined.
gateway.knative-serving.knative-ingress-gateway: "istio-ingressgateway.istio-system.svc.cluster.local"
- # A cluster local gateway to allow pods outside of the mesh to access
- # Services and Routes not exposing through an ingress. If the users
+
+ # local-gateways defines a cluster local gateway to allow pods outside of the mesh to access
+ # Services and Routes not exposing through an ingress. If the users
# do have a service mesh setup, this isn't required and can be removed.
#
# An example use case is when users want to use Istio without any
- # sidecar injection (like Knative's istio-ci-no-mesh.yaml). Since every pod
- # is outside of the service mesh in that case, a cluster-local service
+ # sidecar injection (like Knative's istio-ci-no-mesh.yaml). Since every pod
+ # is outside of the service mesh in that case, a cluster-local service
# will need to be exposed to a cluster-local gateway to be accessible.
- # The configuration format should be `local-gateway.{{local_gateway_namespace}}.
- # {{local_gateway_name}}: "{{cluster_local_gateway_name}}.
- # {{cluster_local_gateway_namespace}}.svc.cluster.local"`. The
- # {{local_gateway_namespace}} is optional; when it is omitted, the system
- # will search for the local gateway in the serving system namespace
- # `knative-serving`
+ #
+ # It is the new and preferred way to define the configuration.
+ # The format is as follow:
+ # ```
+ # local-gateways: |
+ # - name: {{local_gateway_name}}
+ # namespace: {{local_gateway_namespace}}
+ # service: {{cluster_local_gateway_name}}.{{cluster_local_gateway_namespace}}.svc.cluster.local
+ # labelSelector:
+ # matchExpressions:
+ # - key: {{label_key}}
+ # operator: {{operator}}
+ # values: [{{label_value}}]
+ # matchLabels:
+ # {{label_key}}: {{label_value}}
+ # ```
+ # name, namespace & service are mandatory and can't be empty. labelSelector is optional.
+ # If labelSelector is specified, the local gateway will be used by the knative service with matching labels.
+ # See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more details about labelSelector.
+ # Only one local gateway can be specified without a selector. It will act as the default local gateway.
+ local-gateways: |
+ - name: knative-local-gateway
+ namespace: knative-serving
+ service: knative-local-gateway.istio-system.svc.cluster.local
+ #
+ #
+ # The old format has the following pattern:
+ # ```
+ # local-gateway.{{local_gateway_namespace}}.{{local_gateway_name}}:
+ # "{{cluster_local_gateway_name}}.{{cluster_local_gateway_namespace}}.svc.cluster.local"
+ # ```
+ # Please use the new configuration format `local-gateways` for future compatibility.
+ # This configuration will raise an error if either `external-gateways` or `local-gateways` is defined.
local-gateway.knative-serving.knative-local-gateway: "knative-local-gateway.istio-system.svc.cluster.local"
---
apiVersion: "security.istio.io/v1beta1"
@@ -133,7 +192,7 @@ metadata:
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.3"
+ app.kubernetes.io/version: "1.16.0"
networking.knative.dev/ingress-provider: istio
spec:
selector:
@@ -151,7 +210,7 @@ metadata:
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.3"
+ app.kubernetes.io/version: "1.16.0"
networking.knative.dev/ingress-provider: istio
spec:
selector:
@@ -169,7 +228,7 @@ metadata:
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.3"
+ app.kubernetes.io/version: "1.16.0"
networking.knative.dev/ingress-provider: istio
spec:
selector:
@@ -177,18 +236,17 @@ spec:
app: net-istio-controller
template:
metadata:
- annotations:
- sidecar.istio.io/inject: "false"
labels:
+ sidecar.istio.io/inject: "false"
app: net-istio-controller
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.3"
+ app.kubernetes.io/version: "1.16.0"
spec:
serviceAccountName: controller
containers:
- name: controller
- image: gcr.io/knative-releases/knative.dev/net-istio/cmd/controller@sha256:5782b4a6b1a106d7cafe77d044b30905a9fecbbd2e0029946cb8a4b3507b40a4
+ image: gcr.io/knative-releases/knative.dev/net-istio/cmd/controller@sha256:e70bc675f97778da144157f125b3001124ba7a5903b85dab9e77776352fea1c7
resources:
requests:
cpu: 30m
@@ -248,7 +306,7 @@ metadata:
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.3"
+ app.kubernetes.io/version: "1.16.0"
networking.knative.dev/ingress-provider: istio
spec:
selector:
@@ -262,12 +320,12 @@ spec:
role: net-istio-webhook
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.3"
+ app.kubernetes.io/version: "1.16.0"
spec:
serviceAccountName: controller
containers:
- name: webhook
- image: gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook@sha256:eeff0ad31550f3ff519d988bb36bfe214e5b60c1ec4349c1f9bb2b2d8cad9479
+ image: gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook@sha256:7d76a6d42d139ed53aae3ca2dfd600b1c776eb85a17af64dd1b604176a4b132a
resources:
requests:
cpu: 20m
@@ -303,18 +361,12 @@ spec:
httpGet:
scheme: HTTPS
port: 8443
- httpHeaders:
- - name: k-kubelet-probe
- value: "webhook"
failureThreshold: 3
livenessProbe:
- periodSeconds: 1
+ periodSeconds: 10
httpGet:
scheme: HTTPS
port: 8443
- httpHeaders:
- - name: k-kubelet-probe
- value: "webhook"
failureThreshold: 6
initialDelaySeconds: 20
ports:
@@ -333,7 +385,7 @@ metadata:
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.3"
+ app.kubernetes.io/version: "1.16.0"
networking.knative.dev/ingress-provider: istio
---
apiVersion: v1
@@ -345,7 +397,7 @@ metadata:
role: net-istio-webhook
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.3"
+ app.kubernetes.io/version: "1.16.0"
networking.knative.dev/ingress-provider: istio
spec:
ports:
@@ -368,7 +420,7 @@ metadata:
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.3"
+ app.kubernetes.io/version: "1.16.0"
networking.knative.dev/ingress-provider: istio
webhooks:
- admissionReviewVersions:
@@ -392,7 +444,7 @@ metadata:
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.3"
+ app.kubernetes.io/version: "1.16.0"
networking.knative.dev/ingress-provider: istio
webhooks:
- admissionReviewVersions:
@@ -410,13 +462,4 @@ webhooks:
app.kubernetes.io/name: knative-serving
app.kubernetes.io/component: net-istio
---
-apiVersion: v1
-kind: Secret
-metadata:
- name: routing-serving-certs
- namespace: istio-system
- labels:
- serving-certs-ctrl: "data-plane-routing"
- networking.internal.knative.dev/certificate-uid: "serving-certs"
----
diff --git a/common/knative/knative-serving/base/upstream/serving-core.yaml b/common/knative/knative-serving/base/upstream/serving-core.yaml
index be638c4621..7130b5cb27 100644
--- a/common/knative/knative-serving/base/upstream/serving-core.yaml
+++ b/common/knative/knative-serving/base/upstream/serving-core.yaml
@@ -4,7 +4,7 @@ metadata:
name: knative-serving
labels:
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
@@ -13,7 +13,7 @@ metadata:
namespace: knative-serving
labels:
serving.knative.dev/controller: "true"
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
app.kubernetes.io/name: knative-serving
rules:
- apiGroups: [""]
@@ -30,7 +30,7 @@ metadata:
name: knative-serving-activator-cluster
labels:
serving.knative.dev/controller: "true"
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
app.kubernetes.io/name: knative-serving
rules:
- apiGroups: [""]
@@ -45,7 +45,7 @@ kind: ClusterRole
metadata:
name: knative-serving-aggregated-addressable-resolver
labels:
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
app.kubernetes.io/name: knative-serving
aggregationRule:
clusterRoleSelectors:
@@ -57,7 +57,7 @@ apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: knative-serving-addressable-resolver
labels:
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
app.kubernetes.io/name: knative-serving
duck.knative.dev/addressable: "true"
rules:
@@ -79,7 +79,7 @@ metadata:
name: knative-serving-namespaced-admin
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
app.kubernetes.io/name: knative-serving
rules:
- apiGroups: ["serving.knative.dev"]
@@ -95,7 +95,7 @@ metadata:
name: knative-serving-namespaced-edit
labels:
rbac.authorization.k8s.io/aggregate-to-edit: "true"
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
app.kubernetes.io/name: knative-serving
rules:
- apiGroups: ["serving.knative.dev"]
@@ -111,7 +111,7 @@ metadata:
name: knative-serving-namespaced-view
labels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
app.kubernetes.io/name: knative-serving
rules:
- apiGroups: ["serving.knative.dev", "networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"]
@@ -124,7 +124,7 @@ metadata:
name: knative-serving-core
labels:
serving.knative.dev/controller: "true"
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
app.kubernetes.io/name: knative-serving
rules:
- apiGroups: [""]
@@ -157,13 +157,23 @@ rules:
- apiGroups: ["caching.internal.knative.dev"]
resources: ["images"]
verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
+ - apiGroups: ["cert-manager.io"]
+ resources: ["certificates", "clusterissuers", "certificaterequests", "issuers"]
+ verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
+ - apiGroups: ["acme.cert-manager.io"]
+ resources: ["challenges"]
+ verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
+ - apiGroups: ["rbac.authorization.k8s.io"]
+ resources: ["clusterroles"]
+ verbs: ["delete"]
+ resourceNames: ["knative-serving-certmanager"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: knative-serving-podspecable-binding
labels:
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
app.kubernetes.io/name: knative-serving
duck.knative.dev/podspecable: "true"
rules:
@@ -185,7 +195,7 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
@@ -193,7 +203,7 @@ metadata:
name: knative-serving-admin
labels:
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
aggregationRule:
clusterRoleSelectors:
- matchLabels:
@@ -206,7 +216,7 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
subjects:
- kind: ServiceAccount
name: controller
@@ -223,7 +233,7 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
subjects:
- kind: ServiceAccount
name: controller
@@ -241,7 +251,7 @@ metadata:
labels:
app.kubernetes.io/component: activator
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
@@ -251,7 +261,7 @@ metadata:
labels:
app.kubernetes.io/component: activator
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
subjects:
- kind: ServiceAccount
name: activator
@@ -268,7 +278,7 @@ metadata:
labels:
app.kubernetes.io/component: activator
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
subjects:
- kind: ServiceAccount
name: activator
@@ -284,7 +294,7 @@ metadata:
name: images.caching.internal.knative.dev
labels:
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
knative.dev/crd-install: "true"
spec:
group: caching.internal.knative.dev
@@ -304,14 +314,25 @@ spec:
status: {}
schema:
openAPIV3Schema:
- description: Image is a Knative abstraction that encapsulates the interface by which Knative components express a desire to have a particular image cached.
+ description: |-
+ Image is a Knative abstraction that encapsulates the interface by which Knative
+ components express a desire to have a particular image cached.
type: object
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -325,25 +346,45 @@ spec:
description: Image is the name of the container image url to cache across the cluster.
type: string
imagePullSecrets:
- description: ImagePullSecrets contains the names of the Kubernetes Secrets containing login information used by the Pods which will run this container.
+ description: |-
+ ImagePullSecrets contains the names of the Kubernetes Secrets containing login
+ information used by the Pods which will run this container.
type: array
items:
- description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
type: object
properties:
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
+ default: ""
x-kubernetes-map-type: atomic
serviceAccountName:
- description: 'ServiceAccountName is the name of the Kubernetes ServiceAccount as which the Pods will run this container. This is potentially used to authenticate the image pull if the service account has attached pull secrets. For more information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account'
+ description: |-
+ ServiceAccountName is the name of the Kubernetes ServiceAccount as which the Pods
+ will run this container. This is potentially used to authenticate the image pull
+ if the service account has attached pull secrets. For more information:
+ https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account
type: string
status:
description: Status communicates the observed state of the Image (from the controller).
type: object
properties:
annotations:
- description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
+ description: |-
+ Annotations is additional Status fields for the Resource to save some
+ additional State as well as convey more information to the user. This is
+ roughly akin to Annotations on any k8s resource, just the reconciler conveying
+ richer information outwards.
type: object
additionalProperties:
type: string
@@ -351,14 +392,19 @@ spec:
description: Conditions the latest available observations of a resource's current state.
type: array
items:
- description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties'
+ description: |-
+ Condition defines a readiness condition for a Knative resource.
+ See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
type: object
required:
- status
- type
properties:
lastTransitionTime:
- description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).
+ description: |-
+ LastTransitionTime is the last time the condition transitioned from one status to another.
+ We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
+ differences (all other things held constant).
type: string
message:
description: A human readable message indicating details about the transition.
@@ -367,7 +413,9 @@ spec:
description: The reason for the condition's last transition.
type: string
severity:
- description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.
+ description: |-
+ Severity with which to treat failures of this type of condition.
+ When this is not specified, it defaults to Error.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
@@ -376,7 +424,9 @@ spec:
description: Type of condition.
type: string
observedGeneration:
- description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.
+ description: |-
+ ObservedGeneration is the 'Generation' of the Service that
+ was last processed by the controller.
type: integer
format: int64
additionalPrinterColumns:
@@ -384,6 +434,21 @@ spec:
type: string
jsonPath: .spec.image
---
+apiVersion: networking.internal.knative.dev/v1alpha1
+kind: Certificate
+metadata:
+ annotations:
+ networking.knative.dev/certificate.class: cert-manager.certificate.networking.knative.dev
+ labels:
+ networking.knative.dev/certificate-type: system-internal
+ name: routing-serving-certs
+ namespace: knative-serving
+spec:
+ dnsNames:
+ - kn-routing
+ - data-plane.knative.dev
+ secretName: routing-serving-certs
+---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
@@ -391,7 +456,7 @@ metadata:
labels:
app.kubernetes.io/name: knative-serving
app.kubernetes.io/component: networking
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
knative.dev/crd-install: "true"
spec:
group: networking.internal.knative.dev
@@ -403,26 +468,42 @@ spec:
status: {}
schema:
openAPIV3Schema:
- description: Certificate is responsible for provisioning a SSL certificate for the given hosts. It is a Knative abstraction for various SSL certificate provisioning solutions (such as cert-manager or self-signed SSL certificate).
+ description: |-
+ Certificate is responsible for provisioning a SSL certificate for the
+ given hosts. It is a Knative abstraction for various SSL certificate
+ provisioning solutions (such as cert-manager or self-signed SSL certificate).
type: object
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
- description: 'Spec is the desired state of the Certificate. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+ description: |-
+ Spec is the desired state of the Certificate.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
type: object
required:
- dnsNames
- secretName
properties:
dnsNames:
- description: DNSNames is a list of DNS names the Certificate could support. The wildcard format of DNSNames (e.g. *.default.example.com) is supported.
+ description: |-
+ DNSNames is a list of DNS names the Certificate could support.
+ The wildcard format of DNSNames (e.g. *.default.example.com) is supported.
type: array
items:
type: string
@@ -433,11 +514,17 @@ spec:
description: SecretName is the name of the secret resource to store the SSL certificate in.
type: string
status:
- description: 'Status is the current state of the Certificate. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+ description: |-
+ Status is the current state of the Certificate.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
type: object
properties:
annotations:
- description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
+ description: |-
+ Annotations is additional Status fields for the Resource to save some
+ additional State as well as convey more information to the user. This is
+ roughly akin to Annotations on any k8s resource, just the reconciler conveying
+ richer information outwards.
type: object
additionalProperties:
type: string
@@ -445,14 +532,19 @@ spec:
description: Conditions the latest available observations of a resource's current state.
type: array
items:
- description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties'
+ description: |-
+ Condition defines a readiness condition for a Knative resource.
+ See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
type: object
required:
- status
- type
properties:
lastTransitionTime:
- description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).
+ description: |-
+ LastTransitionTime is the last time the condition transitioned from one status to another.
+ We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
+ differences (all other things held constant).
type: string
message:
description: A human readable message indicating details about the transition.
@@ -461,7 +553,9 @@ spec:
description: The reason for the condition's last transition.
type: string
severity:
- description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.
+ description: |-
+ Severity with which to treat failures of this type of condition.
+ When this is not specified, it defaults to Error.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
@@ -470,10 +564,14 @@ spec:
description: Type of condition.
type: string
http01Challenges:
- description: HTTP01Challenges is a list of HTTP01 challenges that need to be fulfilled in order to get the TLS certificate..
+ description: |-
+ HTTP01Challenges is a list of HTTP01 challenges that need to be fulfilled
+ in order to get the TLS certificate..
type: array
items:
- description: HTTP01Challenge defines the status of a HTTP01 challenge that a certificate needs to fulfill.
+ description: |-
+ HTTP01Challenge defines the status of a HTTP01 challenge that a certificate needs
+ to fulfill.
type: object
properties:
serviceName:
@@ -492,11 +590,15 @@ spec:
description: URL is the URL that the HTTP01 challenge is expected to serve on.
type: string
notAfter:
- description: The expiration time of the TLS certificate stored in the secret named by this resource in spec.secretName.
+ description: |-
+ The expiration time of the TLS certificate stored in the secret named
+ by this resource in spec.secretName.
type: string
format: date-time
observedGeneration:
- description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.
+ description: |-
+ ObservedGeneration is the 'Generation' of the Service that
+ was last processed by the controller.
type: integer
format: int64
additionalPrinterColumns:
@@ -523,7 +625,7 @@ metadata:
name: configurations.serving.knative.dev
labels:
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
knative.dev/crd-install: "true"
duck.knative.dev/podspecable: "true"
spec:
@@ -561,14 +663,28 @@ spec:
jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
schema:
openAPIV3Schema:
- description: 'Configuration represents the "floating HEAD" of a linear history of Revisions. Users create new Revisions by updating the Configuration''s spec. The "latest created" revision''s name is available under status, as is the "latest ready" revision''s name. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#configuration'
+ description: |-
+ Configuration represents the "floating HEAD" of a linear history of Revisions.
+ Users create new Revisions by updating the Configuration's spec.
+ The "latest created" revision's name is available under status, as is the
+ "latest ready" revision's name.
+ See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#configuration
type: object
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -614,28 +730,56 @@ spec:
description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.
type: boolean
containerConcurrency:
- description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler.
+ description: |-
+ ContainerConcurrency specifies the maximum allowed in-flight (concurrent)
+ requests per container of the Revision. Defaults to `0` which means
+ concurrency to the application is not limited, and the system decides the
+ target concurrency for the autoscaler.
type: integer
format: int64
containers:
- description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.
+ description: |-
+ List of containers belonging to the pod.
+ Containers cannot currently be added or removed.
+ There must be at least one container in a Pod.
+ Cannot be updated.
type: array
items:
description: A single application container that you want to run within a pod.
type: object
properties:
args:
- description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ description: |-
+ Arguments to the entrypoint.
+ The container image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
type: array
items:
type: string
+ x-kubernetes-list-type: atomic
command:
- description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The container image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
type: array
items:
type: string
+ x-kubernetes-list-type: atomic
env:
- description: List of environment variables to set in the container. Cannot be updated.
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
type: array
items:
description: EnvVar represents an environment variable present in a Container.
@@ -647,7 +791,16 @@ spec:
description: Name of the environment variable. Must be a C_IDENTIFIER.
type: string
value:
- description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".'
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
type: string
valueFrom:
description: Source for the environment variable's value. Cannot be used if value is not empty.
@@ -663,8 +816,16 @@ spec:
description: The key to select.
type: string
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
+ default: ""
optional:
description: Specify whether the ConfigMap or its key must be defined
type: boolean
@@ -689,14 +850,31 @@ spec:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
+ default: ""
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
x-kubernetes-map-type: atomic
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
envFrom:
- description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
type: array
items:
description: EnvFromSource represents the source of a set of ConfigMaps
@@ -707,8 +885,16 @@ spec:
type: object
properties:
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
+ default: ""
optional:
description: Specify whether the ConfigMap must be defined
type: boolean
@@ -721,20 +907,42 @@ spec:
type: object
properties:
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
+ default: ""
optional:
description: Specify whether the Secret must be defined
type: boolean
x-kubernetes-map-type: atomic
+ x-kubernetes-list-type: atomic
image:
- description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.'
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
type: string
imagePullPolicy:
- description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
type: string
livenessProbe:
- description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Periodic probe of container liveness.
+ Container will be restarted if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: object
properties:
exec:
@@ -742,12 +950,20 @@ spec:
type: object
properties:
command:
- description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
type: array
items:
type: string
+ x-kubernetes-list-type: atomic
failureThreshold:
- description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
type: integer
format: int32
grpc:
@@ -761,14 +977,21 @@ spec:
type: integer
format: int32
service:
- description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC."
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
type: string
httpGet:
description: HTTPGet specifies the http request to perform.
type: object
properties:
host:
- description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP allows repeated headers.
@@ -781,25 +1004,35 @@ spec:
- value
properties:
name:
- description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
type: string
value:
description: The header field value
type: string
+ x-kubernetes-list-type: atomic
path:
description: Path to access on the HTTP server.
type: string
port:
- description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
- description: Scheme to use for connecting to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
initialDelaySeconds:
- description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: integer
format: int32
periodSeconds:
@@ -807,7 +1040,9 @@ spec:
type: integer
format: int32
successThreshold:
- description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
type: integer
format: int32
tcpSocket:
@@ -818,20 +1053,36 @@ spec:
description: 'Optional: Host name to connect to, defaults to the pod IP.'
type: string
port:
- description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
timeoutSeconds:
- description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: integer
format: int32
name:
- description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
+ description: |-
+ Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
type: string
ports:
- description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
+ description: |-
+ List of ports to expose from the container. Not specifying a port here
+ DOES NOT prevent that port from being exposed. Any port which is
+ listening on the default "0.0.0.0" address inside a container will be
+ accessible from the network.
+ Modifying this array with strategic merge patch may corrupt the data.
+ For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
type: array
items:
description: ContainerPort represents a network port in a single container.
@@ -840,14 +1091,21 @@ spec:
- containerPort
properties:
containerPort:
- description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
type: integer
format: int32
name:
- description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
type: string
protocol:
- description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
type: string
default: TCP
x-kubernetes-list-map-keys:
@@ -855,7 +1113,11 @@ spec:
- protocol
x-kubernetes-list-type: map
readinessProbe:
- description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: object
properties:
exec:
@@ -863,12 +1125,20 @@ spec:
type: object
properties:
command:
- description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
type: array
items:
type: string
+ x-kubernetes-list-type: atomic
failureThreshold:
- description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
type: integer
format: int32
grpc:
@@ -882,14 +1152,21 @@ spec:
type: integer
format: int32
service:
- description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC."
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
type: string
httpGet:
description: HTTPGet specifies the http request to perform.
type: object
properties:
host:
- description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP allows repeated headers.
@@ -902,25 +1179,35 @@ spec:
- value
properties:
name:
- description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
type: string
value:
description: The header field value
type: string
+ x-kubernetes-list-type: atomic
path:
description: Path to access on the HTTP server.
type: string
port:
- description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
- description: Scheme to use for connecting to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
initialDelaySeconds:
- description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: integer
format: int32
periodSeconds:
@@ -928,7 +1215,9 @@ spec:
type: integer
format: int32
successThreshold:
- description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
type: integer
format: int32
tcpSocket:
@@ -939,21 +1228,39 @@ spec:
description: 'Optional: Host name to connect to, defaults to the pod IP.'
type: string
port:
- description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
timeoutSeconds:
- description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: integer
format: int32
resources:
- description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Compute Resources required by this container.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
properties:
claims:
- description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
type: array
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
@@ -962,13 +1269,18 @@ spec:
- name
properties:
name:
- description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
type: string
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
- description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
additionalProperties:
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -977,7 +1289,11 @@ spec:
- type: string
x-kubernetes-int-or-string: true
requests:
- description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
additionalProperties:
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -986,14 +1302,27 @@ spec:
- type: string
x-kubernetes-int-or-string: true
securityContext:
- description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ description: |-
+ SecurityContext defines the security options the container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
type: object
properties:
allowPrivilegeEscalation:
- description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.'
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
type: boolean
capabilities:
- description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
type: object
properties:
add:
@@ -1002,46 +1331,232 @@ spec:
items:
description: Capability represent POSIX capabilities type
type: string
+ x-kubernetes-list-type: atomic
drop:
description: Removed capabilities
type: array
items:
description: Capability represent POSIX capabilities type
type: string
+ x-kubernetes-list-type: atomic
readOnlyRootFilesystem:
- description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
type: boolean
runAsGroup:
- description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
type: integer
format: int64
runAsNonRoot:
- description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
type: boolean
runAsUser:
- description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
type: integer
format: int64
seccompProfile:
- description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
type: object
required:
- type
properties:
localhostProfile:
- description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
type: string
type:
- description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ startupProbe:
+ description: |-
+ StartupProbe indicates that the Pod has successfully initialized.
+ If specified, no other probes are executed until this completes successfully.
+ If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+ when it might take a long time to load data or warm a cache, than during steady-state operation.
+ This cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: object
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ type: object
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ type: array
+ items:
+ type: string
+ x-kubernetes-list-type: atomic
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ type: integer
+ format: int32
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ type: object
+ required:
+ - port
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must be in the range 1 to 65535.
+ type: integer
+ format: int32
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ type: object
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ type: array
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ type: object
+ required:
+ - name
+ - value
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ type: integer
+ format: int32
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ type: integer
+ format: int32
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP port.
+ type: object
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
terminationMessagePath:
- description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.'
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
type: string
terminationMessagePolicy:
- description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
type: string
volumeMounts:
- description: Pod volumes to mount into the container's filesystem. Cannot be updated.
+ description: |-
+ Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
type: array
items:
description: VolumeMount describes a mounting of a Volume within a container.
@@ -1051,19 +1566,32 @@ spec:
- name
properties:
mountPath:
- description: Path within the container at which the volume should be mounted. Must not contain ':'.
+ description: |-
+ Path within the container at which the volume should be mounted. Must
+ not contain ':'.
type: string
name:
description: This must match the Name of a Volume.
type: string
readOnly:
- description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
type: boolean
subPath:
- description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
type: string
+ x-kubernetes-list-map-keys:
+ - mountPath
+ x-kubernetes-list-type: map
workingDir:
- description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
type: string
dnsConfig:
description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig
@@ -1082,23 +1610,67 @@ spec:
description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases
type: object
x-kubernetes-preserve-unknown-fields: true
+ hostIPC:
+ description: This is accessible behind a feature flag - kubernetes.podspec-hostipc
+ type: boolean
+ x-kubernetes-preserve-unknown-fields: true
+ hostNetwork:
+ description: This is accessible behind a feature flag - kubernetes.podspec-hostnetwork
+ type: boolean
+ x-kubernetes-preserve-unknown-fields: true
+ hostPID:
+ description: This is accessible behind a feature flag - kubernetes.podspec-hostpid
+ type: boolean
+ x-kubernetes-preserve-unknown-fields: true
idleTimeoutSeconds:
- description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided.
+ description: |-
+ IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed
+ to stay open while not receiving any bytes from the user's application. If
+ unspecified, a system default will be provided.
type: integer
format: int64
imagePullSecrets:
- description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod'
+ description: |-
+ ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
+ If specified, these secrets will be passed to individual puller implementations for them to use.
+ More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
type: array
items:
- description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
type: object
properties:
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
+ default: ""
x-kubernetes-map-type: atomic
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
initContainers:
- description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/'
+ description: |-
+ List of initialization containers belonging to the pod.
+ Init containers are executed in order prior to containers being started. If any
+ init container fails, the pod is considered to have failed and is handled according
+ to its restartPolicy. The name for an init container or normal container must be
+ unique among all containers.
+ Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
+ The resourceRequirements of an init container are taken into account during scheduling
+ by finding the highest request/limit for each resource type, and then using the max of
+ of that value or the sum of the normal containers. Limits are applied to init containers
+ in a similar fashion.
+ Init containers cannot currently be added or removed.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
type: array
items:
description: This is accessible behind a feature flag - kubernetes.podspec-init-containers
@@ -1114,7 +1686,10 @@ spec:
type: string
x-kubernetes-preserve-unknown-fields: true
responseStartTimeoutSeconds:
- description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic.
+ description: |-
+ ResponseStartTimeoutSeconds is the maximum duration in seconds that the request
+ routing layer will wait for a request delivered to a container to begin
+ sending any network traffic.
type: integer
format: int64
runtimeClassName:
@@ -1130,14 +1705,19 @@ spec:
type: object
x-kubernetes-preserve-unknown-fields: true
serviceAccountName:
- description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/'
+ description: |-
+ ServiceAccountName is the name of the ServiceAccount to use to run this pod.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
type: string
shareProcessNamespace:
description: This is accessible behind a feature flag - kubernetes.podspec-shareproccessnamespace
type: boolean
x-kubernetes-preserve-unknown-fields: true
timeoutSeconds:
- description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided.
+ description: |-
+ TimeoutSeconds is the maximum duration in seconds that the request instance
+ is allowed to respond to a request. If unspecified, a system default will
+ be provided.
type: integer
format: int64
tolerations:
@@ -1147,6 +1727,7 @@ spec:
description: This is accessible behind a feature flag - kubernetes.podspec-tolerations
type: object
x-kubernetes-preserve-unknown-fields: true
+ x-kubernetes-list-type: atomic
topologySpreadConstraints:
description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints
type: array
@@ -1155,7 +1736,9 @@ spec:
type: object
x-kubernetes-preserve-unknown-fields: true
volumes:
- description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes'
+ description: |-
+ List of volumes that can be mounted by containers belonging to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes
type: array
items:
description: Volume represents a named volume in a pod that may be accessed by any container in the pod.
@@ -1168,11 +1751,25 @@ spec:
type: object
properties:
defaultMode:
- description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
+ description: |-
+ defaultMode is optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
items:
- description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
type: array
items:
description: Maps a string key to a path within a volume.
@@ -1185,15 +1782,34 @@ spec:
description: key is the key to project.
type: string
mode:
- description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
path:
- description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
type: string
+ x-kubernetes-list-type: atomic
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
+ default: ""
optional:
description: optional specify whether the ConfigMap or its keys must be defined
type: boolean
@@ -1203,7 +1819,10 @@ spec:
type: object
x-kubernetes-preserve-unknown-fields: true
name:
- description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ description: |-
+ name of the volume.
+ Must be a DNS_LABEL and unique within the pod.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
persistentVolumeClaim:
description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim
@@ -1214,7 +1833,13 @@ spec:
type: object
properties:
defaultMode:
- description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ description: |-
+ defaultMode are the mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
sources:
@@ -1229,7 +1854,14 @@ spec:
type: object
properties:
items:
- description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
type: array
items:
description: Maps a string key to a path within a volume.
@@ -1242,15 +1874,34 @@ spec:
description: key is the key to project.
type: string
mode:
- description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
path:
- description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
type: string
+ x-kubernetes-list-type: atomic
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
+ default: ""
optional:
description: optional specify whether the ConfigMap or its keys must be defined
type: boolean
@@ -1269,7 +1920,7 @@ spec:
- path
properties:
fieldRef:
- description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.'
+ description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.'
type: object
required:
- fieldPath
@@ -1282,14 +1933,22 @@ spec:
type: string
x-kubernetes-map-type: atomic
mode:
- description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
+ description: |-
+ Optional: mode bits used to set permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
path:
description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..'''
type: string
resourceFieldRef:
- description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.'
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
type: object
required:
- resource
@@ -1308,12 +1967,20 @@ spec:
description: 'Required: resource to select'
type: string
x-kubernetes-map-type: atomic
+ x-kubernetes-list-type: atomic
secret:
description: secret information about the secret data to project
type: object
properties:
items:
- description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
type: array
items:
description: Maps a string key to a path within a volume.
@@ -1326,15 +1993,34 @@ spec:
description: key is the key to project.
type: string
mode:
- description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
path:
- description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
type: string
+ x-kubernetes-list-type: atomic
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
+ default: ""
optional:
description: optional field specify whether the Secret or its key must be defined
type: boolean
@@ -1346,25 +2032,54 @@ spec:
- path
properties:
audience:
- description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
+ description: |-
+ audience is the intended audience of the token. A recipient of a token
+ must identify itself with an identifier specified in the audience of the
+ token, and otherwise should reject the token. The audience defaults to the
+ identifier of the apiserver.
type: string
expirationSeconds:
- description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
+ description: |-
+ expirationSeconds is the requested duration of validity of the service
+ account token. As the token approaches expiration, the kubelet volume
+ plugin will proactively rotate the service account token. The kubelet will
+ start trying to rotate the token if the token is older than 80 percent of
+ its time to live or if the token is older than 24 hours.Defaults to 1 hour
+ and must be at least 10 minutes.
type: integer
format: int64
path:
- description: path is the path relative to the mount point of the file to project the token into.
+ description: |-
+ path is the path relative to the mount point of the file to project the
+ token into.
type: string
+ x-kubernetes-list-type: atomic
secret:
- description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ description: |-
+ secret represents a secret that should populate this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
type: object
properties:
defaultMode:
- description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
+ description: |-
+ defaultMode is Optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values
+ for mode bits. Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
items:
- description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ description: |-
+ items If unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
type: array
items:
description: Maps a string key to a path within a volume.
@@ -1377,24 +2092,44 @@ spec:
description: key is the key to project.
type: string
mode:
- description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
path:
- description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
type: string
+ x-kubernetes-list-type: atomic
optional:
description: optional field specify whether the Secret or its keys must be defined
type: boolean
secretName:
- description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ description: |-
+ secretName is the name of the secret in the pod's namespace to use.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
type: string
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
status:
description: ConfigurationStatus communicates the observed state of the Configuration (from the controller).
type: object
properties:
annotations:
- description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
+ description: |-
+ Annotations is additional Status fields for the Resource to save some
+ additional State as well as convey more information to the user. This is
+ roughly akin to Annotations on any k8s resource, just the reconciler conveying
+ richer information outwards.
type: object
additionalProperties:
type: string
@@ -1402,14 +2137,19 @@ spec:
description: Conditions the latest available observations of a resource's current state.
type: array
items:
- description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties'
+ description: |-
+ Condition defines a readiness condition for a Knative resource.
+ See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
type: object
required:
- status
- type
properties:
lastTransitionTime:
- description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).
+ description: |-
+ LastTransitionTime is the last time the condition transitioned from one status to another.
+ We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
+ differences (all other things held constant).
type: string
message:
description: A human readable message indicating details about the transition.
@@ -1418,7 +2158,9 @@ spec:
description: The reason for the condition's last transition.
type: string
severity:
- description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.
+ description: |-
+ Severity with which to treat failures of this type of condition.
+ When this is not specified, it defaults to Error.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
@@ -1427,13 +2169,19 @@ spec:
description: Type of condition.
type: string
latestCreatedRevisionName:
- description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName.
+ description: |-
+ LatestCreatedRevisionName is the last revision that was created from this
+ Configuration. It might not be ready yet, for that use LatestReadyRevisionName.
type: string
latestReadyRevisionName:
- description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True".
+ description: |-
+ LatestReadyRevisionName holds the name of the latest Revision stamped out
+ from this Configuration that has had its "Ready" condition become "True".
type: string
observedGeneration:
- description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.
+ description: |-
+ ObservedGeneration is the 'Generation' of the Service that
+ was last processed by the controller.
type: integer
format: int64
---
@@ -1444,7 +2192,7 @@ metadata:
labels:
app.kubernetes.io/name: knative-serving
app.kubernetes.io/component: networking
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
knative.dev/crd-install: "true"
spec:
group: networking.internal.knative.dev
@@ -1460,21 +2208,34 @@ spec:
type: object
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
- description: 'Spec is the desired state of the ClusterDomainClaim. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+ description: |-
+ Spec is the desired state of the ClusterDomainClaim.
+ More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
type: object
required:
- namespace
properties:
namespace:
- description: Namespace is the namespace which is allowed to create a DomainMapping using this ClusterDomainClaim's name.
+ description: |-
+ Namespace is the namespace which is allowed to create a DomainMapping
+ using this ClusterDomainClaim's name.
type: string
names:
kind: ClusterDomainClaim
@@ -1493,7 +2254,7 @@ metadata:
name: domainmappings.serving.knative.dev
labels:
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
knative.dev/crd-install: "true"
spec:
group: serving.knative.dev
@@ -1519,21 +2280,43 @@ spec:
type: object
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
- description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+ description: |-
+ Spec is the desired state of the DomainMapping.
+ More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
type: object
required:
- ref
properties:
ref:
- description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services."
+ description: |-
+ Ref specifies the target of the Domain Mapping.
+
+
+ The object identified by the Ref must be an Addressable with a URL of the
+ form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain,
+ and `{name}` and `{namespace}` are the name and namespace of a Kubernetes
+ Service.
+
+
+ This contract is satisfied by Knative types such as Knative Services and
+ Knative Routes, and by Kubernetes Services.
type: object
required:
- kind
@@ -1546,16 +2329,25 @@ spec:
description: API version of the referent.
type: string
group:
- description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086'
+ description: |-
+ Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup.
+ Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086
type: string
kind:
- description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
- description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.'
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ This is optional field, it gets defaulted to the object holding it if left out.
type: string
tls:
description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret.
@@ -1567,7 +2359,9 @@ spec:
description: SecretName is the name of the existing secret used to terminate TLS traffic.
type: string
status:
- description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+ description: |-
+ Status is the current state of the DomainMapping.
+ More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
type: object
properties:
address:
@@ -1575,7 +2369,9 @@ spec:
type: object
properties:
CACerts:
- description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468.
+ description: |-
+ CACerts is the Certification Authority (CA) certificates in PEM format
+ according to https://www.rfc-editor.org/rfc/rfc7468.
type: string
audience:
description: Audience is the OIDC audience for this address.
@@ -1586,7 +2382,11 @@ spec:
url:
type: string
annotations:
- description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
+ description: |-
+ Annotations is additional Status fields for the Resource to save some
+ additional State as well as convey more information to the user. This is
+ roughly akin to Annotations on any k8s resource, just the reconciler conveying
+ richer information outwards.
type: object
additionalProperties:
type: string
@@ -1594,14 +2394,19 @@ spec:
description: Conditions the latest available observations of a resource's current state.
type: array
items:
- description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties'
+ description: |-
+ Condition defines a readiness condition for a Knative resource.
+ See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
type: object
required:
- status
- type
properties:
lastTransitionTime:
- description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).
+ description: |-
+ LastTransitionTime is the last time the condition transitioned from one status to another.
+ We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
+ differences (all other things held constant).
type: string
message:
description: A human readable message indicating details about the transition.
@@ -1610,7 +2415,9 @@ spec:
description: The reason for the condition's last transition.
type: string
severity:
- description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.
+ description: |-
+ Severity with which to treat failures of this type of condition.
+ When this is not specified, it defaults to Error.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
@@ -1619,7 +2426,9 @@ spec:
description: Type of condition.
type: string
observedGeneration:
- description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.
+ description: |-
+ ObservedGeneration is the 'Generation' of the Service that
+ was last processed by the controller.
type: integer
format: int64
url:
@@ -1644,7 +2453,7 @@ metadata:
labels:
app.kubernetes.io/name: knative-serving
app.kubernetes.io/component: networking
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
knative.dev/crd-install: "true"
spec:
group: networking.internal.knative.dev
@@ -1656,61 +2465,116 @@ spec:
status: {}
schema:
openAPIV3Schema:
- description: "Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable URLs, load balance traffic, offer name based virtual hosting, etc. \n This is heavily based on K8s Ingress https://godoc.org/k8s.io/api/networking/v1beta1#Ingress which some highlighted modifications."
+ description: |-
+ Ingress is a collection of rules that allow inbound connections to reach the endpoints defined
+ by a backend. An Ingress can be configured to give services externally-reachable URLs, load
+ balance traffic, offer name based virtual hosting, etc.
+
+
+ This is heavily based on K8s Ingress https://godoc.org/k8s.io/api/networking/v1beta1#Ingress
+ which some highlighted modifications.
type: object
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
- description: 'Spec is the desired state of the Ingress. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+ description: |-
+ Spec is the desired state of the Ingress.
+ More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
type: object
properties:
httpOption:
- description: 'HTTPOption is the option of HTTP. It has the following two values: `HTTPOptionEnabled`, `HTTPOptionRedirected`'
+ description: |-
+ HTTPOption is the option of HTTP. It has the following two values:
+ `HTTPOptionEnabled`, `HTTPOptionRedirected`
type: string
rules:
description: A list of host rules used to configure the Ingress.
type: array
items:
- description: IngressRule represents the rules mapping the paths under a specified host to the related backend services. Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching IngressRuleValue.
+ description: |-
+ IngressRule represents the rules mapping the paths under a specified host to
+ the related backend services. Incoming requests are first evaluated for a host
+ match, then routed to the backend associated with the matching IngressRuleValue.
type: object
properties:
hosts:
- description: 'Host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the "host" part of the URI as defined in the RFC: 1. IPs are not allowed. Currently a rule value can only apply to the IP in the Spec of the parent . 2. The `:` delimiter is not respected because ports are not allowed. Currently the port of an Ingress is implicitly :80 for http and :443 for https. Both these may change in the future. If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue. If multiple matching Hosts were provided, the first rule will take precedent.'
+ description: |-
+ Host is the fully qualified domain name of a network host, as defined
+ by RFC 3986. Note the following deviations from the "host" part of the
+ URI as defined in the RFC:
+ 1. IPs are not allowed. Currently a rule value can only apply to the
+ IP in the Spec of the parent .
+ 2. The `:` delimiter is not respected because ports are not allowed.
+ Currently the port of an Ingress is implicitly :80 for http and
+ :443 for https.
+ Both these may change in the future.
+ If the host is unspecified, the Ingress routes all traffic based on the
+ specified IngressRuleValue.
+ If multiple matching Hosts were provided, the first rule will take precedent.
type: array
items:
type: string
http:
- description: HTTP represents a rule to apply against incoming requests. If the rule is satisfied, the request is routed to the specified backend.
+ description: |-
+ HTTP represents a rule to apply against incoming requests. If the
+ rule is satisfied, the request is routed to the specified backend.
type: object
required:
- paths
properties:
paths:
- description: "A collection of paths that map requests to backends. \n If they are multiple matching paths, the first match takes precedence."
+ description: |-
+ A collection of paths that map requests to backends.
+
+
+ If they are multiple matching paths, the first match takes precedence.
type: array
items:
- description: HTTPIngressPath associates a path regex with a backend. Incoming URLs matching the path are forwarded to the backend.
+ description: |-
+ HTTPIngressPath associates a path regex with a backend. Incoming URLs matching
+ the path are forwarded to the backend.
type: object
required:
- splits
properties:
appendHeaders:
- description: "AppendHeaders allow specifying additional HTTP headers to add before forwarding a request to the destination service. \n NOTE: This differs from K8s Ingress which doesn't allow header appending."
+ description: |-
+ AppendHeaders allow specifying additional HTTP headers to add
+ before forwarding a request to the destination service.
+
+
+ NOTE: This differs from K8s Ingress which doesn't allow header appending.
type: object
additionalProperties:
type: string
headers:
- description: Headers defines header matching rules which is a map from a header name to HeaderMatch which specify a matching condition. When a request matched with all the header matching rules, the request is routed by the corresponding ingress rule. If it is empty, the headers are not used for matching
+ description: |-
+ Headers defines header matching rules which is a map from a header name
+ to HeaderMatch which specify a matching condition.
+ When a request matched with all the header matching rules,
+ the request is routed by the corresponding ingress rule.
+ If it is empty, the headers are not used for matching
type: object
additionalProperties:
- description: HeaderMatch represents a matching value of Headers in HTTPIngressPath. Currently, only the exact matching is supported.
+ description: |-
+ HeaderMatch represents a matching value of Headers in HTTPIngressPath.
+ Currently, only the exact matching is supported.
type: object
required:
- exact
@@ -1718,13 +2582,25 @@ spec:
exact:
type: string
path:
- description: Path represents a literal prefix to which this rule should apply. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/'. If unspecified, the path defaults to a catch all sending traffic to the backend.
+ description: |-
+ Path represents a literal prefix to which this rule should apply.
+ Currently it can contain characters disallowed from the conventional
+ "path" part of a URL as defined by RFC 3986. Paths must begin with
+ a '/'. If unspecified, the path defaults to a catch all sending
+ traffic to the backend.
type: string
rewriteHost:
- description: "RewriteHost rewrites the incoming request's host header. \n This field is currently experimental and not supported by all Ingress implementations."
+ description: |-
+ RewriteHost rewrites the incoming request's host header.
+
+
+ This field is currently experimental and not supported by all Ingress
+ implementations.
type: string
splits:
- description: Splits defines the referenced service endpoints to which the traffic will be forwarded to.
+ description: |-
+ Splits defines the referenced service endpoints to which the traffic
+ will be forwarded to.
type: array
items:
description: IngressBackendSplit describes all endpoints for a given service and port.
@@ -1735,18 +2611,32 @@ spec:
- servicePort
properties:
appendHeaders:
- description: "AppendHeaders allow specifying additional HTTP headers to add before forwarding a request to the destination service. \n NOTE: This differs from K8s Ingress which doesn't allow header appending."
+ description: |-
+ AppendHeaders allow specifying additional HTTP headers to add
+ before forwarding a request to the destination service.
+
+
+ NOTE: This differs from K8s Ingress which doesn't allow header appending.
type: object
additionalProperties:
type: string
percent:
- description: "Specifies the split percentage, a number between 0 and 100. If only one split is specified, we default to 100. \n NOTE: This differs from K8s Ingress to allow percentage split."
+ description: |-
+ Specifies the split percentage, a number between 0 and 100. If
+ only one split is specified, we default to 100.
+
+
+ NOTE: This differs from K8s Ingress to allow percentage split.
type: integer
serviceName:
description: Specifies the name of the referenced service.
type: string
serviceNamespace:
- description: "Specifies the namespace of the referenced service. \n NOTE: This differs from K8s Ingress to allow routing to different namespaces."
+ description: |-
+ Specifies the namespace of the referenced service.
+
+
+ NOTE: This differs from K8s Ingress to allow routing to different namespaces.
type: string
servicePort:
description: Specifies the port of the referenced service.
@@ -1755,17 +2645,28 @@ spec:
- type: string
x-kubernetes-int-or-string: true
visibility:
- description: Visibility signifies whether this rule should `ClusterLocal`. If it's not specified then it defaults to `ExternalIP`.
+ description: |-
+ Visibility signifies whether this rule should `ClusterLocal`. If it's not
+ specified then it defaults to `ExternalIP`.
type: string
tls:
- description: 'TLS configuration. Currently Ingress only supports a single TLS port: 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI.'
+ description: |-
+ TLS configuration. Currently Ingress only supports a single TLS
+ port: 443. If multiple members of this list specify different hosts, they
+ will be multiplexed on the same port according to the hostname specified
+ through the SNI TLS extension, if the ingress controller fulfilling the
+ ingress supports SNI.
type: array
items:
description: IngressTLS describes the transport layer security associated with an Ingress.
type: object
properties:
hosts:
- description: Hosts is a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified.
+ description: |-
+ Hosts is a list of hosts included in the TLS certificate. The values in
+ this list must match the name/s used in the tlsSecret. Defaults to the
+ wildcard host setting for the loadbalancer controller fulfilling this
+ Ingress, if left unspecified.
type: array
items:
type: string
@@ -1773,14 +2674,24 @@ spec:
description: SecretName is the name of the secret used to terminate SSL traffic.
type: string
secretNamespace:
- description: SecretNamespace is the namespace of the secret used to terminate SSL traffic. If not set the namespace should be assumed to be the same as the Ingress. If set the secret should have the same namespace as the Ingress otherwise the behaviour is undefined and not supported.
+ description: |-
+ SecretNamespace is the namespace of the secret used to terminate SSL traffic.
+ If not set the namespace should be assumed to be the same as the Ingress.
+ If set the secret should have the same namespace as the Ingress otherwise
+ the behaviour is undefined and not supported.
type: string
status:
- description: 'Status is the current state of the Ingress. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+ description: |-
+ Status is the current state of the Ingress.
+ More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
type: object
properties:
annotations:
- description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
+ description: |-
+ Annotations is additional Status fields for the Resource to save some
+ additional State as well as convey more information to the user. This is
+ roughly akin to Annotations on any k8s resource, just the reconciler conveying
+ richer information outwards.
type: object
additionalProperties:
type: string
@@ -1788,14 +2699,19 @@ spec:
description: Conditions the latest available observations of a resource's current state.
type: array
items:
- description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties'
+ description: |-
+ Condition defines a readiness condition for a Knative resource.
+ See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
type: object
required:
- status
- type
properties:
lastTransitionTime:
- description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).
+ description: |-
+ LastTransitionTime is the last time the condition transitioned from one status to another.
+ We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
+ differences (all other things held constant).
type: string
message:
description: A human readable message indicating details about the transition.
@@ -1804,7 +2720,9 @@ spec:
description: The reason for the condition's last transition.
type: string
severity:
- description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.
+ description: |-
+ Severity with which to treat failures of this type of condition.
+ When this is not specified, it defaults to Error.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
@@ -1813,7 +2731,9 @@ spec:
description: Type of condition.
type: string
observedGeneration:
- description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.
+ description: |-
+ ObservedGeneration is the 'Generation' of the Service that
+ was last processed by the controller.
type: integer
format: int64
privateLoadBalancer:
@@ -1821,20 +2741,33 @@ spec:
type: object
properties:
ingress:
- description: Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points.
+ description: |-
+ Ingress is a list containing ingress points for the load-balancer.
+ Traffic intended for the service should be sent to these ingress points.
type: array
items:
- description: 'LoadBalancerIngressStatus represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.'
+ description: |-
+ LoadBalancerIngressStatus represents the status of a load-balancer ingress point:
+ traffic intended for the service should be sent to an ingress point.
type: object
properties:
domain:
- description: Domain is set for load-balancer ingress points that are DNS based (typically AWS load-balancers)
+ description: |-
+ Domain is set for load-balancer ingress points that are DNS based
+ (typically AWS load-balancers)
type: string
domainInternal:
- description: "DomainInternal is set if there is a cluster-local DNS name to access the Ingress. \n NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local DNS name to allow routing in case of not having a mesh."
+ description: |-
+ DomainInternal is set if there is a cluster-local DNS name to access the Ingress.
+
+
+ NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local
+ DNS name to allow routing in case of not having a mesh.
type: string
ip:
- description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers)
+ description: |-
+ IP is set for load-balancer ingress points that are IP based
+ (typically GCE or OpenStack load-balancers)
type: string
meshOnly:
description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh.
@@ -1844,20 +2777,33 @@ spec:
type: object
properties:
ingress:
- description: Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points.
+ description: |-
+ Ingress is a list containing ingress points for the load-balancer.
+ Traffic intended for the service should be sent to these ingress points.
type: array
items:
- description: 'LoadBalancerIngressStatus represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.'
+ description: |-
+ LoadBalancerIngressStatus represents the status of a load-balancer ingress point:
+ traffic intended for the service should be sent to an ingress point.
type: object
properties:
domain:
- description: Domain is set for load-balancer ingress points that are DNS based (typically AWS load-balancers)
+ description: |-
+ Domain is set for load-balancer ingress points that are DNS based
+ (typically AWS load-balancers)
type: string
domainInternal:
- description: "DomainInternal is set if there is a cluster-local DNS name to access the Ingress. \n NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local DNS name to allow routing in case of not having a mesh."
+ description: |-
+ DomainInternal is set if there is a cluster-local DNS name to access the Ingress.
+
+
+ NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local
+ DNS name to allow routing in case of not having a mesh.
type: string
ip:
- description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers)
+ description: |-
+ IP is set for load-balancer ingress points that are IP based
+ (typically GCE or OpenStack load-balancers)
type: string
meshOnly:
description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh.
@@ -1887,7 +2833,7 @@ metadata:
name: metrics.autoscaling.internal.knative.dev
labels:
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
knative.dev/crd-install: "true"
spec:
group: autoscaling.internal.knative.dev
@@ -1918,10 +2864,19 @@ spec:
type: object
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -1949,7 +2904,11 @@ spec:
type: object
properties:
annotations:
- description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
+ description: |-
+ Annotations is additional Status fields for the Resource to save some
+ additional State as well as convey more information to the user. This is
+ roughly akin to Annotations on any k8s resource, just the reconciler conveying
+ richer information outwards.
type: object
additionalProperties:
type: string
@@ -1957,14 +2916,19 @@ spec:
description: Conditions the latest available observations of a resource's current state.
type: array
items:
- description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties'
+ description: |-
+ Condition defines a readiness condition for a Knative resource.
+ See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
type: object
required:
- status
- type
properties:
lastTransitionTime:
- description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).
+ description: |-
+ LastTransitionTime is the last time the condition transitioned from one status to another.
+ We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
+ differences (all other things held constant).
type: string
message:
description: A human readable message indicating details about the transition.
@@ -1973,7 +2937,9 @@ spec:
description: The reason for the condition's last transition.
type: string
severity:
- description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.
+ description: |-
+ Severity with which to treat failures of this type of condition.
+ When this is not specified, it defaults to Error.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
@@ -1982,7 +2948,9 @@ spec:
description: Type of condition.
type: string
observedGeneration:
- description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.
+ description: |-
+ ObservedGeneration is the 'Generation' of the Service that
+ was last processed by the controller.
type: integer
format: int64
---
@@ -1992,7 +2960,7 @@ metadata:
name: podautoscalers.autoscaling.internal.knative.dev
labels:
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
knative.dev/crd-install: "true"
spec:
group: autoscaling.internal.knative.dev
@@ -2028,14 +2996,27 @@ spec:
jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
schema:
openAPIV3Schema:
- description: 'PodAutoscaler is a Knative abstraction that encapsulates the interface by which Knative components instantiate autoscalers. This definition is an abstraction that may be backed by multiple definitions. For more information, see the Knative Pluggability presentation: https://docs.google.com/presentation/d/19vW9HFZ6Puxt31biNZF3uLRejDmu82rxJIk1cWmxF7w/edit'
+ description: |-
+ PodAutoscaler is a Knative abstraction that encapsulates the interface by which Knative
+ components instantiate autoscalers. This definition is an abstraction that may be backed
+ by multiple definitions. For more information, see the Knative Pluggability presentation:
+ https://docs.google.com/presentation/d/19vW9HFZ6Puxt31biNZF3uLRejDmu82rxJIk1cWmxF7w/edit
type: object
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -2047,27 +3028,38 @@ spec:
- scaleTargetRef
properties:
containerConcurrency:
- description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means unlimited concurrency.
+ description: |-
+ ContainerConcurrency specifies the maximum allowed
+ in-flight (concurrent) requests per container of the Revision.
+ Defaults to `0` which means unlimited concurrency.
type: integer
format: int64
protocolType:
description: The application-layer protocol. Matches `ProtocolType` inferred from the revision spec.
type: string
reachability:
- description: Reachability specifies whether or not the `ScaleTargetRef` can be reached (ie. has a route). Defaults to `ReachabilityUnknown`
+ description: |-
+ Reachability specifies whether or not the `ScaleTargetRef` can be reached (ie. has a route).
+ Defaults to `ReachabilityUnknown`
type: string
scaleTargetRef:
- description: ScaleTargetRef defines the /scale-able resource that this PodAutoscaler is responsible for quickly right-sizing.
+ description: |-
+ ScaleTargetRef defines the /scale-able resource that this PodAutoscaler
+ is responsible for quickly right-sizing.
type: object
properties:
apiVersion:
description: API version of the referent.
type: string
kind:
- description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
x-kubernetes-map-type: atomic
status:
@@ -2082,7 +3074,11 @@ spec:
type: integer
format: int32
annotations:
- description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
+ description: |-
+ Annotations is additional Status fields for the Resource to save some
+ additional State as well as convey more information to the user. This is
+ roughly akin to Annotations on any k8s resource, just the reconciler conveying
+ richer information outwards.
type: object
additionalProperties:
type: string
@@ -2090,14 +3086,19 @@ spec:
description: Conditions the latest available observations of a resource's current state.
type: array
items:
- description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties'
+ description: |-
+ Condition defines a readiness condition for a Knative resource.
+ See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
type: object
required:
- status
- type
properties:
lastTransitionTime:
- description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).
+ description: |-
+ LastTransitionTime is the last time the condition transitioned from one status to another.
+ We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
+ differences (all other things held constant).
type: string
message:
description: A human readable message indicating details about the transition.
@@ -2106,7 +3107,9 @@ spec:
description: The reason for the condition's last transition.
type: string
severity:
- description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.
+ description: |-
+ Severity with which to treat failures of this type of condition.
+ When this is not specified, it defaults to Error.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
@@ -2119,14 +3122,20 @@ spec:
type: integer
format: int32
metricsServiceName:
- description: MetricsServiceName is the K8s Service name that provides revision metrics. The service is managed by the PA object.
+ description: |-
+ MetricsServiceName is the K8s Service name that provides revision metrics.
+ The service is managed by the PA object.
type: string
observedGeneration:
- description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.
+ description: |-
+ ObservedGeneration is the 'Generation' of the Service that
+ was last processed by the controller.
type: integer
format: int64
serviceName:
- description: ServiceName is the K8s Service name that serves the revision, scaled by this PA. The service is created and owned by the ServerlessService object owned by this PA.
+ description: |-
+ ServiceName is the K8s Service name that serves the revision, scaled by this PA.
+ The service is created and owned by the ServerlessService object owned by this PA.
type: string
---
apiVersion: apiextensions.k8s.io/v1
@@ -2135,7 +3144,7 @@ metadata:
name: revisions.serving.knative.dev
labels:
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
knative.dev/crd-install: "true"
spec:
group: serving.knative.dev
@@ -2160,9 +3169,6 @@ spec:
- name: Config Name
type: string
jsonPath: ".metadata.labels['serving\\.knative\\.dev/configuration']"
- - name: K8s Service Name
- type: string
- jsonPath: ".status.serviceName"
- name: Generation
type: string
jsonPath: ".metadata.labels['serving\\.knative\\.dev/configurationGeneration']"
@@ -2180,14 +3186,29 @@ spec:
jsonPath: ".status.desiredReplicas"
schema:
openAPIV3Schema:
- description: "Revision is an immutable snapshot of code and configuration. A revision references a container image. Revisions are created by updates to a Configuration. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#revision"
+ description: |-
+ Revision is an immutable snapshot of code and configuration. A revision
+ references a container image. Revisions are created by updates to a
+ Configuration.
+
+
+ See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#revision
type: object
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -2205,28 +3226,56 @@ spec:
description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.
type: boolean
containerConcurrency:
- description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler.
+ description: |-
+ ContainerConcurrency specifies the maximum allowed in-flight (concurrent)
+ requests per container of the Revision. Defaults to `0` which means
+ concurrency to the application is not limited, and the system decides the
+ target concurrency for the autoscaler.
type: integer
format: int64
containers:
- description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.
+ description: |-
+ List of containers belonging to the pod.
+ Containers cannot currently be added or removed.
+ There must be at least one container in a Pod.
+ Cannot be updated.
type: array
items:
description: A single application container that you want to run within a pod.
type: object
properties:
args:
- description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ description: |-
+ Arguments to the entrypoint.
+ The container image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
type: array
items:
type: string
+ x-kubernetes-list-type: atomic
command:
- description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The container image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
type: array
items:
type: string
+ x-kubernetes-list-type: atomic
env:
- description: List of environment variables to set in the container. Cannot be updated.
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
type: array
items:
description: EnvVar represents an environment variable present in a Container.
@@ -2238,7 +3287,16 @@ spec:
description: Name of the environment variable. Must be a C_IDENTIFIER.
type: string
value:
- description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".'
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
type: string
valueFrom:
description: Source for the environment variable's value. Cannot be used if value is not empty.
@@ -2254,8 +3312,16 @@ spec:
description: The key to select.
type: string
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
+ default: ""
optional:
description: Specify whether the ConfigMap or its key must be defined
type: boolean
@@ -2280,14 +3346,31 @@ spec:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
+ default: ""
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
x-kubernetes-map-type: atomic
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
envFrom:
- description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
type: array
items:
description: EnvFromSource represents the source of a set of ConfigMaps
@@ -2298,8 +3381,16 @@ spec:
type: object
properties:
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
+ default: ""
optional:
description: Specify whether the ConfigMap must be defined
type: boolean
@@ -2312,20 +3403,42 @@ spec:
type: object
properties:
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
+ default: ""
optional:
description: Specify whether the Secret must be defined
type: boolean
x-kubernetes-map-type: atomic
+ x-kubernetes-list-type: atomic
image:
- description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.'
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
type: string
imagePullPolicy:
- description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
type: string
livenessProbe:
- description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Periodic probe of container liveness.
+ Container will be restarted if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: object
properties:
exec:
@@ -2333,12 +3446,20 @@ spec:
type: object
properties:
command:
- description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
type: array
items:
type: string
+ x-kubernetes-list-type: atomic
failureThreshold:
- description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
type: integer
format: int32
grpc:
@@ -2352,14 +3473,21 @@ spec:
type: integer
format: int32
service:
- description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC."
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
type: string
httpGet:
description: HTTPGet specifies the http request to perform.
type: object
properties:
host:
- description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP allows repeated headers.
@@ -2372,25 +3500,35 @@ spec:
- value
properties:
name:
- description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
type: string
value:
description: The header field value
type: string
+ x-kubernetes-list-type: atomic
path:
description: Path to access on the HTTP server.
type: string
port:
- description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
- description: Scheme to use for connecting to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
initialDelaySeconds:
- description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: integer
format: int32
periodSeconds:
@@ -2398,7 +3536,9 @@ spec:
type: integer
format: int32
successThreshold:
- description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
type: integer
format: int32
tcpSocket:
@@ -2409,20 +3549,36 @@ spec:
description: 'Optional: Host name to connect to, defaults to the pod IP.'
type: string
port:
- description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
timeoutSeconds:
- description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: integer
format: int32
name:
- description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
+ description: |-
+ Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
type: string
ports:
- description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
+ description: |-
+ List of ports to expose from the container. Not specifying a port here
+ DOES NOT prevent that port from being exposed. Any port which is
+ listening on the default "0.0.0.0" address inside a container will be
+ accessible from the network.
+ Modifying this array with strategic merge patch may corrupt the data.
+ For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
type: array
items:
description: ContainerPort represents a network port in a single container.
@@ -2431,14 +3587,21 @@ spec:
- containerPort
properties:
containerPort:
- description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
type: integer
format: int32
name:
- description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
type: string
protocol:
- description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
type: string
default: TCP
x-kubernetes-list-map-keys:
@@ -2446,7 +3609,11 @@ spec:
- protocol
x-kubernetes-list-type: map
readinessProbe:
- description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: object
properties:
exec:
@@ -2454,12 +3621,20 @@ spec:
type: object
properties:
command:
- description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
type: array
items:
type: string
+ x-kubernetes-list-type: atomic
failureThreshold:
- description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
type: integer
format: int32
grpc:
@@ -2473,14 +3648,21 @@ spec:
type: integer
format: int32
service:
- description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC."
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
type: string
httpGet:
description: HTTPGet specifies the http request to perform.
type: object
properties:
host:
- description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP allows repeated headers.
@@ -2493,25 +3675,35 @@ spec:
- value
properties:
name:
- description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
type: string
value:
description: The header field value
type: string
+ x-kubernetes-list-type: atomic
path:
description: Path to access on the HTTP server.
type: string
port:
- description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
- description: Scheme to use for connecting to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
initialDelaySeconds:
- description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: integer
format: int32
periodSeconds:
@@ -2519,7 +3711,9 @@ spec:
type: integer
format: int32
successThreshold:
- description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
type: integer
format: int32
tcpSocket:
@@ -2530,21 +3724,39 @@ spec:
description: 'Optional: Host name to connect to, defaults to the pod IP.'
type: string
port:
- description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
timeoutSeconds:
- description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: integer
format: int32
resources:
- description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Compute Resources required by this container.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
properties:
claims:
- description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
type: array
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
@@ -2553,13 +3765,18 @@ spec:
- name
properties:
name:
- description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
type: string
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
- description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
additionalProperties:
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -2568,7 +3785,11 @@ spec:
- type: string
x-kubernetes-int-or-string: true
requests:
- description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
additionalProperties:
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -2577,14 +3798,27 @@ spec:
- type: string
x-kubernetes-int-or-string: true
securityContext:
- description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ description: |-
+ SecurityContext defines the security options the container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
type: object
properties:
allowPrivilegeEscalation:
- description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.'
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
type: boolean
capabilities:
- description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
type: object
properties:
add:
@@ -2593,46 +3827,232 @@ spec:
items:
description: Capability represent POSIX capabilities type
type: string
+ x-kubernetes-list-type: atomic
drop:
description: Removed capabilities
type: array
items:
description: Capability represent POSIX capabilities type
type: string
+ x-kubernetes-list-type: atomic
readOnlyRootFilesystem:
- description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
type: boolean
runAsGroup:
- description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
type: integer
format: int64
runAsNonRoot:
- description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
type: boolean
runAsUser:
- description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
type: integer
format: int64
seccompProfile:
- description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
type: object
required:
- type
properties:
localhostProfile:
- description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
type: string
type:
- description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ startupProbe:
+ description: |-
+ StartupProbe indicates that the Pod has successfully initialized.
+ If specified, no other probes are executed until this completes successfully.
+ If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+ when it might take a long time to load data or warm a cache, than during steady-state operation.
+ This cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: object
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ type: object
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ type: array
+ items:
+ type: string
+ x-kubernetes-list-type: atomic
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ type: integer
+ format: int32
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ type: object
+ required:
+ - port
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must be in the range 1 to 65535.
+ type: integer
+ format: int32
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
type: string
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ type: object
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ type: array
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ type: object
+ required:
+ - name
+ - value
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ type: integer
+ format: int32
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ type: integer
+ format: int32
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP port.
+ type: object
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
terminationMessagePath:
- description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.'
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
type: string
terminationMessagePolicy:
- description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
type: string
volumeMounts:
- description: Pod volumes to mount into the container's filesystem. Cannot be updated.
+ description: |-
+ Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
type: array
items:
description: VolumeMount describes a mounting of a Volume within a container.
@@ -2642,19 +4062,32 @@ spec:
- name
properties:
mountPath:
- description: Path within the container at which the volume should be mounted. Must not contain ':'.
+ description: |-
+ Path within the container at which the volume should be mounted. Must
+ not contain ':'.
type: string
name:
description: This must match the Name of a Volume.
type: string
readOnly:
- description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
type: boolean
subPath:
- description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
type: string
+ x-kubernetes-list-map-keys:
+ - mountPath
+ x-kubernetes-list-type: map
workingDir:
- description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
type: string
dnsConfig:
description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig
@@ -2673,23 +4106,67 @@ spec:
description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases
type: object
x-kubernetes-preserve-unknown-fields: true
+ hostIPC:
+ description: This is accessible behind a feature flag - kubernetes.podspec-hostipc
+ type: boolean
+ x-kubernetes-preserve-unknown-fields: true
+ hostNetwork:
+ description: This is accessible behind a feature flag - kubernetes.podspec-hostnetwork
+ type: boolean
+ x-kubernetes-preserve-unknown-fields: true
+ hostPID:
+ description: This is accessible behind a feature flag - kubernetes.podspec-hostpid
+ type: boolean
+ x-kubernetes-preserve-unknown-fields: true
idleTimeoutSeconds:
- description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided.
+ description: |-
+ IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed
+ to stay open while not receiving any bytes from the user's application. If
+ unspecified, a system default will be provided.
type: integer
format: int64
imagePullSecrets:
- description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod'
+ description: |-
+ ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
+ If specified, these secrets will be passed to individual puller implementations for them to use.
+ More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
type: array
items:
- description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
type: object
properties:
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
+ default: ""
x-kubernetes-map-type: atomic
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
initContainers:
- description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/'
+ description: |-
+ List of initialization containers belonging to the pod.
+ Init containers are executed in order prior to containers being started. If any
+ init container fails, the pod is considered to have failed and is handled according
+ to its restartPolicy. The name for an init container or normal container must be
+ unique among all containers.
+ Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
+ The resourceRequirements of an init container are taken into account during scheduling
+ by finding the highest request/limit for each resource type, and then using the max of
+ of that value or the sum of the normal containers. Limits are applied to init containers
+ in a similar fashion.
+ Init containers cannot currently be added or removed.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
type: array
items:
description: This is accessible behind a feature flag - kubernetes.podspec-init-containers
@@ -2705,7 +4182,10 @@ spec:
type: string
x-kubernetes-preserve-unknown-fields: true
responseStartTimeoutSeconds:
- description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic.
+ description: |-
+ ResponseStartTimeoutSeconds is the maximum duration in seconds that the request
+ routing layer will wait for a request delivered to a container to begin
+ sending any network traffic.
type: integer
format: int64
runtimeClassName:
@@ -2721,14 +4201,19 @@ spec:
type: object
x-kubernetes-preserve-unknown-fields: true
serviceAccountName:
- description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/'
+ description: |-
+ ServiceAccountName is the name of the ServiceAccount to use to run this pod.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
type: string
shareProcessNamespace:
description: This is accessible behind a feature flag - kubernetes.podspec-shareproccessnamespace
type: boolean
x-kubernetes-preserve-unknown-fields: true
timeoutSeconds:
- description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided.
+ description: |-
+ TimeoutSeconds is the maximum duration in seconds that the request instance
+ is allowed to respond to a request. If unspecified, a system default will
+ be provided.
type: integer
format: int64
tolerations:
@@ -2738,6 +4223,7 @@ spec:
description: This is accessible behind a feature flag - kubernetes.podspec-tolerations
type: object
x-kubernetes-preserve-unknown-fields: true
+ x-kubernetes-list-type: atomic
topologySpreadConstraints:
description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints
type: array
@@ -2746,7 +4232,9 @@ spec:
type: object
x-kubernetes-preserve-unknown-fields: true
volumes:
- description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes'
+ description: |-
+ List of volumes that can be mounted by containers belonging to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes
type: array
items:
description: Volume represents a named volume in a pod that may be accessed by any container in the pod.
@@ -2759,11 +4247,25 @@ spec:
type: object
properties:
defaultMode:
- description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
+ description: |-
+ defaultMode is optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
items:
- description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
type: array
items:
description: Maps a string key to a path within a volume.
@@ -2776,15 +4278,34 @@ spec:
description: key is the key to project.
type: string
mode:
- description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
path:
- description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
type: string
+ x-kubernetes-list-type: atomic
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
+ default: ""
optional:
description: optional specify whether the ConfigMap or its keys must be defined
type: boolean
@@ -2794,7 +4315,10 @@ spec:
type: object
x-kubernetes-preserve-unknown-fields: true
name:
- description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ description: |-
+ name of the volume.
+ Must be a DNS_LABEL and unique within the pod.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
persistentVolumeClaim:
description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim
@@ -2805,7 +4329,13 @@ spec:
type: object
properties:
defaultMode:
- description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ description: |-
+ defaultMode are the mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
sources:
@@ -2820,7 +4350,14 @@ spec:
type: object
properties:
items:
- description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
type: array
items:
description: Maps a string key to a path within a volume.
@@ -2833,15 +4370,34 @@ spec:
description: key is the key to project.
type: string
mode:
- description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
path:
- description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
type: string
+ x-kubernetes-list-type: atomic
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
+ default: ""
optional:
description: optional specify whether the ConfigMap or its keys must be defined
type: boolean
@@ -2860,7 +4416,7 @@ spec:
- path
properties:
fieldRef:
- description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.'
+ description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.'
type: object
required:
- fieldPath
@@ -2873,14 +4429,22 @@ spec:
type: string
x-kubernetes-map-type: atomic
mode:
- description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
+ description: |-
+ Optional: mode bits used to set permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
path:
description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..'''
type: string
resourceFieldRef:
- description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.'
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
type: object
required:
- resource
@@ -2899,12 +4463,20 @@ spec:
description: 'Required: resource to select'
type: string
x-kubernetes-map-type: atomic
+ x-kubernetes-list-type: atomic
secret:
description: secret information about the secret data to project
type: object
properties:
items:
- description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
type: array
items:
description: Maps a string key to a path within a volume.
@@ -2917,15 +4489,34 @@ spec:
description: key is the key to project.
type: string
mode:
- description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
path:
- description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
type: string
+ x-kubernetes-list-type: atomic
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
+ default: ""
optional:
description: optional field specify whether the Secret or its key must be defined
type: boolean
@@ -2937,25 +4528,54 @@ spec:
- path
properties:
audience:
- description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
+ description: |-
+ audience is the intended audience of the token. A recipient of a token
+ must identify itself with an identifier specified in the audience of the
+ token, and otherwise should reject the token. The audience defaults to the
+ identifier of the apiserver.
type: string
expirationSeconds:
- description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
+ description: |-
+ expirationSeconds is the requested duration of validity of the service
+ account token. As the token approaches expiration, the kubelet volume
+ plugin will proactively rotate the service account token. The kubelet will
+ start trying to rotate the token if the token is older than 80 percent of
+ its time to live or if the token is older than 24 hours.Defaults to 1 hour
+ and must be at least 10 minutes.
type: integer
format: int64
path:
- description: path is the path relative to the mount point of the file to project the token into.
+ description: |-
+ path is the path relative to the mount point of the file to project the
+ token into.
type: string
+ x-kubernetes-list-type: atomic
secret:
- description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ description: |-
+ secret represents a secret that should populate this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
type: object
properties:
defaultMode:
- description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
+ description: |-
+ defaultMode is Optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values
+ for mode bits. Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
items:
- description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ description: |-
+ items If unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
type: array
items:
description: Maps a string key to a path within a volume.
@@ -2968,18 +4588,34 @@ spec:
description: key is the key to project.
type: string
mode:
- description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
path:
- description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
type: string
+ x-kubernetes-list-type: atomic
optional:
description: optional field specify whether the Secret or its keys must be defined
type: boolean
secretName:
- description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ description: |-
+ secretName is the name of the secret in the pod's namespace to use.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
type: string
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
status:
description: RevisionStatus communicates the observed state of the Revision (from the controller).
type: object
@@ -2989,7 +4625,11 @@ spec:
type: integer
format: int32
annotations:
- description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
+ description: |-
+ Annotations is additional Status fields for the Resource to save some
+ additional State as well as convey more information to the user. This is
+ roughly akin to Annotations on any k8s resource, just the reconciler conveying
+ richer information outwards.
type: object
additionalProperties:
type: string
@@ -2997,14 +4637,19 @@ spec:
description: Conditions the latest available observations of a resource's current state.
type: array
items:
- description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties'
+ description: |-
+ Condition defines a readiness condition for a Knative resource.
+ See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
type: object
required:
- status
- type
properties:
lastTransitionTime:
- description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).
+ description: |-
+ LastTransitionTime is the last time the condition transitioned from one status to another.
+ We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
+ differences (all other things held constant).
type: string
message:
description: A human readable message indicating details about the transition.
@@ -3013,7 +4658,9 @@ spec:
description: The reason for the condition's last transition.
type: string
severity:
- description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.
+ description: |-
+ Severity with which to treat failures of this type of condition.
+ When this is not specified, it defaults to Error.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
@@ -3022,7 +4669,13 @@ spec:
description: Type of condition.
type: string
containerStatuses:
- description: 'ContainerStatuses is a slice of images present in .Spec.Container[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests'
+ description: |-
+ ContainerStatuses is a slice of images present in .Spec.Container[*].Image
+ to their respective digests and their container name.
+ The digests are resolved during the creation of Revision.
+ ContainerStatuses holds the container name and image digests
+ for both serving and non serving containers.
+ ref: http://bit.ly/image-digests
type: array
items:
description: ContainerStatus holds the information of container name and image digest value
@@ -3037,7 +4690,13 @@ spec:
type: integer
format: int32
initContainerStatuses:
- description: 'InitContainerStatuses is a slice of images present in .Spec.InitContainer[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests'
+ description: |-
+ InitContainerStatuses is a slice of images present in .Spec.InitContainer[*].Image
+ to their respective digests and their container name.
+ The digests are resolved during the creation of Revision.
+ ContainerStatuses holds the container name and image digests
+ for both serving and non serving containers.
+ ref: http://bit.ly/image-digests
type: array
items:
description: ContainerStatus holds the information of container name and image digest value
@@ -3048,10 +4707,14 @@ spec:
name:
type: string
logUrl:
- description: LogURL specifies the generated logging url for this particular revision based on the revision url template specified in the controller's config.
+ description: |-
+ LogURL specifies the generated logging url for this particular revision
+ based on the revision url template specified in the controller's config.
type: string
observedGeneration:
- description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.
+ description: |-
+ ObservedGeneration is the 'Generation' of the Service that
+ was last processed by the controller.
type: integer
format: int64
---
@@ -3061,7 +4724,7 @@ metadata:
name: routes.serving.knative.dev
labels:
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
knative.dev/crd-install: "true"
duck.knative.dev/addressable: "true"
spec:
@@ -3095,14 +4758,29 @@ spec:
jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
schema:
openAPIV3Schema:
- description: 'Route is responsible for configuring ingress over a collection of Revisions. Some of the Revisions a Route distributes traffic over may be specified by referencing the Configuration responsible for creating them; in these cases the Route is additionally responsible for monitoring the Configuration for "latest ready revision" changes, and smoothly rolling out latest revisions. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#route'
+ description: |-
+ Route is responsible for configuring ingress over a collection of Revisions.
+ Some of the Revisions a Route distributes traffic over may be specified by
+ referencing the Configuration responsible for creating them; in these cases
+ the Route is additionally responsible for monitoring the Configuration for
+ "latest ready revision" changes, and smoothly rolling out latest revisions.
+ See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#route
type: object
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -3111,30 +4789,57 @@ spec:
type: object
properties:
traffic:
- description: Traffic specifies how to distribute traffic over a collection of revisions and configurations.
+ description: |-
+ Traffic specifies how to distribute traffic over a collection of
+ revisions and configurations.
type: array
items:
description: TrafficTarget holds a single entry of the routing table for a Route.
type: object
properties:
configurationName:
- description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName.
+ description: |-
+ ConfigurationName of a configuration to whose latest revision we will send
+ this portion of traffic. When the "status.latestReadyRevisionName" of the
+ referenced configuration changes, we will automatically migrate traffic
+ from the prior "latest ready" revision to the new one. This field is never
+ set in Route's status, only its spec. This is mutually exclusive with
+ RevisionName.
type: string
latestRevision:
- description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty.
+ description: |-
+ LatestRevision may be optionally provided to indicate that the latest
+ ready Revision of the Configuration should be used for this traffic
+ target. When provided LatestRevision must be true if RevisionName is
+ empty; it must be false when RevisionName is non-empty.
type: boolean
percent:
- description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration'
+ description: |-
+ Percent indicates that percentage based routing should be used and
+ the value indicates the percent of traffic that is be routed to this
+ Revision or Configuration. `0` (zero) mean no traffic, `100` means all
+ traffic.
+ When percentage based routing is being used the follow rules apply:
+ - the sum of all percent values must equal 100
+ - when not specified, the implied value for `percent` is zero for
+ that particular Revision or Configuration
type: integer
format: int64
revisionName:
- description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName.
+ description: |-
+ RevisionName of a specific revision to which to send this portion of
+ traffic. This is mutually exclusive with ConfigurationName.
type: string
tag:
- description: Tag is optionally used to expose a dedicated url for referencing this target exclusively.
+ description: |-
+ Tag is optionally used to expose a dedicated url for referencing
+ this target exclusively.
type: string
url:
- description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.)
+ description: |-
+ URL displays the URL for accessing named traffic targets. URL is displayed in
+ status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and
+ a hostname, but may not contain anything else (e.g. basic auth, url path, etc.)
type: string
status:
description: Status communicates the observed state of the Route (from the controller).
@@ -3145,7 +4850,9 @@ spec:
type: object
properties:
CACerts:
- description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468.
+ description: |-
+ CACerts is the Certification Authority (CA) certificates in PEM format
+ according to https://www.rfc-editor.org/rfc/rfc7468.
type: string
audience:
description: Audience is the OIDC audience for this address.
@@ -3156,7 +4863,11 @@ spec:
url:
type: string
annotations:
- description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
+ description: |-
+ Annotations is additional Status fields for the Resource to save some
+ additional State as well as convey more information to the user. This is
+ roughly akin to Annotations on any k8s resource, just the reconciler conveying
+ richer information outwards.
type: object
additionalProperties:
type: string
@@ -3164,14 +4875,19 @@ spec:
description: Conditions the latest available observations of a resource's current state.
type: array
items:
- description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties'
+ description: |-
+ Condition defines a readiness condition for a Knative resource.
+ See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
type: object
required:
- status
- type
properties:
lastTransitionTime:
- description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).
+ description: |-
+ LastTransitionTime is the last time the condition transitioned from one status to another.
+ We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
+ differences (all other things held constant).
type: string
message:
description: A human readable message indicating details about the transition.
@@ -3180,7 +4896,9 @@ spec:
description: The reason for the condition's last transition.
type: string
severity:
- description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.
+ description: |-
+ Severity with which to treat failures of this type of condition.
+ When this is not specified, it defaults to Error.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
@@ -3189,37 +4907,70 @@ spec:
description: Type of condition.
type: string
observedGeneration:
- description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.
+ description: |-
+ ObservedGeneration is the 'Generation' of the Service that
+ was last processed by the controller.
type: integer
format: int64
traffic:
- description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed.
+ description: |-
+ Traffic holds the configured traffic distribution.
+ These entries will always contain RevisionName references.
+ When ConfigurationName appears in the spec, this will hold the
+ LatestReadyRevisionName that we last observed.
type: array
items:
description: TrafficTarget holds a single entry of the routing table for a Route.
type: object
properties:
configurationName:
- description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName.
+ description: |-
+ ConfigurationName of a configuration to whose latest revision we will send
+ this portion of traffic. When the "status.latestReadyRevisionName" of the
+ referenced configuration changes, we will automatically migrate traffic
+ from the prior "latest ready" revision to the new one. This field is never
+ set in Route's status, only its spec. This is mutually exclusive with
+ RevisionName.
type: string
latestRevision:
- description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty.
+ description: |-
+ LatestRevision may be optionally provided to indicate that the latest
+ ready Revision of the Configuration should be used for this traffic
+ target. When provided LatestRevision must be true if RevisionName is
+ empty; it must be false when RevisionName is non-empty.
type: boolean
percent:
- description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration'
+ description: |-
+ Percent indicates that percentage based routing should be used and
+ the value indicates the percent of traffic that is be routed to this
+ Revision or Configuration. `0` (zero) mean no traffic, `100` means all
+ traffic.
+ When percentage based routing is being used the follow rules apply:
+ - the sum of all percent values must equal 100
+ - when not specified, the implied value for `percent` is zero for
+ that particular Revision or Configuration
type: integer
format: int64
revisionName:
- description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName.
+ description: |-
+ RevisionName of a specific revision to which to send this portion of
+ traffic. This is mutually exclusive with ConfigurationName.
type: string
tag:
- description: Tag is optionally used to expose a dedicated url for referencing this target exclusively.
+ description: |-
+ Tag is optionally used to expose a dedicated url for referencing
+ this target exclusively.
type: string
url:
- description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.)
+ description: |-
+ URL displays the URL for accessing named traffic targets. URL is displayed in
+ status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and
+ a hostname, but may not contain anything else (e.g. basic auth, url path, etc.)
type: string
url:
- description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix}
+ description: |-
+ URL holds the url that will distribute traffic over the provided traffic targets.
+ It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix}
type: string
---
apiVersion: apiextensions.k8s.io/v1
@@ -3229,7 +4980,7 @@ metadata:
labels:
app.kubernetes.io/name: knative-serving
app.kubernetes.io/component: networking
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
knative.dev/crd-install: "true"
spec:
group: networking.internal.knative.dev
@@ -3241,19 +4992,34 @@ spec:
status: {}
schema:
openAPIV3Schema:
- description: 'ServerlessService is a proxy for the K8s service objects containing the endpoints for the revision, whether those are endpoints of the activator or revision pods. See: https://knative.page.link/naxz for details.'
+ description: |-
+ ServerlessService is a proxy for the K8s service objects containing the
+ endpoints for the revision, whether those are endpoints of the activator or
+ revision pods.
+ See: https://knative.page.link/naxz for details.
type: object
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
- description: 'Spec is the desired state of the ServerlessService. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+ description: |-
+ Spec is the desired state of the ServerlessService.
+ More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
type: object
required:
- objectRef
@@ -3263,44 +5029,75 @@ spec:
description: Mode describes the mode of operation of the ServerlessService.
type: string
numActivators:
- description: NumActivators contains number of Activators that this revision should be assigned. O means — assign all.
+ description: |-
+ NumActivators contains number of Activators that this revision should be
+ assigned.
+ O means — assign all.
type: integer
format: int32
objectRef:
- description: ObjectRef defines the resource that this ServerlessService is responsible for making "serverless".
+ description: |-
+ ObjectRef defines the resource that this ServerlessService
+ is responsible for making "serverless".
type: object
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
- description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.'
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
- description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
- description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
- description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
- description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
x-kubernetes-map-type: atomic
protocolType:
- description: The application-layer protocol. Matches `RevisionProtocolType` set on the owning pa/revision. serving imports networking, so just use string.
+ description: |-
+ The application-layer protocol. Matches `RevisionProtocolType` set on the owning pa/revision.
+ serving imports networking, so just use string.
type: string
status:
- description: 'Status is the current state of the ServerlessService. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+ description: |-
+ Status is the current state of the ServerlessService.
+ More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
type: object
properties:
annotations:
- description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
+ description: |-
+ Annotations is additional Status fields for the Resource to save some
+ additional State as well as convey more information to the user. This is
+ roughly akin to Annotations on any k8s resource, just the reconciler conveying
+ richer information outwards.
type: object
additionalProperties:
type: string
@@ -3308,14 +5105,19 @@ spec:
description: Conditions the latest available observations of a resource's current state.
type: array
items:
- description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties'
+ description: |-
+ Condition defines a readiness condition for a Knative resource.
+ See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
type: object
required:
- status
- type
properties:
lastTransitionTime:
- description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).
+ description: |-
+ LastTransitionTime is the last time the condition transitioned from one status to another.
+ We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
+ differences (all other things held constant).
type: string
message:
description: A human readable message indicating details about the transition.
@@ -3324,7 +5126,9 @@ spec:
description: The reason for the condition's last transition.
type: string
severity:
- description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.
+ description: |-
+ Severity with which to treat failures of this type of condition.
+ When this is not specified, it defaults to Error.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
@@ -3333,14 +5137,20 @@ spec:
description: Type of condition.
type: string
observedGeneration:
- description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.
+ description: |-
+ ObservedGeneration is the 'Generation' of the Service that
+ was last processed by the controller.
type: integer
format: int64
privateServiceName:
- description: PrivateServiceName holds the name of a core K8s Service resource that load balances over the user service pods backing this Revision.
+ description: |-
+ PrivateServiceName holds the name of a core K8s Service resource that
+ load balances over the user service pods backing this Revision.
type: string
serviceName:
- description: ServiceName holds the name of a core K8s Service resource that load balances over the pods backing this Revision (activator or revision).
+ description: |-
+ ServiceName holds the name of a core K8s Service resource that
+ load balances over the pods backing this Revision (activator or revision).
type: string
additionalPrinterColumns:
- name: Mode
@@ -3378,7 +5188,7 @@ metadata:
name: services.serving.knative.dev
labels:
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
knative.dev/crd-install: "true"
duck.knative.dev/addressable: "true"
duck.knative.dev/podspecable: "true"
@@ -3420,19 +5230,49 @@ spec:
jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
schema:
openAPIV3Schema:
- description: "Service acts as a top-level container that manages a Route and Configuration which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership. Service acts only as an orchestrator of the underlying Routes and Configurations (much as a kubernetes Deployment orchestrates ReplicaSets), and its usage is optional but recommended. \n The Service's controller will track the statuses of its owned Configuration and Route, reflecting their statuses and conditions as its own. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#service"
+ description: |-
+ Service acts as a top-level container that manages a Route and Configuration
+ which implement a network service. Service exists to provide a singular
+ abstraction which can be access controlled, reasoned about, and which
+ encapsulates software lifecycle decisions such as rollout policy and
+ team resource ownership. Service acts only as an orchestrator of the
+ underlying Routes and Configurations (much as a kubernetes Deployment
+ orchestrates ReplicaSets), and its usage is optional but recommended.
+
+
+ The Service's controller will track the statuses of its owned Configuration
+ and Route, reflecting their statuses and conditions as its own.
+
+
+ See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#service
type: object
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
- description: ServiceSpec represents the configuration for the Service object. A Service's specification is the union of the specifications for a Route and Configuration. The Service restricts what can be expressed in these fields, e.g. the Route must reference the provided Configuration; however, these limitations also enable friendlier defaulting, e.g. Route never needs a Configuration name, and may be defaulted to the appropriate "run latest" spec.
+ description: |-
+ ServiceSpec represents the configuration for the Service object.
+ A Service's specification is the union of the specifications for a Route
+ and Configuration. The Service restricts what can be expressed in these
+ fields, e.g. the Route must reference the provided Configuration;
+ however, these limitations also enable friendlier defaulting,
+ e.g. Route never needs a Configuration name, and may be defaulted to
+ the appropriate "run latest" spec.
type: object
properties:
template:
@@ -3473,28 +5313,56 @@ spec:
description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.
type: boolean
containerConcurrency:
- description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler.
+ description: |-
+ ContainerConcurrency specifies the maximum allowed in-flight (concurrent)
+ requests per container of the Revision. Defaults to `0` which means
+ concurrency to the application is not limited, and the system decides the
+ target concurrency for the autoscaler.
type: integer
format: int64
containers:
- description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.
+ description: |-
+ List of containers belonging to the pod.
+ Containers cannot currently be added or removed.
+ There must be at least one container in a Pod.
+ Cannot be updated.
type: array
items:
description: A single application container that you want to run within a pod.
type: object
properties:
args:
- description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ description: |-
+ Arguments to the entrypoint.
+ The container image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
type: array
items:
type: string
+ x-kubernetes-list-type: atomic
command:
- description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The container image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
type: array
items:
type: string
+ x-kubernetes-list-type: atomic
env:
- description: List of environment variables to set in the container. Cannot be updated.
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
type: array
items:
description: EnvVar represents an environment variable present in a Container.
@@ -3506,7 +5374,16 @@ spec:
description: Name of the environment variable. Must be a C_IDENTIFIER.
type: string
value:
- description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".'
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
type: string
valueFrom:
description: Source for the environment variable's value. Cannot be used if value is not empty.
@@ -3522,8 +5399,16 @@ spec:
description: The key to select.
type: string
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
+ default: ""
optional:
description: Specify whether the ConfigMap or its key must be defined
type: boolean
@@ -3548,14 +5433,31 @@ spec:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
+ default: ""
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
x-kubernetes-map-type: atomic
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
envFrom:
- description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
type: array
items:
description: EnvFromSource represents the source of a set of ConfigMaps
@@ -3566,8 +5468,16 @@ spec:
type: object
properties:
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
+ default: ""
optional:
description: Specify whether the ConfigMap must be defined
type: boolean
@@ -3580,20 +5490,42 @@ spec:
type: object
properties:
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
+ default: ""
optional:
description: Specify whether the Secret must be defined
type: boolean
x-kubernetes-map-type: atomic
+ x-kubernetes-list-type: atomic
image:
- description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.'
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
type: string
imagePullPolicy:
- description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
type: string
livenessProbe:
- description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Periodic probe of container liveness.
+ Container will be restarted if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: object
properties:
exec:
@@ -3601,12 +5533,20 @@ spec:
type: object
properties:
command:
- description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
type: array
items:
type: string
+ x-kubernetes-list-type: atomic
failureThreshold:
- description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
type: integer
format: int32
grpc:
@@ -3620,14 +5560,21 @@ spec:
type: integer
format: int32
service:
- description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC."
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
type: string
httpGet:
description: HTTPGet specifies the http request to perform.
type: object
properties:
host:
- description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP allows repeated headers.
@@ -3640,25 +5587,35 @@ spec:
- value
properties:
name:
- description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
type: string
value:
description: The header field value
type: string
+ x-kubernetes-list-type: atomic
path:
description: Path to access on the HTTP server.
type: string
port:
- description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
- description: Scheme to use for connecting to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
initialDelaySeconds:
- description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: integer
format: int32
periodSeconds:
@@ -3666,7 +5623,9 @@ spec:
type: integer
format: int32
successThreshold:
- description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
type: integer
format: int32
tcpSocket:
@@ -3677,20 +5636,36 @@ spec:
description: 'Optional: Host name to connect to, defaults to the pod IP.'
type: string
port:
- description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
timeoutSeconds:
- description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: integer
format: int32
name:
- description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
+ description: |-
+ Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
type: string
ports:
- description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
+ description: |-
+ List of ports to expose from the container. Not specifying a port here
+ DOES NOT prevent that port from being exposed. Any port which is
+ listening on the default "0.0.0.0" address inside a container will be
+ accessible from the network.
+ Modifying this array with strategic merge patch may corrupt the data.
+ For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
type: array
items:
description: ContainerPort represents a network port in a single container.
@@ -3699,14 +5674,21 @@ spec:
- containerPort
properties:
containerPort:
- description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
type: integer
format: int32
name:
- description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
type: string
protocol:
- description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
type: string
default: TCP
x-kubernetes-list-map-keys:
@@ -3714,7 +5696,11 @@ spec:
- protocol
x-kubernetes-list-type: map
readinessProbe:
- description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: object
properties:
exec:
@@ -3722,12 +5708,20 @@ spec:
type: object
properties:
command:
- description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
type: array
items:
type: string
+ x-kubernetes-list-type: atomic
failureThreshold:
- description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
type: integer
format: int32
grpc:
@@ -3741,14 +5735,21 @@ spec:
type: integer
format: int32
service:
- description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC."
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
type: string
httpGet:
description: HTTPGet specifies the http request to perform.
type: object
properties:
host:
- description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP allows repeated headers.
@@ -3761,25 +5762,35 @@ spec:
- value
properties:
name:
- description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
type: string
value:
description: The header field value
type: string
+ x-kubernetes-list-type: atomic
path:
description: Path to access on the HTTP server.
type: string
port:
- description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
- description: Scheme to use for connecting to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
initialDelaySeconds:
- description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: integer
format: int32
periodSeconds:
@@ -3787,7 +5798,9 @@ spec:
type: integer
format: int32
successThreshold:
- description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
type: integer
format: int32
tcpSocket:
@@ -3798,21 +5811,39 @@ spec:
description: 'Optional: Host name to connect to, defaults to the pod IP.'
type: string
port:
- description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
timeoutSeconds:
- description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: integer
format: int32
resources:
- description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Compute Resources required by this container.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
properties:
claims:
- description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
type: array
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
@@ -3821,13 +5852,18 @@ spec:
- name
properties:
name:
- description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
type: string
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
- description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
additionalProperties:
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -3836,7 +5872,11 @@ spec:
- type: string
x-kubernetes-int-or-string: true
requests:
- description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
additionalProperties:
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -3845,14 +5885,27 @@ spec:
- type: string
x-kubernetes-int-or-string: true
securityContext:
- description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ description: |-
+ SecurityContext defines the security options the container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
type: object
properties:
allowPrivilegeEscalation:
- description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.'
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
type: boolean
capabilities:
- description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
type: object
properties:
add:
@@ -3861,46 +5914,232 @@ spec:
items:
description: Capability represent POSIX capabilities type
type: string
+ x-kubernetes-list-type: atomic
drop:
description: Removed capabilities
type: array
items:
description: Capability represent POSIX capabilities type
type: string
+ x-kubernetes-list-type: atomic
readOnlyRootFilesystem:
- description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
type: boolean
runAsGroup:
- description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
type: integer
format: int64
runAsNonRoot:
- description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
type: boolean
runAsUser:
- description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
type: integer
format: int64
seccompProfile:
- description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
type: object
required:
- type
properties:
localhostProfile:
- description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
type: string
type:
- description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ startupProbe:
+ description: |-
+ StartupProbe indicates that the Pod has successfully initialized.
+ If specified, no other probes are executed until this completes successfully.
+ If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+ when it might take a long time to load data or warm a cache, than during steady-state operation.
+ This cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: object
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ type: object
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ type: array
+ items:
+ type: string
+ x-kubernetes-list-type: atomic
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ type: integer
+ format: int32
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ type: object
+ required:
+ - port
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must be in the range 1 to 65535.
+ type: integer
+ format: int32
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ type: object
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ type: array
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ type: object
+ required:
+ - name
+ - value
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ type: integer
+ format: int32
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ type: integer
+ format: int32
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP port.
+ type: object
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
terminationMessagePath:
- description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.'
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
type: string
terminationMessagePolicy:
- description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
type: string
volumeMounts:
- description: Pod volumes to mount into the container's filesystem. Cannot be updated.
+ description: |-
+ Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
type: array
items:
description: VolumeMount describes a mounting of a Volume within a container.
@@ -3910,19 +6149,32 @@ spec:
- name
properties:
mountPath:
- description: Path within the container at which the volume should be mounted. Must not contain ':'.
+ description: |-
+ Path within the container at which the volume should be mounted. Must
+ not contain ':'.
type: string
name:
description: This must match the Name of a Volume.
type: string
readOnly:
- description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
type: boolean
subPath:
- description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
type: string
+ x-kubernetes-list-map-keys:
+ - mountPath
+ x-kubernetes-list-type: map
workingDir:
- description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
type: string
dnsConfig:
description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig
@@ -3941,23 +6193,67 @@ spec:
description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases
type: object
x-kubernetes-preserve-unknown-fields: true
+ hostIPC:
+ description: This is accessible behind a feature flag - kubernetes.podspec-hostipc
+ type: boolean
+ x-kubernetes-preserve-unknown-fields: true
+ hostNetwork:
+ description: This is accessible behind a feature flag - kubernetes.podspec-hostnetwork
+ type: boolean
+ x-kubernetes-preserve-unknown-fields: true
+ hostPID:
+ description: This is accessible behind a feature flag - kubernetes.podspec-hostpid
+ type: boolean
+ x-kubernetes-preserve-unknown-fields: true
idleTimeoutSeconds:
- description: IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed to stay open while not receiving any bytes from the user's application. If unspecified, a system default will be provided.
+ description: |-
+ IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed
+ to stay open while not receiving any bytes from the user's application. If
+ unspecified, a system default will be provided.
type: integer
format: int64
imagePullSecrets:
- description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod'
+ description: |-
+ ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
+ If specified, these secrets will be passed to individual puller implementations for them to use.
+ More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
type: array
items:
- description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
type: object
properties:
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
+ default: ""
x-kubernetes-map-type: atomic
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
initContainers:
- description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/'
+ description: |-
+ List of initialization containers belonging to the pod.
+ Init containers are executed in order prior to containers being started. If any
+ init container fails, the pod is considered to have failed and is handled according
+ to its restartPolicy. The name for an init container or normal container must be
+ unique among all containers.
+ Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
+ The resourceRequirements of an init container are taken into account during scheduling
+ by finding the highest request/limit for each resource type, and then using the max of
+ of that value or the sum of the normal containers. Limits are applied to init containers
+ in a similar fashion.
+ Init containers cannot currently be added or removed.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
type: array
items:
description: This is accessible behind a feature flag - kubernetes.podspec-init-containers
@@ -3973,7 +6269,10 @@ spec:
type: string
x-kubernetes-preserve-unknown-fields: true
responseStartTimeoutSeconds:
- description: ResponseStartTimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin sending any network traffic.
+ description: |-
+ ResponseStartTimeoutSeconds is the maximum duration in seconds that the request
+ routing layer will wait for a request delivered to a container to begin
+ sending any network traffic.
type: integer
format: int64
runtimeClassName:
@@ -3989,14 +6288,19 @@ spec:
type: object
x-kubernetes-preserve-unknown-fields: true
serviceAccountName:
- description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/'
+ description: |-
+ ServiceAccountName is the name of the ServiceAccount to use to run this pod.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
type: string
shareProcessNamespace:
description: This is accessible behind a feature flag - kubernetes.podspec-shareproccessnamespace
type: boolean
x-kubernetes-preserve-unknown-fields: true
timeoutSeconds:
- description: TimeoutSeconds is the maximum duration in seconds that the request instance is allowed to respond to a request. If unspecified, a system default will be provided.
+ description: |-
+ TimeoutSeconds is the maximum duration in seconds that the request instance
+ is allowed to respond to a request. If unspecified, a system default will
+ be provided.
type: integer
format: int64
tolerations:
@@ -4006,6 +6310,7 @@ spec:
description: This is accessible behind a feature flag - kubernetes.podspec-tolerations
type: object
x-kubernetes-preserve-unknown-fields: true
+ x-kubernetes-list-type: atomic
topologySpreadConstraints:
description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints
type: array
@@ -4014,7 +6319,9 @@ spec:
type: object
x-kubernetes-preserve-unknown-fields: true
volumes:
- description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes'
+ description: |-
+ List of volumes that can be mounted by containers belonging to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes
type: array
items:
description: Volume represents a named volume in a pod that may be accessed by any container in the pod.
@@ -4027,11 +6334,25 @@ spec:
type: object
properties:
defaultMode:
- description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
+ description: |-
+ defaultMode is optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
items:
- description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
type: array
items:
description: Maps a string key to a path within a volume.
@@ -4044,15 +6365,34 @@ spec:
description: key is the key to project.
type: string
mode:
- description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
path:
- description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
type: string
+ x-kubernetes-list-type: atomic
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
+ default: ""
optional:
description: optional specify whether the ConfigMap or its keys must be defined
type: boolean
@@ -4062,7 +6402,10 @@ spec:
type: object
x-kubernetes-preserve-unknown-fields: true
name:
- description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ description: |-
+ name of the volume.
+ Must be a DNS_LABEL and unique within the pod.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
persistentVolumeClaim:
description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim
@@ -4073,7 +6416,13 @@ spec:
type: object
properties:
defaultMode:
- description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ description: |-
+ defaultMode are the mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
sources:
@@ -4088,7 +6437,14 @@ spec:
type: object
properties:
items:
- description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
type: array
items:
description: Maps a string key to a path within a volume.
@@ -4101,15 +6457,34 @@ spec:
description: key is the key to project.
type: string
mode:
- description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
path:
- description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
type: string
+ x-kubernetes-list-type: atomic
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
+ default: ""
optional:
description: optional specify whether the ConfigMap or its keys must be defined
type: boolean
@@ -4128,7 +6503,7 @@ spec:
- path
properties:
fieldRef:
- description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.'
+ description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.'
type: object
required:
- fieldPath
@@ -4141,14 +6516,22 @@ spec:
type: string
x-kubernetes-map-type: atomic
mode:
- description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
+ description: |-
+ Optional: mode bits used to set permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
path:
description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..'''
type: string
resourceFieldRef:
- description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.'
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
type: object
required:
- resource
@@ -4167,12 +6550,20 @@ spec:
description: 'Required: resource to select'
type: string
x-kubernetes-map-type: atomic
+ x-kubernetes-list-type: atomic
secret:
description: secret information about the secret data to project
type: object
properties:
items:
- description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
type: array
items:
description: Maps a string key to a path within a volume.
@@ -4185,15 +6576,34 @@ spec:
description: key is the key to project.
type: string
mode:
- description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
path:
- description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
type: string
+ x-kubernetes-list-type: atomic
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
+ default: ""
optional:
description: optional field specify whether the Secret or its key must be defined
type: boolean
@@ -4205,25 +6615,54 @@ spec:
- path
properties:
audience:
- description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
+ description: |-
+ audience is the intended audience of the token. A recipient of a token
+ must identify itself with an identifier specified in the audience of the
+ token, and otherwise should reject the token. The audience defaults to the
+ identifier of the apiserver.
type: string
expirationSeconds:
- description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
+ description: |-
+ expirationSeconds is the requested duration of validity of the service
+ account token. As the token approaches expiration, the kubelet volume
+ plugin will proactively rotate the service account token. The kubelet will
+ start trying to rotate the token if the token is older than 80 percent of
+ its time to live or if the token is older than 24 hours.Defaults to 1 hour
+ and must be at least 10 minutes.
type: integer
format: int64
path:
- description: path is the path relative to the mount point of the file to project the token into.
+ description: |-
+ path is the path relative to the mount point of the file to project the
+ token into.
type: string
+ x-kubernetes-list-type: atomic
secret:
- description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ description: |-
+ secret represents a secret that should populate this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
type: object
properties:
defaultMode:
- description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
+ description: |-
+ defaultMode is Optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values
+ for mode bits. Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
items:
- description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ description: |-
+ items If unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
type: array
items:
description: Maps a string key to a path within a volume.
@@ -4236,43 +6675,86 @@ spec:
description: key is the key to project.
type: string
mode:
- description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
path:
- description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
type: string
+ x-kubernetes-list-type: atomic
optional:
description: optional field specify whether the Secret or its keys must be defined
type: boolean
secretName:
- description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ description: |-
+ secretName is the name of the secret in the pod's namespace to use.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
type: string
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
traffic:
- description: Traffic specifies how to distribute traffic over a collection of revisions and configurations.
+ description: |-
+ Traffic specifies how to distribute traffic over a collection of
+ revisions and configurations.
type: array
items:
description: TrafficTarget holds a single entry of the routing table for a Route.
type: object
properties:
configurationName:
- description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName.
+ description: |-
+ ConfigurationName of a configuration to whose latest revision we will send
+ this portion of traffic. When the "status.latestReadyRevisionName" of the
+ referenced configuration changes, we will automatically migrate traffic
+ from the prior "latest ready" revision to the new one. This field is never
+ set in Route's status, only its spec. This is mutually exclusive with
+ RevisionName.
type: string
latestRevision:
- description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty.
+ description: |-
+ LatestRevision may be optionally provided to indicate that the latest
+ ready Revision of the Configuration should be used for this traffic
+ target. When provided LatestRevision must be true if RevisionName is
+ empty; it must be false when RevisionName is non-empty.
type: boolean
percent:
- description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration'
+ description: |-
+ Percent indicates that percentage based routing should be used and
+ the value indicates the percent of traffic that is be routed to this
+ Revision or Configuration. `0` (zero) mean no traffic, `100` means all
+ traffic.
+ When percentage based routing is being used the follow rules apply:
+ - the sum of all percent values must equal 100
+ - when not specified, the implied value for `percent` is zero for
+ that particular Revision or Configuration
type: integer
format: int64
revisionName:
- description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName.
+ description: |-
+ RevisionName of a specific revision to which to send this portion of
+ traffic. This is mutually exclusive with ConfigurationName.
type: string
tag:
- description: Tag is optionally used to expose a dedicated url for referencing this target exclusively.
+ description: |-
+ Tag is optionally used to expose a dedicated url for referencing
+ this target exclusively.
type: string
url:
- description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.)
+ description: |-
+ URL displays the URL for accessing named traffic targets. URL is displayed in
+ status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and
+ a hostname, but may not contain anything else (e.g. basic auth, url path, etc.)
type: string
status:
description: ServiceStatus represents the Status stanza of the Service resource.
@@ -4283,7 +6765,9 @@ spec:
type: object
properties:
CACerts:
- description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468.
+ description: |-
+ CACerts is the Certification Authority (CA) certificates in PEM format
+ according to https://www.rfc-editor.org/rfc/rfc7468.
type: string
audience:
description: Audience is the OIDC audience for this address.
@@ -4294,7 +6778,11 @@ spec:
url:
type: string
annotations:
- description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
+ description: |-
+ Annotations is additional Status fields for the Resource to save some
+ additional State as well as convey more information to the user. This is
+ roughly akin to Annotations on any k8s resource, just the reconciler conveying
+ richer information outwards.
type: object
additionalProperties:
type: string
@@ -4302,14 +6790,19 @@ spec:
description: Conditions the latest available observations of a resource's current state.
type: array
items:
- description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties'
+ description: |-
+ Condition defines a readiness condition for a Knative resource.
+ See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
type: object
required:
- status
- type
properties:
lastTransitionTime:
- description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).
+ description: |-
+ LastTransitionTime is the last time the condition transitioned from one status to another.
+ We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
+ differences (all other things held constant).
type: string
message:
description: A human readable message indicating details about the transition.
@@ -4318,7 +6811,9 @@ spec:
description: The reason for the condition's last transition.
type: string
severity:
- description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.
+ description: |-
+ Severity with which to treat failures of this type of condition.
+ When this is not specified, it defaults to Error.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
@@ -4327,72 +6822,82 @@ spec:
description: Type of condition.
type: string
latestCreatedRevisionName:
- description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName.
+ description: |-
+ LatestCreatedRevisionName is the last revision that was created from this
+ Configuration. It might not be ready yet, for that use LatestReadyRevisionName.
type: string
latestReadyRevisionName:
- description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True".
+ description: |-
+ LatestReadyRevisionName holds the name of the latest Revision stamped out
+ from this Configuration that has had its "Ready" condition become "True".
type: string
observedGeneration:
- description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.
+ description: |-
+ ObservedGeneration is the 'Generation' of the Service that
+ was last processed by the controller.
type: integer
format: int64
traffic:
- description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed.
+ description: |-
+ Traffic holds the configured traffic distribution.
+ These entries will always contain RevisionName references.
+ When ConfigurationName appears in the spec, this will hold the
+ LatestReadyRevisionName that we last observed.
type: array
items:
description: TrafficTarget holds a single entry of the routing table for a Route.
type: object
properties:
configurationName:
- description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName.
+ description: |-
+ ConfigurationName of a configuration to whose latest revision we will send
+ this portion of traffic. When the "status.latestReadyRevisionName" of the
+ referenced configuration changes, we will automatically migrate traffic
+ from the prior "latest ready" revision to the new one. This field is never
+ set in Route's status, only its spec. This is mutually exclusive with
+ RevisionName.
type: string
latestRevision:
- description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty.
+ description: |-
+ LatestRevision may be optionally provided to indicate that the latest
+ ready Revision of the Configuration should be used for this traffic
+ target. When provided LatestRevision must be true if RevisionName is
+ empty; it must be false when RevisionName is non-empty.
type: boolean
percent:
- description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration'
+ description: |-
+ Percent indicates that percentage based routing should be used and
+ the value indicates the percent of traffic that is be routed to this
+ Revision or Configuration. `0` (zero) mean no traffic, `100` means all
+ traffic.
+ When percentage based routing is being used the follow rules apply:
+ - the sum of all percent values must equal 100
+ - when not specified, the implied value for `percent` is zero for
+ that particular Revision or Configuration
type: integer
format: int64
revisionName:
- description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName.
+ description: |-
+ RevisionName of a specific revision to which to send this portion of
+ traffic. This is mutually exclusive with ConfigurationName.
type: string
tag:
- description: Tag is optionally used to expose a dedicated url for referencing this target exclusively.
+ description: |-
+ Tag is optionally used to expose a dedicated url for referencing
+ this target exclusively.
type: string
url:
- description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.)
+ description: |-
+ URL displays the URL for accessing named traffic targets. URL is displayed in
+ status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and
+ a hostname, but may not contain anything else (e.g. basic auth, url path, etc.)
type: string
url:
- description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix}
+ description: |-
+ URL holds the url that will distribute traffic over the provided traffic targets.
+ It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix}
type: string
---
-apiVersion: v1
-kind: Secret
-metadata:
- name: serving-certs-ctrl-ca
- namespace: knative-serving
- labels:
- serving-certs-ctrl: "data-plane"
- networking.internal.knative.dev/certificate-uid: "serving-certs"
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: knative-serving-certs
- namespace: knative-serving
- labels:
- serving-certs-ctrl: "data-plane"
- networking.internal.knative.dev/certificate-uid: "serving-certs"
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: routing-serving-certs
- namespace: knative-serving
- labels:
- serving-certs-ctrl: "data-plane-routing"
- networking.internal.knative.dev/certificate-uid: "serving-certs"
----
apiVersion: caching.internal.knative.dev/v1alpha1
kind: Image
metadata:
@@ -4401,9 +6906,9 @@ metadata:
labels:
app.kubernetes.io/component: queue-proxy
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
spec:
- image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:89e6f90141f1b63405883fbb4de0d3b6d80f8b77e530904c4d29bdcd1dc5a167
+ image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:c61042001b1f21c5d06bdee9b42b5e4524e4370e09d4f46347226f06db29ba0f
---
apiVersion: v1
kind: ConfigMap
@@ -4413,7 +6918,7 @@ metadata:
labels:
app.kubernetes.io/component: autoscaler
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
annotations:
knative.dev/example-checksum: "47c2487f"
data:
@@ -4603,15 +7108,70 @@ data:
---
apiVersion: v1
kind: ConfigMap
+metadata:
+ name: config-certmanager
+ namespace: knative-serving
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/version: "1.16.0"
+ networking.knative.dev/certificate-provider: cert-manager
+ annotations:
+ knative.dev/example-checksum: "b7a9a602"
+data:
+ _example: |
+ ################################
+ # #
+ # EXAMPLE CONFIGURATION #
+ # #
+ ################################
+
+ # This block is not actually functional configuration,
+ # but serves to illustrate the available configuration
+ # options and document them in a way that is accessible
+ # to users that `kubectl edit` this config map.
+ #
+ # These sample configuration options may be copied out of
+ # this block and unindented to actually change the configuration.
+
+ # issuerRef is a reference to the issuer for external-domain certificates used for ingress.
+ # IssuerRef should be either `ClusterIssuer` or `Issuer`.
+ # Please refer `IssuerRef` in https://cert-manager.io/docs/concepts/issuer/
+ # for more details about IssuerRef configuration.
+ # If the issuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used.
+ issuerRef: |
+ kind: ClusterIssuer
+ name: letsencrypt-issuer
+
+ # clusterLocalIssuerRef is a reference to the issuer for cluster-local-domain certificates used for ingress.
+ # clusterLocalIssuerRef should be either `ClusterIssuer` or `Issuer`.
+ # Please refer `IssuerRef` in https://cert-manager.io/docs/concepts/issuer/
+ # for more details about ClusterInternalIssuerRef configuration.
+ # If the clusterLocalIssuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used.
+ clusterLocalIssuerRef: |
+ kind: ClusterIssuer
+ name: your-company-issuer
+
+ # systemInternalIssuerRef is a reference to the issuer for certificates for system-internal-tls certificates used by Knative internal components.
+ # systemInternalIssuerRef should be either `ClusterIssuer` or `Issuer`.
+ # Please refer `IssuerRef` in https://cert-manager.io/docs/concepts/issuer/
+ # for more details about ClusterInternalIssuerRef configuration.
+ # If the systemInternalIssuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used.
+ systemInternalIssuerRef: |
+ kind: ClusterIssuer
+ name: knative-selfsigned-issuer
+---
+apiVersion: v1
+kind: ConfigMap
metadata:
name: config-defaults
namespace: knative-serving
labels:
app.kubernetes.io/name: knative-serving
app.kubernetes.io/component: controller
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
annotations:
- knative.dev/example-checksum: "e7973912"
+ knative.dev/example-checksum: "5b64ff5c"
data:
_example: |
################################
@@ -4639,7 +7199,7 @@ data:
# This value must be greater than or equal to revision-timeout-seconds.
# If omitted, the system default is used (600 seconds).
#
- # If this value is increased, the activator's terminationGraceTimeSeconds
+ # If this value is increased, the activator's terminationGracePeriodSeconds
# should also be increased to prevent in-flight requests being disrupted.
max-revision-timeout-seconds: "600" # 10 minutes
@@ -4749,11 +7309,11 @@ metadata:
labels:
app.kubernetes.io/name: knative-serving
app.kubernetes.io/component: controller
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
annotations:
- knative.dev/example-checksum: "ed77183a"
+ knative.dev/example-checksum: "720ddb97"
data:
- queue-sidecar-image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:89e6f90141f1b63405883fbb4de0d3b6d80f8b77e530904c4d29bdcd1dc5a167
+ queue-sidecar-image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:c61042001b1f21c5d06bdee9b42b5e4524e4370e09d4f46347226f06db29ba0f
_example: |-
################################
# #
@@ -4818,6 +7378,38 @@ data:
# Sets rootCA for the queue proxy - used by QPOptions
# If omitted, or empty, no rootCA is added to the golang rootCAs
queue-sidecar-rootca: ""
+
+ # If set, it automatically configures pod anti-affinity requirements for all Knative services.
+ # It employs the `preferredDuringSchedulingIgnoredDuringExecution` weighted pod affinity term,
+ # aligning with the Knative revision label. It yields the configuration below in all workloads' deployments:
+ # `
+ # affinity:
+ # podAntiAffinity:
+ # preferredDuringSchedulingIgnoredDuringExecution:
+ # - podAffinityTerm:
+ # topologyKey: kubernetes.io/hostname
+ # labelSelector:
+ # matchLabels:
+ # serving.knative.dev/revision: {{revision-name}}
+ # weight: 100
+ # `
+ # This may be "none" or "prefer-spread-revision-over-nodes" (default)
+ # default-affinity-type: "prefer-spread-revision-over-nodes"
+
+ # runtime-class-name contains the selector for which runtimeClassName
+ # is selected to put in a revision.
+ # By default, it is not set by Knative.
+ #
+ # Example:
+ # runtime-class-name: |
+ # "":
+ # selector:
+ # use-default-runc: "yes"
+ # kata: {}
+ # gvisor:
+ # selector:
+ # use-gvisor: "please"
+ runtime-class-name: ""
---
apiVersion: v1
kind: ConfigMap
@@ -4827,7 +7419,7 @@ metadata:
labels:
app.kubernetes.io/name: knative-serving
app.kubernetes.io/component: controller
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
annotations:
knative.dev/example-checksum: "26c09de5"
data:
@@ -4877,9 +7469,9 @@ metadata:
labels:
app.kubernetes.io/name: knative-serving
app.kubernetes.io/component: controller
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
annotations:
- knative.dev/example-checksum: "f2fc138e"
+ knative.dev/example-checksum: "9ff569ad"
data:
_example: |-
################################
@@ -4907,9 +7499,15 @@ data:
# Indicates whether multi container support is enabled
#
# WARNING: Cannot safely be disabled once enabled.
- # See: https://knative.dev/docs/serving/feature-flags/#multi-containers
+ # See: https://knative.dev/docs/serving/configuration/feature-flags/#multiple-containers
multi-container: "enabled"
+ # Indicates whether multi container probing is enabled
+ #
+ # WARNING: Cannot safely be disabled once enabled.
+ # See: https://knative.dev/docs/serving/configuration/feature-flags/#multiple-container-probing
+ multi-container-probing: "disabled"
+
# Indicates whether Kubernetes affinity support is enabled
#
# WARNING: Cannot safely be disabled once enabled.
@@ -4989,6 +7587,24 @@ data:
# See: https://knative.dev/docs/serving/configuration/feature-flags/#kubernetes-share-process-namespace
kubernetes.podspec-shareprocessnamespace: "disabled"
+ # Indicates whether hostIPC support is enabled
+ #
+ # WARNING: Cannot safely be disabled once enabled.
+ # See https://knative.dev/docs/serving/configuration/feature-flags/#kubernetes-host-ipc
+ kubernetes.podspec-hostipc: "disabled"
+
+ # Indicates whether hostPID support is enabled
+ #
+ # WARNING: Cannot safely be disabled once enabled.
+ # See https://knative.dev/docs/serving/configuration/feature-flags/#kubernetes-host-pid
+ kubernetes.podspec-hostpid: "disabled"
+
+ # Indicates whether hostNetwork support is enabled
+ #
+ # WARNING: Cannot safely be disabled once enabled.
+ # See See https://knative.dev/docs/serving/configuration/feature-flags/#kubernetes-host-network
+ kubernetes.podspec-hostnetwork: "disabled"
+
# Indicates whether Kubernetes PriorityClassName support is enabled
#
# WARNING: Cannot safely be disabled once enabled.
@@ -5076,7 +7692,7 @@ metadata:
labels:
app.kubernetes.io/name: knative-serving
app.kubernetes.io/component: controller
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
annotations:
knative.dev/example-checksum: "aa3813a8"
data:
@@ -5161,7 +7777,7 @@ metadata:
labels:
app.kubernetes.io/name: knative-serving
app.kubernetes.io/component: controller
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
annotations:
knative.dev/example-checksum: "f4b71f57"
data:
@@ -5206,11 +7822,11 @@ metadata:
name: config-logging
namespace: knative-serving
labels:
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
app.kubernetes.io/component: logging
app.kubernetes.io/name: knative-serving
annotations:
- knative.dev/example-checksum: "53fda05f"
+ knative.dev/example-checksum: "9f25d429"
data:
_example: |
################################
@@ -5261,7 +7877,6 @@ data:
loglevel.webhook: "info"
loglevel.activator: "info"
loglevel.hpaautoscaler: "info"
- loglevel.net-certmanager-controller: "info"
loglevel.net-istio-controller: "info"
loglevel.net-contour-controller: "info"
loglevel.net-kourier-controller: "info"
@@ -5275,7 +7890,7 @@ metadata:
labels:
app.kubernetes.io/name: knative-serving
app.kubernetes.io/component: networking
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
annotations:
knative.dev/example-checksum: "0573e07d"
data:
@@ -5465,7 +8080,7 @@ metadata:
labels:
app.kubernetes.io/name: knative-serving
app.kubernetes.io/component: observability
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
annotations:
knative.dev/example-checksum: "54abd711"
data:
@@ -5570,7 +8185,7 @@ metadata:
labels:
app.kubernetes.io/name: knative-serving
app.kubernetes.io/component: tracing
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
annotations:
knative.dev/example-checksum: "26614636"
data:
@@ -5612,7 +8227,7 @@ metadata:
labels:
app.kubernetes.io/component: activator
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
spec:
minReplicas: 1
maxReplicas: 20
@@ -5636,7 +8251,7 @@ metadata:
labels:
app.kubernetes.io/component: activator
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
spec:
minAvailable: 80%
selector:
@@ -5650,7 +8265,7 @@ metadata:
namespace: knative-serving
labels:
app.kubernetes.io/component: activator
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
app.kubernetes.io/name: knative-serving
spec:
selector:
@@ -5664,12 +8279,21 @@ spec:
role: activator
app.kubernetes.io/component: activator
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
spec:
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - podAffinityTerm:
+ labelSelector:
+ matchLabels:
+ app: activator
+ topologyKey: kubernetes.io/hostname
+ weight: 100
serviceAccountName: activator
containers:
- name: activator
- image: gcr.io/knative-releases/knative.dev/serving/cmd/activator@sha256:ad42ddc9bc4e25fdc88c240d7cbfad4b2708eb7d26e07ae904d258011141116e
+ image: gcr.io/knative-releases/knative.dev/serving/cmd/activator@sha256:24c19cbee078925b91cd2e85082b581d53b218b410c083b1005dc06dc549b1d3
resources:
requests:
cpu: 300m
@@ -5719,17 +8343,11 @@ spec:
readinessProbe:
httpGet:
port: 8012
- httpHeaders:
- - name: k-kubelet-probe
- value: "activator"
periodSeconds: 5
failureThreshold: 5
livenessProbe:
httpGet:
port: 8012
- httpHeaders:
- - name: k-kubelet-probe
- value: "activator"
periodSeconds: 10
failureThreshold: 12
initialDelaySeconds: 15
@@ -5743,7 +8361,7 @@ metadata:
labels:
app: activator
app.kubernetes.io/component: activator
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
app.kubernetes.io/name: knative-serving
spec:
selector:
@@ -5774,7 +8392,7 @@ metadata:
labels:
app.kubernetes.io/component: autoscaler
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
spec:
replicas: 1
selector:
@@ -5790,7 +8408,7 @@ spec:
app: autoscaler
app.kubernetes.io/component: autoscaler
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
spec:
affinity:
podAntiAffinity:
@@ -5804,7 +8422,7 @@ spec:
serviceAccountName: controller
containers:
- name: autoscaler
- image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler@sha256:66aa0dbceee62691d5327e423bbd7cbd411903747adeab61fdc81b14590793d4
+ image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler@sha256:5e9236452d89363957d4e7e249d57740a8fcd946aed23f8518d94962bf440250
resources:
requests:
cpu: 100m
@@ -5850,15 +8468,9 @@ spec:
readinessProbe:
httpGet:
port: 8080
- httpHeaders:
- - name: k-kubelet-probe
- value: "autoscaler"
livenessProbe:
httpGet:
port: 8080
- httpHeaders:
- - name: k-kubelet-probe
- value: "autoscaler"
failureThreshold: 6
---
apiVersion: v1
@@ -5868,7 +8480,7 @@ metadata:
app: autoscaler
app.kubernetes.io/component: autoscaler
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
name: autoscaler
namespace: knative-serving
spec:
@@ -5893,7 +8505,7 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
spec:
selector:
matchLabels:
@@ -5904,7 +8516,7 @@ spec:
app: controller
app.kubernetes.io/component: controller
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
spec:
affinity:
podAntiAffinity:
@@ -5918,7 +8530,7 @@ spec:
serviceAccountName: controller
containers:
- name: controller
- image: gcr.io/knative-releases/knative.dev/serving/cmd/controller@sha256:e5b7b6edd265b66d32f424bd245c06455154462ade6ce05698472212248d5657
+ image: gcr.io/knative-releases/knative.dev/serving/cmd/controller@sha256:5fb22b052e6bc98a1a6bbb68c0282ddb50744702acee6d83110302bc990666e9
resources:
requests:
cpu: 100m
@@ -5979,7 +8591,7 @@ metadata:
app: controller
app.kubernetes.io/component: controller
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
name: controller
namespace: knative-serving
spec:
@@ -6001,7 +8613,7 @@ metadata:
labels:
app.kubernetes.io/component: webhook
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
spec:
minReplicas: 1
maxReplicas: 5
@@ -6025,7 +8637,7 @@ metadata:
labels:
app.kubernetes.io/component: webhook
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
spec:
minAvailable: 80%
selector:
@@ -6039,7 +8651,7 @@ metadata:
namespace: knative-serving
labels:
app.kubernetes.io/component: webhook
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
app.kubernetes.io/name: knative-serving
spec:
selector:
@@ -6052,7 +8664,7 @@ spec:
app: webhook
role: webhook
app.kubernetes.io/component: webhook
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
app.kubernetes.io/name: knative-serving
spec:
affinity:
@@ -6067,7 +8679,7 @@ spec:
serviceAccountName: controller
containers:
- name: webhook
- image: gcr.io/knative-releases/knative.dev/serving/cmd/webhook@sha256:48aee2733721ecc77956abc5a2ca072853a669ebc97519beb48f7b3da8455e67
+ image: gcr.io/knative-releases/knative.dev/serving/cmd/webhook@sha256:0fb5a4245aa4737d443658754464cd0a076de959fe14623fb9e9d31318ccce24
resources:
requests:
cpu: 100m
@@ -6115,17 +8727,11 @@ spec:
httpGet:
scheme: HTTPS
port: 8443
- httpHeaders:
- - name: k-kubelet-probe
- value: "webhook"
livenessProbe:
- periodSeconds: 1
+ periodSeconds: 10
httpGet:
scheme: HTTPS
port: 8443
- httpHeaders:
- - name: k-kubelet-probe
- value: "webhook"
failureThreshold: 6
initialDelaySeconds: 20
terminationGracePeriodSeconds: 300
@@ -6137,7 +8743,7 @@ metadata:
app: webhook
role: webhook
app.kubernetes.io/component: webhook
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
app.kubernetes.io/name: knative-serving
name: webhook
namespace: knative-serving
@@ -6163,7 +8769,7 @@ metadata:
labels:
app.kubernetes.io/component: webhook
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
webhooks:
- admissionReviewVersions: ["v1", "v1beta1"]
clientConfig:
@@ -6180,7 +8786,7 @@ webhooks:
values: ["knative-serving"]
- key: app.kubernetes.io/component
operator: In
- values: ["autoscaler", "controller", "logging", "networking", "observability", "tracing"]
+ values: ["autoscaler", "controller", "logging", "networking", "observability", "tracing", "net-certmanager"]
timeoutSeconds: 10
---
apiVersion: admissionregistration.k8s.io/v1
@@ -6190,7 +8796,7 @@ metadata:
labels:
app.kubernetes.io/component: webhook
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
webhooks:
- admissionReviewVersions: ["v1", "v1beta1"]
clientConfig:
@@ -6232,7 +8838,7 @@ metadata:
labels:
app.kubernetes.io/component: webhook
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
webhooks:
- admissionReviewVersions: ["v1", "v1beta1"]
clientConfig:
@@ -6276,6 +8882,6 @@ metadata:
labels:
app.kubernetes.io/component: webhook
app.kubernetes.io/name: knative-serving
- app.kubernetes.io/version: "1.12.4"
+ app.kubernetes.io/version: "1.16.0"
---
diff --git a/hack/synchronize-knative-manifests.sh b/hack/synchronize-knative-manifests.sh
index a57a79d80f..773ddbd5ab 100755
--- a/hack/synchronize-knative-manifests.sh
+++ b/hack/synchronize-knative-manifests.sh
@@ -14,9 +14,9 @@
set -euxo pipefail
IFS=$'\n\t'
-KN_SERVING_RELEASE="v1.12.4" # Must be a release
-KN_EXTENSION_RELEASE="v1.12.3" # Must be a release
-KN_EVENTING_RELEASE="v1.12.6" # Must be a release
+KN_SERVING_RELEASE="v1.16.0" # Must be a release
+KN_EXTENSION_RELEASE="v1.16.0" # Must be a release
+KN_EVENTING_RELEASE="v1.16.1" # Must be a release
BRANCH=${BRANCH:=synchronize-knative-manifests-${KN_SERVING_RELEASE?}}
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
diff --git a/tests/gh-actions/install_knative-cni.sh b/tests/gh-actions/install_knative-cni.sh
index e361e87d31..c3d6a71324 100755
--- a/tests/gh-actions/install_knative-cni.sh
+++ b/tests/gh-actions/install_knative-cni.sh
@@ -1,14 +1,23 @@
#!/bin/bash
set -euo pipefail
-echo "Installing KNative with istio-cni ..."
+
+echo "Installing KNative with Istio-CNI ..."
+
+# Retry mechanism for applying Knative manifests
set +e
-kustomize build common/knative/knative-serving/base | kubectl apply -f -
+for i in {1..5}; do
+ kustomize build common/knative/knative-serving/base | kubectl apply -f -
+ if [[ $? -eq 0 ]]; then
+ break
+ fi
+ echo "Retrying in 30 seconds..."
+ sleep 30
+done
set -e
-kustomize build common/knative/knative-serving/base | kubectl apply -f -
kustomize build common/istio-cni-1-23/cluster-local-gateway/base | kubectl apply -f -
kustomize build common/istio-cni-1-23/kubeflow-istio-resources/base | kubectl apply -f -
-kubectl wait --for=condition=Ready pods --all --all-namespaces --timeout=600s \
+kubectl wait --for=condition=Ready pods --all --all-namespaces --timeout=300s \
--field-selector=status.phase!=Succeeded
kubectl patch cm config-domain --patch '{"data":{"example.com":""}}' -n knative-serving
diff --git a/tests/gh-actions/install_knative.sh b/tests/gh-actions/install_knative.sh
index c9b04b36cb..1d84031d5e 100755
--- a/tests/gh-actions/install_knative.sh
+++ b/tests/gh-actions/install_knative.sh
@@ -1,14 +1,23 @@
#!/bin/bash
set -euo pipefail
+
echo "Installing KNative ..."
+
+# Retry mechanism for applying Knative manifests
set +e
-kustomize build common/knative/knative-serving/base | kubectl apply -f -
+for i in {1..5}; do
+ kustomize build common/knative/knative-serving/base | kubectl apply -f -
+ if [[ $? -eq 0 ]]; then
+ break
+ fi
+ echo "Retrying in 30 seconds..."
+ sleep 30
+done
set -e
-kustomize build common/knative/knative-serving/base | kubectl apply -f -
kustomize build common/istio-1-23/cluster-local-gateway/base | kubectl apply -f -
kustomize build common/istio-1-23/kubeflow-istio-resources/base | kubectl apply -f -
-kubectl wait --for=condition=Ready pods --all --all-namespaces --timeout=600s \
+kubectl wait --for=condition=Ready pods --all --all-namespaces --timeout=300s \
--field-selector=status.phase!=Succeeded
kubectl patch cm config-domain --patch '{"data":{"example.com":""}}' -n knative-serving