diff --git a/.github/workflows/test-conformance.yaml b/.github/workflows/test-gateway-api-conformance.yaml
similarity index 77%
rename from .github/workflows/test-conformance.yaml
rename to .github/workflows/test-gateway-api-conformance.yaml
index 6373d8f92..0fc4b09d2 100644
--- a/.github/workflows/test-conformance.yaml
+++ b/.github/workflows/test-gateway-api-conformance.yaml
@@ -5,18 +5,18 @@ on:
branches:
- '*'
paths:
- - '.github/workflows/test-conformance.yaml'
+ - '.github/workflows/test-gateway-api-conformance.yaml'
- 'pkg/provider/kubernetes/gateway/**'
- 'integration/fixtures/k8s-conformance/**'
- 'integration/k8s_conformance_test.go'
env:
- GO_VERSION: '1.23'
+ GO_VERSION: '1.24'
CGO_ENABLED: 0
jobs:
- test-conformance:
+ test-gateway-api-conformance:
runs-on: ubuntu-latest
steps:
@@ -30,6 +30,10 @@ jobs:
with:
go-version: ${{ env.GO_VERSION }}
+ - name: Avoid generating webui
+ run: |
+ touch webui/static/index.html
+
- name: K8s Gateway API conformance test and report
run: |
make test-gateway-api-conformance
diff --git a/.github/workflows/test-integration.yaml b/.github/workflows/test-integration.yaml
index 0f7504c06..5125d19c6 100644
--- a/.github/workflows/test-integration.yaml
+++ b/.github/workflows/test-integration.yaml
@@ -30,6 +30,10 @@ jobs:
go-version: ${{ env.GO_VERSION }}
check-latest: true
+ - name: Avoid generating webui
+ run: |
+ touch webui/static/index.html
+
- name: Build binary
run: make binary-linux-amd64
diff --git a/.github/workflows/test-knative-conformance.yaml b/.github/workflows/test-knative-conformance.yaml
new file mode 100644
index 000000000..3fb680ec0
--- /dev/null
+++ b/.github/workflows/test-knative-conformance.yaml
@@ -0,0 +1,50 @@
+name: Test Knative conformance
+
+on:
+ pull_request:
+ branches:
+ - '*'
+ paths:
+ - '.github/workflows/test-knative-conformance.yaml'
+ - 'pkg/provider/kubernetes/knative/**'
+ - 'integration/fixtures/knative/**'
+ - 'integration/knative_conformance_test.go'
+
+env:
+ GO_VERSION: '1.24'
+ CGO_ENABLED: 0
+
+jobs:
+
+ test-knative-conformance:
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Check out code
+ uses: actions/checkout@v4
+ with:
+ fetch-depth: 0
+
+ - name: Set up Go ${{ env.GO_VERSION }}
+ uses: actions/setup-go@v5
+ with:
+ go-version: ${{ env.GO_VERSION }}
+
+ - name: Set up KO
+ uses: ko-build/setup-ko@v0.6
+ env:
+ KO_DOCKER_REPO: ko.local
+
+ - name: Upload Test Images
+ run: |
+ # Download the test image templates.
+ go mod vendor
+ ./integration/fixtures/knative/upload-test-images.sh
+
+ - name: Avoid generating webui
+ run: |
+ touch webui/static/index.html
+
+ - name: Knative conformance test
+ run: |
+ make test-knative-conformance
diff --git a/Makefile b/Makefile
index 470b5c3e8..b33b23361 100644
--- a/Makefile
+++ b/Makefile
@@ -100,11 +100,16 @@ test-integration:
GOOS=$(GOOS) GOARCH=$(GOARCH) go test ./integration -test.timeout=20m -failfast -v $(TESTFLAGS)
.PHONY: test-gateway-api-conformance
-#? test-gateway-api-conformance: Run the conformance tests
+#? test-gateway-api-conformance: Run the Gateway API conformance tests
test-gateway-api-conformance: build-image-dirty
# In case of a new Minor/Major version, the k8sConformanceTraefikVersion needs to be updated.
GOOS=$(GOOS) GOARCH=$(GOARCH) go test ./integration -v -test.run K8sConformanceSuite -k8sConformance -k8sConformanceTraefikVersion="v3.5" $(TESTFLAGS)
+.PHONY: test-knative-conformance
+#? test-knative-conformance: Run the Knative conformance tests
+test-knative-conformance: build-image-dirty
+ GOOS=$(GOOS) GOARCH=$(GOARCH) go test ./integration/integration_test.go ./integration/knative_conformance_test.go -v -tags knativeConformance -test.run KnativeConformanceSuite
+
.PHONY: test-ui-unit
#? test-ui-unit: Run the unit tests for the webui
test-ui-unit:
diff --git a/docs/content/reference/dynamic-configuration/kubernetes-knative-rbac.yml b/docs/content/reference/dynamic-configuration/kubernetes-knative-rbac.yml
new file mode 100644
index 000000000..00276e7ef
--- /dev/null
+++ b/docs/content/reference/dynamic-configuration/kubernetes-knative-rbac.yml
@@ -0,0 +1,50 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: knative-networking-role
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - services
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - networking.internal.knative.dev
+ resources:
+ - ingresses
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - networking.internal.knative.dev
+ resources:
+ - ingresses/status
+ verbs:
+ - update
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: gateway-controller
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: knative-networking-role
+subjects:
+ - kind: ServiceAccount
+ name: traefik-controller
+ namespace: default
diff --git a/docs/content/reference/install-configuration/configuration-options.md b/docs/content/reference/install-configuration/configuration-options.md
index 12974690b..a8ce3757f 100644
--- a/docs/content/reference/install-configuration/configuration-options.md
+++ b/docs/content/reference/install-configuration/configuration-options.md
@@ -123,6 +123,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
| experimental.abortonpluginfailure | Defines whether all plugins must be loaded successfully for Traefik to start. | false |
| experimental.fastproxy | Enables the FastProxy implementation. | false |
| experimental.fastproxy.debug | Enable debug mode for the FastProxy implementation. | false |
+| experimental.knative | Allow the Knative provider usage. | false |
| experimental.kubernetesgateway | (Deprecated) Allow the Kubernetes gateway api provider usage. | false |
| experimental.kubernetesingressnginx | Allow the Kubernetes Ingress NGINX provider usage. | false |
| experimental.localplugins._name_ | Local plugins configuration. | false |
@@ -319,6 +320,21 @@ THIS FILE MUST NOT BE EDITED BY HAND
| providers.http.tls.cert | TLS cert | |
| providers.http.tls.insecureskipverify | TLS insecure skip verify | false |
| providers.http.tls.key | TLS key | |
+| providers.knative | Enables Knative provider. | false |
+| providers.knative.certauthfilepath | Kubernetes certificate authority file path (not needed for in-cluster client). | |
+| providers.knative.endpoint | Kubernetes server endpoint (required for external cluster client). | |
+| providers.knative.labelselector | Kubernetes label selector to use. | |
+| providers.knative.namespaces | Kubernetes namespaces. | |
+| providers.knative.privateentrypoints | Entrypoint names used to expose the Ingress privately. If empty local Ingresses are skipped. | |
+| providers.knative.privateservice | Kubernetes service used to expose the networking controller privately. | |
+| providers.knative.privateservice.name | Name of the Kubernetes service. | |
+| providers.knative.privateservice.namespace | Namespace of the Kubernetes service. | |
+| providers.knative.publicentrypoints | Entrypoint names used to expose the Ingress publicly. If empty an Ingress is exposed on all entrypoints. | |
+| providers.knative.publicservice | Kubernetes service used to expose the networking controller publicly. | |
+| providers.knative.publicservice.name | Name of the Kubernetes service. | |
+| providers.knative.publicservice.namespace | Namespace of the Kubernetes service. | |
+| providers.knative.throttleduration | Ingress refresh throttle duration | 0 |
+| providers.knative.token | Kubernetes bearer token (not needed for in-cluster client). | |
| providers.kubernetescrd | Enables Kubernetes CRD provider. | false |
| providers.kubernetescrd.allowcrossnamespace | Allow cross namespace resource reference. | false |
| providers.kubernetescrd.allowemptyservices | Allow the creation of services without endpoints. | false |
diff --git a/docs/content/reference/install-configuration/providers/kubernetes/knative.md b/docs/content/reference/install-configuration/providers/kubernetes/knative.md
new file mode 100644
index 000000000..e02e952e5
--- /dev/null
+++ b/docs/content/reference/install-configuration/providers/kubernetes/knative.md
@@ -0,0 +1,142 @@
+---
+title: "Traefik Knative Documentation"
+description: "Learn how to use the Knative as a provider for configuration discovery in Traefik Proxy. Read the technical documentation."
+---
+
+# Traefik & Knative
+
+The Traefik Knative provider integrates with Knative Serving to provide advanced traffic management and routing capabilities for serverless applications.
+
+[Knative](https://knative.dev) is a Kubernetes-based platform that enables serverless workloads with features like scale-to-zero,
+automatic scaling, and revision management.
+
+The provider watches Knative `Ingress` resources and automatically configures Traefik routing rules,
+enabling seamless integration between Traefik's networking capabilities and Knative's serverless platform.
+
+## Requirements
+
+{!kubernetes-requirements.md!}
+
+1. Install/update the Knative CRDs.
+
+ ```bash
+ kubectl apply -f https://github.com/knative/serving/releases/download/knative-v1.19.0/serving-crds.yaml
+ ```
+
+2. Install the Knative Serving core components.
+
+ ```bash
+ kubectl apply -f https://github.com/knative/serving/releases/download/knative-v1.19.0/serving-core.yaml
+ ```
+
+3. Update the config-network configuration to use the Traefik ingress class.
+
+ ```bash
+ kubectl patch configmap/config-network \
+ -n knative-serving \
+ --type merge \
+ -p '{"data":{"ingress.class":"traefik.ingress.networking.knative.dev"}}'
+ ```
+
+4. Add a custom domain to your Knative configuration (Optional).
+
+ ```bash
+ kubectl patch configmap config-domain \
+ -n knative-serving \
+ --type='merge' \
+ -p='{"data":{"example.com":""}}'
+ ```
+
+5. Install/update the Traefik [RBAC](../../../dynamic-configuration/kubernetes-knative-rbac.yml).
+
+ ```bash
+ kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.6/docs/content/reference/dynamic-configuration/kubernetes-knative-rbac.yml
+ ```
+
+## Configuration Example
+
+As this provider is an experimental feature, it needs to be enabled in the experimental and in the provider sections of the configuration.
+You can enable the Knative provider as detailed below:
+
+```yaml tab="File (YAML)"
+experimental:
+ knative: true
+
+providers:
+ knative: {}
+```
+
+```toml tab="File (TOML)"
+[experimental.knative]
+
+[providers.knative]
+```
+
+```bash tab="CLI"
+--experimental.knative=true
+--providers.knative=true
+```
+
+The Knative provider uses the Knative API to retrieve its routing configuration.
+The provider then watches for incoming Knative events and derives the corresponding dynamic configuration from it.
+
+## Configuration Options
+
+
+
+| Field | Description | Default | Required |
+|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
+| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event. If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded. **This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
+| providers.knative.endpoint | Server endpoint URL. More information [here](#endpoint). | |
+| providers.knative.token | Bearer token used for the Kubernetes client configuration. | |
+| providers.knative.certauthfilepath | Path to the certificate authority file. Used for the Kubernetes client configuration. | |
+| providers.knative.namespaces | Array of namespaces to watch. If left empty, watch all namespaces. | |
+| providers.knative.labelselector | Allow filtering Knative Ingress objects using label selectors. | |
+| providers.knative.throttleduration | Minimum amount of time to wait between two Kubernetes events before producing a new configuration. This prevents a Kubernetes cluster that updates many times per second from continuously changing your Traefik configuration. If empty, every event is caught. | 0 |
+| providers.knative.privateentrypoints | Entrypoint names used to expose the Ingress privately. If empty local Ingresses are skipped. | |
+| providers.knative.privateservice | Kubernetes service used to expose the networking controller privately. | |
+| providers.knative.privateservice.name | Name of the private Kubernetes service. | |
+| providers.knative.privateservice.namespace | Namespace of the private Kubernetes service. | |
+| providers.knative.publicentrypoints | Entrypoint names used to expose the Ingress publicly. If empty an Ingress is exposed on all entrypoints. | |
+| providers.knative.publicservice | Kubernetes service used to expose the networking controller publicly. | |
+| providers.knative.publicservice.name | Name of the public Kubernetes service. | |
+| providers.knative.publicservice.namespace | Namespace of the public Kubernetes service. | |
+
+
+
+### `endpoint`
+
+The Kubernetes server endpoint URL.
+
+When deployed into Kubernetes, Traefik reads the environment variables `KUBERNETES_SERVICE_HOST` and `KUBERNETES_SERVICE_PORT` or `KUBECONFIG` to construct the endpoint.
+
+The access token is looked up in `/var/run/secrets/kubernetes.io/serviceaccount/token` and the SSL CA certificate in `/var/run/secrets/kubernetes.io/serviceaccount/ca.crt`.
+Both are mounted automatically when deployed inside Kubernetes.
+
+The endpoint may be specified to override the environment variable values inside a cluster.
+
+When the environment variables are not found, Traefik tries to connect to the Knative API server with an external-cluster client.
+In this case, the endpoint is required.
+Specifically, it may be set to the URL used by `kubectl proxy` to connect to a Knative cluster using the granted authentication and authorization of the associated kubeconfig.
+
+```yaml tab="File (YAML)"
+providers:
+ knative:
+ endpoint: "http://localhost:8080"
+ # ...
+```
+
+```toml tab="File (TOML)"
+[providers.knative]
+ endpoint = "http://localhost:8080"
+ # ...
+```
+
+```bash tab="CLI"
+--providers.knative.endpoint=http://localhost:8080
+```
+## Routing Configuration
+
+See the dedicated section in [routing](../../../routing-configuration/kubernetes/knative.md).
+
+{!traefik-for-business-applications.md!}
diff --git a/docs/content/reference/routing-configuration/kubernetes/knative.md b/docs/content/reference/routing-configuration/kubernetes/knative.md
new file mode 100644
index 000000000..70d29a051
--- /dev/null
+++ b/docs/content/reference/routing-configuration/kubernetes/knative.md
@@ -0,0 +1,96 @@
+---
+title: "Traefik Knative Documentation"
+description: "The Knative provider can be used for routing and load balancing in Traefik Proxy. View examples in the technical documentation."
+---
+
+# Traefik & Knative
+
+When using the Knative provider, Traefik leverages Knative's Custom Resource Definitions (CRDs) to obtain its routing configuration.
+For detailed information on Knative concepts and resources, refer to the official [documentation](https://knative.dev/docs/).
+
+The Knative provider supports version [v1.19.0](https://github.com/knative/serving/releases/tag/knative-v1.19.0) of the specification.
+
+## Deploying a Knative Service
+
+A `Service` is a core resource in the Knative specification that defines the entry point for traffic into a Knative application.
+It is linked to a `Ingress`, which specifies the Knative networking controller responsible for managing and handling the traffic,
+ensuring that it is directed to the appropriate Knative backend services.
+
+The following `Service` manifest configures the running Traefik controller to handle the incoming traffic.
+
+```yaml
+---
+apiVersion: serving.knative.dev/v1
+kind: Service
+metadata:
+ name: helloworld-go
+ namespace: default
+spec:
+ template:
+ spec:
+ containers:
+ - image: gcr.io/knative-samples/helloworld-go
+ env:
+ - name: TARGET
+ value: "Go Sample v1"
+```
+
+Once everything is deployed, sending a `GET` request to the HTTP endpoint should return the following response:
+
+```shell
+$ curl http://helloworld-go.default.example.com
+
+Hello Go Sample v1!
+```
+
+!!! Note
+
+ The `example.com` domain is the public domain configured when deploying the Traefik controller.
+ Check out [the install configuration](../../install-configuration/providers/kubernetes/knative.md) for more details.
+
+### Tag based routing
+
+To add tag-based routing with percentage in Knative, you can define the `traffic` section in your `Service` manifest to include different revisions with specific tags and percentages.
+Here is an example:
+
+```yaml
+apiVersion: serving.knative.dev/v1
+kind: Service
+metadata:
+ name: helloworld-go
+ namespace: default
+spec:
+ template:
+ spec:
+ containers:
+ - image: gcr.io/knative-samples/helloworld-go
+ env:
+ - name: TARGET
+ value: "Go Sample v2"
+ traffic:
+ - tag: v1
+ revisionName: helloworld-go-00001
+ percent: 50
+ - tag: v2
+ revisionName: helloworld-go-00002
+ percent: 50
+```
+
+In this example:
+- The `traffic` section specifies two revisions (`helloworld-go-00001` and `helloworld-go-00002`) with tags `v1` and `v2`, each receiving 50% of the traffic.
+- The `tag` field allows you to route traffic to specific revisions using the tag.
+
+You can access the tagged revisions using these URLs:
+
+- `http://v1-helloworld-go.default.example.com`
+- `http://v2-helloworld-go.default.example.com`
+
+Use the default URL to access percentage-based routing:
+
+- `http://helloworld-go.default.example.com`
+
+### HTTP/HTTPS
+
+Check out the Knative documentation for [HTTP/HTTPS configuration](https://knative.dev/docs/serving/encryption/external-domain-tls/#configure-external-domain-encryption).
+
+{!traefik-for-business-applications.md!}
diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml
index 6e8663968..13b8c52d7 100644
--- a/docs/mkdocs.yml
+++ b/docs/mkdocs.yml
@@ -228,6 +228,7 @@ nav:
- 'Kubernetes CRD' : 'reference/install-configuration/providers/kubernetes/kubernetes-crd.md'
- 'Kubernetes Ingress' : 'reference/install-configuration/providers/kubernetes/kubernetes-ingress.md'
- 'Kubernetes Ingress NGINX' : 'reference/install-configuration/providers/kubernetes/kubernetes-ingress-nginx.md'
+ - 'Knative': 'reference/install-configuration/providers/kubernetes/knative.md'
- 'Docker': 'reference/install-configuration/providers/docker.md'
- 'Swarm': 'reference/install-configuration/providers/swarm.md'
- 'Hashicorp':
@@ -345,6 +346,7 @@ nav:
- 'IngressRouteUDP' : 'reference/routing-configuration/kubernetes/crd/udp/ingressrouteudp.md'
- 'Ingress' : 'reference/routing-configuration/kubernetes/ingress.md'
- 'Ingress NGINX' : 'reference/routing-configuration/kubernetes/ingress-nginx.md'
+ - 'Knative': 'reference/routing-configuration/kubernetes/knative.md'
- 'Label & Tag Providers' :
- 'Docker' : 'reference/routing-configuration/other-providers/docker.md'
- 'Swarm' : 'reference/routing-configuration/other-providers/swarm.md'
diff --git a/go.mod b/go.mod
index 2e3ed523f..e11ce8eda 100644
--- a/go.mod
+++ b/go.mod
@@ -63,7 +63,7 @@ require (
github.com/stealthrocket/wasi-go v0.8.0
github.com/stealthrocket/wazergo v0.19.1
github.com/stretchr/testify v1.11.1
- github.com/stvp/go-udp-testing v0.0.0-20191102171040-06b61409b154 // No tag on the repo.
+ github.com/stvp/go-udp-testing v0.0.0-20201019212854-469649b16807 // No tag on the repo.
github.com/tailscale/tscert v0.0.0-20230806124524-28a91b69a046 // No tag on the repo.
github.com/testcontainers/testcontainers-go v0.32.0
github.com/testcontainers/testcontainers-go/modules/k3s v0.32.0
@@ -111,6 +111,8 @@ require (
k8s.io/apimachinery v0.32.3
k8s.io/client-go v0.32.3
k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // No tag on the repo.
+ knative.dev/networking v0.0.0-20241022012959-60e29ff520dc
+ knative.dev/pkg v0.0.0-20241021183759-9b9d535af5ad
mvdan.cc/xurls/v2 v2.5.0
sigs.k8s.io/controller-runtime v0.20.4
sigs.k8s.io/gateway-api v1.3.0
@@ -171,6 +173,7 @@ require (
github.com/baidubce/bce-sdk-go v0.9.243 // indirect
github.com/benbjohnson/clock v1.3.5 // indirect
github.com/beorn7/perks v1.0.1 // indirect
+ github.com/blendle/zapdriver v1.3.1 // indirect
github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect
github.com/bytedance/sonic v1.10.0 // indirect
github.com/cenkalti/backoff/v5 v5.0.3 // indirect
@@ -191,7 +194,7 @@ require (
github.com/distribution/reference v0.6.0 // indirect
github.com/dnsimple/dnsimple-go/v4 v4.0.0 // indirect
github.com/docker/go-units v0.5.0 // indirect
- github.com/emicklei/go-restful/v3 v3.12.0 // indirect
+ github.com/emicklei/go-restful/v3 v3.12.1 // indirect
github.com/evanphx/json-patch/v5 v5.9.11 // indirect
github.com/exoscale/egoscale/v3 v3.1.26 // indirect
github.com/fatih/color v1.18.0 // indirect
@@ -225,6 +228,7 @@ require (
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
github.com/golang-jwt/jwt/v5 v5.3.0 // indirect
+ github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/google/gnostic-models v0.6.8 // indirect
github.com/google/go-cmp v0.7.0 // indirect
github.com/google/go-querystring v1.1.0 // indirect
@@ -309,6 +313,7 @@ require (
github.com/onsi/ginkgo v1.16.5 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/opencontainers/image-spec v1.1.1 // indirect
+ github.com/openzipkin/zipkin-go v0.4.3 // indirect
github.com/ovh/go-ovh v1.9.0 // indirect
github.com/pelletier/go-toml/v2 v2.2.4 // indirect
github.com/peterhellberg/link v1.2.0 // indirect
@@ -321,6 +326,7 @@ require (
github.com/quic-go/qpack v0.5.1 // indirect
github.com/regfish/regfish-dnsapi-go v0.1.1 // indirect
github.com/rs/cors v1.7.0 // indirect
+ github.com/rs/dnscache v0.0.0-20230804202142-fc85eb664529 // indirect
github.com/sacloud/api-client-go v0.3.3 // indirect
github.com/sacloud/go-http v0.1.9 // indirect
github.com/sacloud/iaas-api-go v1.17.1 // indirect
@@ -367,6 +373,7 @@ require (
go.etcd.io/etcd/client/pkg/v3 v3.5.16 // indirect
go.etcd.io/etcd/client/v3 v3.5.16 // indirect
go.mongodb.org/mongo-driver v1.13.1 // indirect
+ go.opencensus.io v0.24.0 // indirect
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
go.opentelemetry.io/collector/featuregate v1.41.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect
@@ -385,6 +392,7 @@ require (
golang.org/x/oauth2 v0.31.0 // indirect
golang.org/x/term v0.35.0 // indirect
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
+ gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
google.golang.org/api v0.249.0 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20250825161204-c5933d9347a5 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20250825161204-c5933d9347a5 // indirect
diff --git a/go.sum b/go.sum
index d8229dfaa..4fd32533a 100644
--- a/go.sum
+++ b/go.sum
@@ -37,6 +37,10 @@ cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0Zeo
cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
+contrib.go.opencensus.io/exporter/ocagent v0.7.1-0.20200907061046-05415f1de66d h1:LblfooH1lKOpp1hIhukktmSAxFkqMPFk9KR6iZ0MJNI=
+contrib.go.opencensus.io/exporter/ocagent v0.7.1-0.20200907061046-05415f1de66d/go.mod h1:IshRmMJBhDfFj5Y67nVhMYTTIze91RUeT73ipWKs/GY=
+contrib.go.opencensus.io/exporter/prometheus v0.4.2 h1:sqfsYl5GIY/L570iT+l93ehxaWJs2/OwXtiWwew3oAg=
+contrib.go.opencensus.io/exporter/prometheus v0.4.2/go.mod h1:dvEHbiKmgvbr5pjaF9fpw1KeYcjrnC1J8B+JKjsZyRQ=
dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s=
dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
@@ -248,6 +252,8 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84=
+github.com/blendle/zapdriver v1.3.1 h1:C3dydBOWYRiOk+B8X9IVZ5IOe+7cl+tGOexN4QqHfpE=
+github.com/blendle/zapdriver v1.3.1/go.mod h1:mdXfREi6u5MArG4j9fewC+FGnXaBR+T4Ox4J2u4eHCc=
github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8WK8raXaxBx6fRVTlJILwEwQGL1I/ByEI=
github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
github.com/bsm/ginkgo/v2 v2.12.0 h1:Ny8MWAHyOepLGlLKYmXG4IEkioBysk6GpaRTLC8zwWs=
@@ -267,6 +273,8 @@ github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyY
github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM=
github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g=
+github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw=
github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
@@ -363,8 +371,8 @@ github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFP
github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M=
github.com/eknkc/amber v0.0.0-20171010120322-cdade1c07385 h1:clC1lXBpe2kTj2VHdaIu9ajZQe4kcEY9j0NsnDDBZ3o=
github.com/eknkc/amber v0.0.0-20171010120322-cdade1c07385/go.mod h1:0vRUJqYpeSZifjYj7uP3BG/gKcuzL9xWVV/Y+cK33KM=
-github.com/emicklei/go-restful/v3 v3.12.0 h1:y2DdzBAURM29NFF94q6RaY4vjIH1rtwDapwQtU84iWk=
-github.com/emicklei/go-restful/v3 v3.12.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU=
+github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
@@ -372,6 +380,8 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.m
github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls=
+github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjTM0wiaDU=
github.com/evanphx/json-patch/v5 v5.9.11/go.mod h1:3j+LviiESTElxA4p3EMKAB9HXj3/XEtnUf6OZxqIQTM=
github.com/exoscale/egoscale/v3 v3.1.26 h1:bXXT0zVLbE4QFm6tmt0bg6ZPk9pQgUA3Z8SJrctQ7b0=
@@ -482,8 +492,8 @@ github.com/go-playground/validator/v10 v10.23.0/go.mod h1:dbuPbCMFw/DrkbEynArYaC
github.com/go-resty/resty/v2 v2.16.5 h1:hBKqmWrr7uRc3euHVqmh1HTHcKn99Smr7o5spptdhTM=
github.com/go-resty/resty/v2 v2.16.5/go.mod h1:hkJtXbA2iKHzJheXYvQ8snQES5ZLGKMwQ07xAwp/fiA=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I=
github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
github.com/go-viper/mapstructure/v2 v2.4.0 h1:EBsztssimR/CONLSZZ04E8qAkxNYq4Qp9LvH92wZUgs=
@@ -526,6 +536,7 @@ github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4er
github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
@@ -1024,6 +1035,8 @@ github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJw
github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M=
github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
github.com/openzipkin/zipkin-go v0.2.5/go.mod h1:KpXfKdgRDnnhsxw4pNIH9Md5lyFqKUa4YDFlwRYAMyE=
+github.com/openzipkin/zipkin-go v0.4.3 h1:9EGwpqkgnwdEIJ+Od7QVSEIH+ocmm5nPat0G7sjsSdg=
+github.com/openzipkin/zipkin-go v0.4.3/go.mod h1:M9wCJZFWCo2RiY+o1eBCEMe0Dp2S5LDHcMZmk3RmK7c=
github.com/ovh/go-ovh v1.9.0 h1:6K8VoL3BYjVV3In9tPJUdT7qMx9h0GExN9EXx1r2kKE=
github.com/ovh/go-ovh v1.9.0/go.mod h1:cTVDnl94z4tl8pP1uZ/8jlVxntjSIf09bNcQ5TJSC7c=
github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
@@ -1097,6 +1110,8 @@ github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1
github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
+github.com/prometheus/statsd_exporter v0.22.7 h1:7Pji/i2GuhK6Lu7DHrtTkFmNBCudCPT1pX2CziuyQR0=
+github.com/prometheus/statsd_exporter v0.22.7/go.mod h1:N/TevpjkIh9ccs6nuzY3jQn9dFqnUakOjnEuMPJJJnI=
github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
github.com/quic-go/qpack v0.5.1 h1:giqksBPnT/HDtZ6VhtFKgoLOWmlyo9Ei6u9PqzIMbhI=
github.com/quic-go/qpack v0.5.1/go.mod h1:+PC4XFrEskIVkcLzpEkbLqq1uCoxPhQuvK5rH1ZgaEg=
@@ -1117,6 +1132,8 @@ github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR
github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
github.com/rs/cors v1.7.0 h1:+88SsELBHx5r+hZ8TCkggzSstaWNbDvThkVK8H6f9ik=
github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
+github.com/rs/dnscache v0.0.0-20230804202142-fc85eb664529 h1:18kd+8ZUlt/ARXhljq+14TwAoKa61q6dX8jtwOf6DH8=
+github.com/rs/dnscache v0.0.0-20230804202142-fc85eb664529/go.mod h1:qe5TWALJ8/a1Lqznoc5BDHpYX/8HU60Hm2AwRmqzxqA=
github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
github.com/rs/zerolog v1.33.0 h1:1cU2KZkvPxNyfgEmhHAz/1A9Bz+llsdYzklWFzgp0r8=
github.com/rs/zerolog v1.33.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss=
@@ -1231,8 +1248,8 @@ github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXl
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
-github.com/stvp/go-udp-testing v0.0.0-20191102171040-06b61409b154 h1:XGopsea1Dw7ecQ8JscCNQXDGYAKDiWjDeXnpN/+BY9g=
-github.com/stvp/go-udp-testing v0.0.0-20191102171040-06b61409b154/go.mod h1:7jxmlfBCDBXRzr0eAQJ48XC1hBu1np4CS5+cHEYfwpc=
+github.com/stvp/go-udp-testing v0.0.0-20201019212854-469649b16807 h1:LUsDduamlucuNnWcaTbXQ6aLILFcLXADpOzeEH3U+OI=
+github.com/stvp/go-udp-testing v0.0.0-20201019212854-469649b16807/go.mod h1:7jxmlfBCDBXRzr0eAQJ48XC1hBu1np4CS5+cHEYfwpc=
github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
@@ -1357,6 +1374,8 @@ go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
+go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
+go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
go.opentelemetry.io/collector/featuregate v1.41.0 h1:CL4UMsMQj35nMJC3/jUu8VvYB4MHirbAX4B0Z/fCVLY=
@@ -1837,6 +1856,8 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 h1:+cNy6SZtPcJQH3LJVLOSmiC7MMxXNOb3PU/VUEz+EhU=
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90=
+gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
+gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
gonum.org/v1/gonum v0.0.0-20180816165407-929014505bf4/go.mod h1:Y+Yx5eoAFn32cQvJDxZx5Dpnq+c3wtXuadVZAcxbbBo=
gonum.org/v1/gonum v0.8.2/go.mod h1:oe/vMfY3deqTw+1EZJhuvEW2iwGF1bW9wwu7XCu0+v0=
gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
@@ -2005,6 +2026,10 @@ k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJ
k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4=
k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro=
k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+knative.dev/networking v0.0.0-20241022012959-60e29ff520dc h1:0d9XXRLlyuHfINZLlYqo/BYe/+chqqNBMLKJldjTbtw=
+knative.dev/networking v0.0.0-20241022012959-60e29ff520dc/go.mod h1:G56j6VCLzfaN9yZ4IqfNyN4c3U1czvhUmKeZX4UjQ8Q=
+knative.dev/pkg v0.0.0-20241021183759-9b9d535af5ad h1:Nrjtr2H168rJeamH4QdyLMV1lEKHejNhaj1ymgQMfLk=
+knative.dev/pkg v0.0.0-20241021183759-9b9d535af5ad/go.mod h1:StJI72GWcm/iErmk4RqFJiOo8RLbVqPbHxUqeVwAzeo=
mvdan.cc/xurls/v2 v2.5.0 h1:lyBNOm8Wo71UknhUs4QTFUNNMyxy2JEIaKKo0RWOh+8=
mvdan.cc/xurls/v2 v2.5.0/go.mod h1:yQgaGQ1rFtJUzkmKiHYSSfuQxqfYmd//X6PxvholpeE=
nhooyr.io/websocket v1.8.7 h1:usjR2uOr/zjjkVMy0lW+PPohFok7PCow5sDjLgX4P4g=
diff --git a/integration/fixtures/knative/00-knative-crd-v1.19.0.yml b/integration/fixtures/knative/00-knative-crd-v1.19.0.yml
new file mode 100644
index 000000000..82a700136
--- /dev/null
+++ b/integration/fixtures/knative/00-knative-crd-v1.19.0.yml
@@ -0,0 +1,6692 @@
+# Copyright 2020 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: certificates.networking.internal.knative.dev
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/component: networking
+ app.kubernetes.io/version: "1.19.0"
+ knative.dev/crd-install: "true"
+spec:
+ group: networking.internal.knative.dev
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Certificate is responsible for provisioning a SSL certificate for the
+ given hosts. It is a Knative abstraction for various SSL certificate
+ provisioning solutions (such as cert-manager or self-signed SSL certificate).
+ type: object
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: |-
+ Spec is the desired state of the Certificate.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ type: object
+ required:
+ - dnsNames
+ - secretName
+ properties:
+ dnsNames:
+ description: |-
+ DNSNames is a list of DNS names the Certificate could support.
+ The wildcard format of DNSNames (e.g. *.default.example.com) is supported.
+ type: array
+ items:
+ type: string
+ domain:
+ description: Domain is the top level domain of the values for DNSNames.
+ type: string
+ secretName:
+ description: SecretName is the name of the secret resource to store the SSL certificate in.
+ type: string
+ status:
+ description: |-
+ Status is the current state of the Certificate.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ type: object
+ properties:
+ annotations:
+ description: |-
+ Annotations is additional Status fields for the Resource to save some
+ additional State as well as convey more information to the user. This is
+ roughly akin to Annotations on any k8s resource, just the reconciler conveying
+ richer information outwards.
+ type: object
+ additionalProperties:
+ type: string
+ conditions:
+ description: Conditions the latest available observations of a resource's current state.
+ type: array
+ items:
+ description: |-
+ Condition defines a readiness condition for a Knative resource.
+ See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
+ type: object
+ required:
+ - status
+ - type
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time the condition transitioned from one status to another.
+ We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
+ differences (all other things held constant).
+ type: string
+ message:
+ description: A human readable message indicating details about the transition.
+ type: string
+ reason:
+ description: The reason for the condition's last transition.
+ type: string
+ severity:
+ description: |-
+ Severity with which to treat failures of this type of condition.
+ When this is not specified, it defaults to Error.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition.
+ type: string
+ http01Challenges:
+ description: |-
+ HTTP01Challenges is a list of HTTP01 challenges that need to be fulfilled
+ in order to get the TLS certificate..
+ type: array
+ items:
+ description: |-
+ HTTP01Challenge defines the status of a HTTP01 challenge that a certificate needs
+ to fulfill.
+ type: object
+ properties:
+ serviceName:
+ description: ServiceName is the name of the service to serve HTTP01 challenge requests.
+ type: string
+ serviceNamespace:
+ description: ServiceNamespace is the namespace of the service to serve HTTP01 challenge requests.
+ type: string
+ servicePort:
+ description: ServicePort is the port of the service to serve HTTP01 challenge requests.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ url:
+ description: URL is the URL that the HTTP01 challenge is expected to serve on.
+ type: string
+ notAfter:
+ description: |-
+ The expiration time of the TLS certificate stored in the secret named
+ by this resource in spec.secretName.
+ type: string
+ format: date-time
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the 'Generation' of the Service that
+ was last processed by the controller.
+ type: integer
+ format: int64
+ additionalPrinterColumns:
+ - name: Ready
+ type: string
+ jsonPath: ".status.conditions[?(@.type==\"Ready\")].status"
+ - name: Reason
+ type: string
+ jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason"
+ names:
+ kind: Certificate
+ plural: certificates
+ singular: certificate
+ categories:
+ - knative-internal
+ - networking
+ shortNames:
+ - kcert
+ scope: Namespaced
+
+---
+# Copyright 2019 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: configurations.serving.knative.dev
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+ knative.dev/crd-install: "true"
+ duck.knative.dev/podspecable: "true"
+spec:
+ group: serving.knative.dev
+ names:
+ kind: Configuration
+ plural: configurations
+ singular: configuration
+ categories:
+ - all
+ - knative
+ - serving
+ shortNames:
+ - config
+ - cfg
+ scope: Namespaced
+ versions:
+ - name: v1
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ additionalPrinterColumns:
+ - name: LatestCreated
+ type: string
+ jsonPath: .status.latestCreatedRevisionName
+ - name: LatestReady
+ type: string
+ jsonPath: .status.latestReadyRevisionName
+ - name: Ready
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].status"
+ - name: Reason
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Configuration represents the "floating HEAD" of a linear history of Revisions.
+ Users create new Revisions by updating the Configuration's spec.
+ The "latest created" revision's name is available under status, as is the
+ "latest ready" revision's name.
+ See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#configuration
+ type: object
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ConfigurationSpec holds the desired state of the Configuration (from the client).
+ type: object
+ properties:
+ template:
+ description: Template holds the latest specification for the Revision to be stamped out.
+ type: object
+ properties:
+ metadata:
+ type: object
+ properties:
+ annotations:
+ type: object
+ additionalProperties:
+ type: string
+ finalizers:
+ type: array
+ items:
+ type: string
+ labels:
+ type: object
+ additionalProperties:
+ type: string
+ name:
+ type: string
+ namespace:
+ type: string
+ x-kubernetes-preserve-unknown-fields: true
+ spec:
+ description: RevisionSpec holds the desired state of the Revision (from the client).
+ type: object
+ required:
+ - containers
+ properties:
+ affinity:
+ description: This is accessible behind a feature flag - kubernetes.podspec-affinity
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ automountServiceAccountToken:
+ description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.
+ type: boolean
+ containerConcurrency:
+ description: |-
+ ContainerConcurrency specifies the maximum allowed in-flight (concurrent)
+ requests per container of the Revision. Defaults to `0` which means
+ concurrency to the application is not limited, and the system decides the
+ target concurrency for the autoscaler.
+ type: integer
+ format: int64
+ containers:
+ description: |-
+ List of containers belonging to the pod.
+ Containers cannot currently be added or removed.
+ There must be at least one container in a Pod.
+ Cannot be updated.
+ type: array
+ items:
+ description: A single application container that you want to run within a pod.
+ type: object
+ properties:
+ args:
+ description: |-
+ Arguments to the entrypoint.
+ The container image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ type: array
+ items:
+ type: string
+ x-kubernetes-list-type: atomic
+ command:
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The container image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ type: array
+ items:
+ type: string
+ x-kubernetes-list-type: atomic
+ env:
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
+ type: array
+ items:
+ description: EnvVar represents an environment variable present in a Container.
+ type: object
+ required:
+ - name
+ properties:
+ name:
+ description: Name of the environment variable. Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value. Cannot be used if value is not empty.
+ type: object
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ type: object
+ required:
+ - key
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: Specify whether the ConfigMap or its key must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-fieldref
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ resourceFieldRef:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-fieldref
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's namespace
+ type: object
+ required:
+ - key
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ envFrom:
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
+ type: array
+ items:
+ description: EnvFromSource represents the source of a set of ConfigMaps or Secrets
+ type: object
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ type: object
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: Specify whether the ConfigMap must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ type: object
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ x-kubernetes-list-type: atomic
+ image:
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
+ type: string
+ imagePullPolicy:
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ type: string
+ livenessProbe:
+ description: |-
+ Periodic probe of container liveness.
+ Container will be restarted if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: object
+ properties:
+ exec:
+ description: Exec specifies a command to execute in the container.
+ type: object
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ type: array
+ items:
+ type: string
+ x-kubernetes-list-type: atomic
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ type: integer
+ format: int32
+ grpc:
+ description: GRPC specifies a GRPC HealthCheckRequest.
+ type: object
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must be in the range 1 to 65535.
+ type: integer
+ format: int32
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ default: ""
+ httpGet:
+ description: HTTPGet specifies an HTTP GET request to perform.
+ type: object
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ type: array
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ type: object
+ required:
+ - name
+ - value
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ type: integer
+ format: int32
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ type: integer
+ format: int32
+ tcpSocket:
+ description: TCPSocket specifies a connection to a TCP port.
+ type: object
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ name:
+ description: |-
+ Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: |-
+ List of ports to expose from the container. Not specifying a port here
+ DOES NOT prevent that port from being exposed. Any port which is
+ listening on the default "0.0.0.0" address inside a container will be
+ accessible from the network.
+ Modifying this array with strategic merge patch may corrupt the data.
+ For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ type: array
+ items:
+ description: ContainerPort represents a network port in a single container.
+ type: object
+ properties:
+ containerPort:
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
+ type: integer
+ format: int32
+ name:
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
+ type: string
+ protocol:
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ default: TCP
+ readinessProbe:
+ description: |-
+ Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: object
+ properties:
+ exec:
+ description: Exec specifies a command to execute in the container.
+ type: object
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ type: array
+ items:
+ type: string
+ x-kubernetes-list-type: atomic
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ type: integer
+ format: int32
+ grpc:
+ description: GRPC specifies a GRPC HealthCheckRequest.
+ type: object
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must be in the range 1 to 65535.
+ type: integer
+ format: int32
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ default: ""
+ httpGet:
+ description: HTTPGet specifies an HTTP GET request to perform.
+ type: object
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ type: array
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ type: object
+ required:
+ - name
+ - value
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ type: integer
+ format: int32
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ type: integer
+ format: int32
+ tcpSocket:
+ description: TCPSocket specifies a connection to a TCP port.
+ type: object
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ resources:
+ description: |-
+ Compute Resources required by this container.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ properties:
+ limits:
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ additionalProperties:
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ requests:
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ additionalProperties:
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ securityContext:
+ description: |-
+ SecurityContext defines the security options the container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ type: object
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: object
+ properties:
+ add:
+ description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities
+ type: array
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ x-kubernetes-list-type: atomic
+ drop:
+ description: Removed capabilities
+ type: array
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ x-kubernetes-list-type: atomic
+ privileged:
+ description: |-
+ Run container in privileged mode. This can only be set to explicitly to 'false'
+ type: boolean
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: integer
+ format: int64
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: integer
+ format: int64
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: object
+ required:
+ - type
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ startupProbe:
+ description: |-
+ StartupProbe indicates that the Pod has successfully initialized.
+ If specified, no other probes are executed until this completes successfully.
+ If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+ when it might take a long time to load data or warm a cache, than during steady-state operation.
+ This cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: object
+ properties:
+ exec:
+ description: Exec specifies a command to execute in the container.
+ type: object
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ type: array
+ items:
+ type: string
+ x-kubernetes-list-type: atomic
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ type: integer
+ format: int32
+ grpc:
+ description: GRPC specifies a GRPC HealthCheckRequest.
+ type: object
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must be in the range 1 to 65535.
+ type: integer
+ format: int32
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ default: ""
+ httpGet:
+ description: HTTPGet specifies an HTTP GET request to perform.
+ type: object
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ type: array
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ type: object
+ required:
+ - name
+ - value
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ type: integer
+ format: int32
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ type: integer
+ format: int32
+ tcpSocket:
+ description: TCPSocket specifies a connection to a TCP port.
+ type: object
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ terminationMessagePath:
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
+ type: string
+ terminationMessagePolicy:
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
+ type: string
+ volumeMounts:
+ description: |-
+ Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ type: array
+ items:
+ description: VolumeMount describes a mounting of a Volume within a container.
+ type: object
+ required:
+ - mountPath
+ - name
+ properties:
+ mountPath:
+ description: |-
+ Path within the container at which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-volumes-mount-propagation
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
+ type: boolean
+ subPath:
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ x-kubernetes-list-map-keys:
+ - mountPath
+ x-kubernetes-list-type: map
+ workingDir:
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
+ type: string
+ dnsConfig:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-dnsconfig
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ dnsPolicy:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-dnspolicy
+ type: string
+ enableServiceLinks:
+ description: |-
+ EnableServiceLinks indicates whether information aboutservices should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.
+ type: boolean
+ hostAliases:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-hostaliases
+ type: array
+ items:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-hostaliases
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ hostIPC:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-hostipc
+ type: boolean
+ hostNetwork:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-hostnetwork
+ type: boolean
+ hostPID:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-hostpid
+ type: boolean
+ idleTimeoutSeconds:
+ description: |-
+ IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed
+ to stay open while not receiving any bytes from the user's application. If
+ unspecified, a system default will be provided.
+ type: integer
+ format: int64
+ imagePullSecrets:
+ description: |-
+ ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
+ If specified, these secrets will be passed to individual puller implementations for them to use.
+ More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
+ type: array
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ type: object
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ x-kubernetes-map-type: atomic
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ initContainers:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-init-containers
+ type: array
+ items:
+ description: This is accessible behind a feature flag - kubernetes.podspec-init-containers
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ nodeSelector:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-nodeselector
+ type: object
+ additionalProperties:
+ type: string
+ x-kubernetes-map-type: atomic
+ priorityClassName:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-priorityclassname
+ type: string
+ responseStartTimeoutSeconds:
+ description: |-
+ ResponseStartTimeoutSeconds is the maximum duration in seconds that the request
+ routing layer will wait for a request delivered to a container to begin
+ sending any network traffic.
+ type: integer
+ format: int64
+ runtimeClassName:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname
+ type: string
+ schedulerName:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-schedulername
+ type: string
+ securityContext:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-securitycontext
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ serviceAccountName:
+ description: |-
+ ServiceAccountName is the name of the ServiceAccount to use to run this pod.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+ type: string
+ shareProcessNamespace:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-shareprocessnamespace
+ type: boolean
+ timeoutSeconds:
+ description: |-
+ TimeoutSeconds is the maximum duration in seconds that the request instance
+ is allowed to respond to a request. If unspecified, a system default will
+ be provided.
+ type: integer
+ format: int64
+ tolerations:
+ description: This is accessible behind a feature flag - kubernetes.podspec-tolerations
+ type: array
+ items:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-tolerations
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ topologySpreadConstraints:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints
+ type: array
+ items:
+ description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ volumes:
+ description: |-
+ List of volumes that can be mounted by containers belonging to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes
+ type: array
+ items:
+ description: Volume represents a named volume in a pod that may be accessed by any container in the pod.
+ type: object
+ required:
+ - name
+ properties:
+ configMap:
+ description: configMap represents a configMap that should populate this volume
+ type: object
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode is optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ type: array
+ items:
+ description: Maps a string key to a path within a volume.
+ type: object
+ required:
+ - key
+ - path
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ x-kubernetes-list-type: atomic
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: optional specify whether the ConfigMap or its keys must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ csi:
+ description: This is accessible behind a feature flag - kubernetes.podspec-volumes-csi
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ emptyDir:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-volumes-emptydir
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ hostPath:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-volumes-hostpath
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ image:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-volumes-image
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ name:
+ description: |-
+ name of the volume.
+ Must be a DNS_LABEL and unique within the pod.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ persistentVolumeClaim:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ projected:
+ description: projected items for all in one resources secrets, configmaps, and downward API
+ type: object
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode are the mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ sources:
+ description: |-
+ sources is the list of volume projections. Each entry in this list
+ handles one source.
+ type: array
+ items:
+ description: |-
+ Projection that may be projected along with other supported volume types.
+ Exactly one of these fields must be set.
+ type: object
+ properties:
+ configMap:
+ description: configMap information about the configMap data to project
+ type: object
+ properties:
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ type: array
+ items:
+ description: Maps a string key to a path within a volume.
+ type: object
+ required:
+ - key
+ - path
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ x-kubernetes-list-type: atomic
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: optional specify whether the ConfigMap or its keys must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ downwardAPI:
+ description: downwardAPI information about the downwardAPI data to project
+ type: object
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume file
+ type: array
+ items:
+ description: DownwardAPIVolumeFile represents information to create the file containing the pod field
+ type: object
+ required:
+ - path
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.'
+ type: object
+ required:
+ - fieldPath
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the specified API version.
+ type: string
+ x-kubernetes-map-type: atomic
+ mode:
+ description: |-
+ Optional: mode bits used to set permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ path:
+ description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ type: object
+ required:
+ - resource
+ properties:
+ containerName:
+ description: 'Container name: required for volumes, optional for env vars'
+ type: string
+ divisor:
+ description: Specifies the output format of the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ x-kubernetes-map-type: atomic
+ x-kubernetes-list-type: atomic
+ secret:
+ description: secret information about the secret data to project
+ type: object
+ properties:
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ type: array
+ items:
+ description: Maps a string key to a path within a volume.
+ type: object
+ required:
+ - key
+ - path
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ x-kubernetes-list-type: atomic
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: optional field specify whether the Secret or its key must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ serviceAccountToken:
+ description: serviceAccountToken is information about the serviceAccountToken data to project
+ type: object
+ required:
+ - path
+ properties:
+ audience:
+ description: |-
+ audience is the intended audience of the token. A recipient of a token
+ must identify itself with an identifier specified in the audience of the
+ token, and otherwise should reject the token. The audience defaults to the
+ identifier of the apiserver.
+ type: string
+ expirationSeconds:
+ description: |-
+ expirationSeconds is the requested duration of validity of the service
+ account token. As the token approaches expiration, the kubelet volume
+ plugin will proactively rotate the service account token. The kubelet will
+ start trying to rotate the token if the token is older than 80 percent of
+ its time to live or if the token is older than 24 hours.Defaults to 1 hour
+ and must be at least 10 minutes.
+ type: integer
+ format: int64
+ path:
+ description: |-
+ path is the path relative to the mount point of the file to project the
+ token into.
+ type: string
+ x-kubernetes-list-type: atomic
+ secret:
+ description: |-
+ secret represents a secret that should populate this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ type: object
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode is Optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values
+ for mode bits. Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ items:
+ description: |-
+ items If unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ type: array
+ items:
+ description: Maps a string key to a path within a volume.
+ type: object
+ required:
+ - key
+ - path
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ x-kubernetes-list-type: atomic
+ optional:
+ description: optional field specify whether the Secret or its keys must be defined
+ type: boolean
+ secretName:
+ description: |-
+ secretName is the name of the secret in the pod's namespace to use.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ type: string
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ status:
+ description: ConfigurationStatus communicates the observed state of the Configuration (from the controller).
+ type: object
+ properties:
+ annotations:
+ description: |-
+ Annotations is additional Status fields for the Resource to save some
+ additional State as well as convey more information to the user. This is
+ roughly akin to Annotations on any k8s resource, just the reconciler conveying
+ richer information outwards.
+ type: object
+ additionalProperties:
+ type: string
+ conditions:
+ description: Conditions the latest available observations of a resource's current state.
+ type: array
+ items:
+ description: |-
+ Condition defines a readiness condition for a Knative resource.
+ See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
+ type: object
+ required:
+ - status
+ - type
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time the condition transitioned from one status to another.
+ We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
+ differences (all other things held constant).
+ type: string
+ message:
+ description: A human readable message indicating details about the transition.
+ type: string
+ reason:
+ description: The reason for the condition's last transition.
+ type: string
+ severity:
+ description: |-
+ Severity with which to treat failures of this type of condition.
+ When this is not specified, it defaults to Error.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition.
+ type: string
+ latestCreatedRevisionName:
+ description: |-
+ LatestCreatedRevisionName is the last revision that was created from this
+ Configuration. It might not be ready yet, for that use LatestReadyRevisionName.
+ type: string
+ latestReadyRevisionName:
+ description: |-
+ LatestReadyRevisionName holds the name of the latest Revision stamped out
+ from this Configuration that has had its "Ready" condition become "True".
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the 'Generation' of the Service that
+ was last processed by the controller.
+ type: integer
+ format: int64
+
+---
+# Copyright 2020 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: clusterdomainclaims.networking.internal.knative.dev
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/component: networking
+ app.kubernetes.io/version: "1.19.0"
+ knative.dev/crd-install: "true"
+spec:
+ group: networking.internal.knative.dev
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ schema:
+ openAPIV3Schema:
+ description: ClusterDomainClaim is a cluster-wide reservation for a particular domain name.
+ type: object
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: |-
+ Spec is the desired state of the ClusterDomainClaim.
+ More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ type: object
+ required:
+ - namespace
+ properties:
+ namespace:
+ description: |-
+ Namespace is the namespace which is allowed to create a DomainMapping
+ using this ClusterDomainClaim's name.
+ type: string
+ names:
+ kind: ClusterDomainClaim
+ plural: clusterdomainclaims
+ singular: clusterdomainclaim
+ categories:
+ - knative-internal
+ - networking
+ shortNames:
+ - cdc
+ scope: Cluster
+
+---
+# Copyright 2020 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: domainmappings.serving.knative.dev
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+ knative.dev/crd-install: "true"
+spec:
+ group: serving.knative.dev
+ versions:
+ - name: v1beta1
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ additionalPrinterColumns:
+ - name: URL
+ type: string
+ jsonPath: .status.url
+ - name: Ready
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].status"
+ - name: Reason
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
+ "schema":
+ "openAPIV3Schema":
+ description: DomainMapping is a mapping from a custom hostname to an Addressable.
+ type: object
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: |-
+ Spec is the desired state of the DomainMapping.
+ More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ type: object
+ required:
+ - ref
+ properties:
+ ref:
+ description: |-
+ Ref specifies the target of the Domain Mapping.
+
+ The object identified by the Ref must be an Addressable with a URL of the
+ form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain,
+ and `{name}` and `{namespace}` are the name and namespace of a Kubernetes
+ Service.
+
+ This contract is satisfied by Knative types such as Knative Services and
+ Knative Routes, and by Kubernetes Services.
+ type: object
+ required:
+ - kind
+ - name
+ properties:
+ address:
+ description: Address points to a specific Address Name.
+ type: string
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ group:
+ description: |-
+ Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup.
+ Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ This is optional field, it gets defaulted to the object holding it if left out.
+ type: string
+ tls:
+ description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret.
+ type: object
+ required:
+ - secretName
+ properties:
+ secretName:
+ description: SecretName is the name of the existing secret used to terminate TLS traffic.
+ type: string
+ status:
+ description: |-
+ Status is the current state of the DomainMapping.
+ More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ type: object
+ properties:
+ address:
+ description: Address holds the information needed for a DomainMapping to be the target of an event.
+ type: object
+ properties:
+ CACerts:
+ description: |-
+ CACerts is the Certification Authority (CA) certificates in PEM format
+ according to https://www.rfc-editor.org/rfc/rfc7468.
+ type: string
+ audience:
+ description: Audience is the OIDC audience for this address.
+ type: string
+ name:
+ description: Name is the name of the address.
+ type: string
+ url:
+ type: string
+ annotations:
+ description: |-
+ Annotations is additional Status fields for the Resource to save some
+ additional State as well as convey more information to the user. This is
+ roughly akin to Annotations on any k8s resource, just the reconciler conveying
+ richer information outwards.
+ type: object
+ additionalProperties:
+ type: string
+ conditions:
+ description: Conditions the latest available observations of a resource's current state.
+ type: array
+ items:
+ description: |-
+ Condition defines a readiness condition for a Knative resource.
+ See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
+ type: object
+ required:
+ - status
+ - type
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time the condition transitioned from one status to another.
+ We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
+ differences (all other things held constant).
+ type: string
+ message:
+ description: A human readable message indicating details about the transition.
+ type: string
+ reason:
+ description: The reason for the condition's last transition.
+ type: string
+ severity:
+ description: |-
+ Severity with which to treat failures of this type of condition.
+ When this is not specified, it defaults to Error.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the 'Generation' of the Service that
+ was last processed by the controller.
+ type: integer
+ format: int64
+ url:
+ description: URL is the URL of this DomainMapping.
+ type: string
+ names:
+ kind: DomainMapping
+ plural: domainmappings
+ singular: domainmapping
+ categories:
+ - all
+ - knative
+ - serving
+ shortNames:
+ - dm
+ scope: Namespaced
+
+---
+# Copyright 2020 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: ingresses.networking.internal.knative.dev
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/component: networking
+ app.kubernetes.io/version: "1.19.0"
+ knative.dev/crd-install: "true"
+spec:
+ group: networking.internal.knative.dev
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Ingress is a collection of rules that allow inbound connections to reach the endpoints defined
+ by a backend. An Ingress can be configured to give services externally-reachable URLs, load
+ balance traffic, offer name based virtual hosting, etc.
+
+ This is heavily based on K8s Ingress https://godoc.org/k8s.io/api/networking/v1beta1#Ingress
+ which some highlighted modifications.
+ type: object
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: |-
+ Spec is the desired state of the Ingress.
+ More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ type: object
+ properties:
+ httpOption:
+ description: |-
+ HTTPOption is the option of HTTP. It has the following two values:
+ `HTTPOptionEnabled`, `HTTPOptionRedirected`
+ type: string
+ rules:
+ description: A list of host rules used to configure the Ingress.
+ type: array
+ items:
+ description: |-
+ IngressRule represents the rules mapping the paths under a specified host to
+ the related backend services. Incoming requests are first evaluated for a host
+ match, then routed to the backend associated with the matching IngressRuleValue.
+ type: object
+ properties:
+ hosts:
+ description: |-
+ Host is the fully qualified domain name of a network host, as defined
+ by RFC 3986. Note the following deviations from the "host" part of the
+ URI as defined in the RFC:
+ 1. IPs are not allowed. Currently a rule value can only apply to the
+ IP in the Spec of the parent .
+ 2. The `:` delimiter is not respected because ports are not allowed.
+ Currently the port of an Ingress is implicitly :80 for http and
+ :443 for https.
+ Both these may change in the future.
+ If the host is unspecified, the Ingress routes all traffic based on the
+ specified IngressRuleValue.
+ If multiple matching Hosts were provided, the first rule will take precedent.
+ type: array
+ items:
+ type: string
+ http:
+ description: |-
+ HTTP represents a rule to apply against incoming requests. If the
+ rule is satisfied, the request is routed to the specified backend.
+ type: object
+ required:
+ - paths
+ properties:
+ paths:
+ description: |-
+ A collection of paths that map requests to backends.
+
+ If they are multiple matching paths, the first match takes precedence.
+ type: array
+ items:
+ description: |-
+ HTTPIngressPath associates a path regex with a backend. Incoming URLs matching
+ the path are forwarded to the backend.
+ type: object
+ required:
+ - splits
+ properties:
+ appendHeaders:
+ description: |-
+ AppendHeaders allow specifying additional HTTP headers to add
+ before forwarding a request to the destination service.
+
+ NOTE: This differs from K8s Ingress which doesn't allow header appending.
+ type: object
+ additionalProperties:
+ type: string
+ headers:
+ description: |-
+ Headers defines header matching rules which is a map from a header name
+ to HeaderMatch which specify a matching condition.
+ When a request matched with all the header matching rules,
+ the request is routed by the corresponding ingress rule.
+ If it is empty, the headers are not used for matching
+ type: object
+ additionalProperties:
+ description: |-
+ HeaderMatch represents a matching value of Headers in HTTPIngressPath.
+ Currently, only the exact matching is supported.
+ type: object
+ required:
+ - exact
+ properties:
+ exact:
+ type: string
+ path:
+ description: |-
+ Path represents a literal prefix to which this rule should apply.
+ Currently it can contain characters disallowed from the conventional
+ "path" part of a URL as defined by RFC 3986. Paths must begin with
+ a '/'. If unspecified, the path defaults to a catch all sending
+ traffic to the backend.
+ type: string
+ rewriteHost:
+ description: |-
+ RewriteHost rewrites the incoming request's host header.
+
+ This field is currently experimental and not supported by all Ingress
+ implementations.
+ type: string
+ splits:
+ description: |-
+ Splits defines the referenced service endpoints to which the traffic
+ will be forwarded to.
+ type: array
+ items:
+ description: IngressBackendSplit describes all endpoints for a given service and port.
+ type: object
+ required:
+ - serviceName
+ - serviceNamespace
+ - servicePort
+ properties:
+ appendHeaders:
+ description: |-
+ AppendHeaders allow specifying additional HTTP headers to add
+ before forwarding a request to the destination service.
+
+ NOTE: This differs from K8s Ingress which doesn't allow header appending.
+ type: object
+ additionalProperties:
+ type: string
+ percent:
+ description: |-
+ Specifies the split percentage, a number between 0 and 100. If
+ only one split is specified, we default to 100.
+
+ NOTE: This differs from K8s Ingress to allow percentage split.
+ type: integer
+ serviceName:
+ description: Specifies the name of the referenced service.
+ type: string
+ serviceNamespace:
+ description: |-
+ Specifies the namespace of the referenced service.
+
+ NOTE: This differs from K8s Ingress to allow routing to different namespaces.
+ type: string
+ servicePort:
+ description: Specifies the port of the referenced service.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ visibility:
+ description: |-
+ Visibility signifies whether this rule should `ClusterLocal`. If it's not
+ specified then it defaults to `ExternalIP`.
+ type: string
+ tls:
+ description: |-
+ TLS configuration. Currently Ingress only supports a single TLS
+ port: 443. If multiple members of this list specify different hosts, they
+ will be multiplexed on the same port according to the hostname specified
+ through the SNI TLS extension, if the ingress controller fulfilling the
+ ingress supports SNI.
+ type: array
+ items:
+ description: IngressTLS describes the transport layer security associated with an Ingress.
+ type: object
+ properties:
+ hosts:
+ description: |-
+ Hosts is a list of hosts included in the TLS certificate. The values in
+ this list must match the name/s used in the tlsSecret. Defaults to the
+ wildcard host setting for the loadbalancer controller fulfilling this
+ Ingress, if left unspecified.
+ type: array
+ items:
+ type: string
+ secretName:
+ description: SecretName is the name of the secret used to terminate SSL traffic.
+ type: string
+ secretNamespace:
+ description: |-
+ SecretNamespace is the namespace of the secret used to terminate SSL traffic.
+ If not set the namespace should be assumed to be the same as the Ingress.
+ If set the secret should have the same namespace as the Ingress otherwise
+ the behaviour is undefined and not supported.
+ type: string
+ status:
+ description: |-
+ Status is the current state of the Ingress.
+ More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ type: object
+ properties:
+ annotations:
+ description: |-
+ Annotations is additional Status fields for the Resource to save some
+ additional State as well as convey more information to the user. This is
+ roughly akin to Annotations on any k8s resource, just the reconciler conveying
+ richer information outwards.
+ type: object
+ additionalProperties:
+ type: string
+ conditions:
+ description: Conditions the latest available observations of a resource's current state.
+ type: array
+ items:
+ description: |-
+ Condition defines a readiness condition for a Knative resource.
+ See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
+ type: object
+ required:
+ - status
+ - type
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time the condition transitioned from one status to another.
+ We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
+ differences (all other things held constant).
+ type: string
+ message:
+ description: A human readable message indicating details about the transition.
+ type: string
+ reason:
+ description: The reason for the condition's last transition.
+ type: string
+ severity:
+ description: |-
+ Severity with which to treat failures of this type of condition.
+ When this is not specified, it defaults to Error.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the 'Generation' of the Service that
+ was last processed by the controller.
+ type: integer
+ format: int64
+ privateLoadBalancer:
+ description: PrivateLoadBalancer contains the current status of the load-balancer.
+ type: object
+ properties:
+ ingress:
+ description: |-
+ Ingress is a list containing ingress points for the load-balancer.
+ Traffic intended for the service should be sent to these ingress points.
+ type: array
+ items:
+ description: |-
+ LoadBalancerIngressStatus represents the status of a load-balancer ingress point:
+ traffic intended for the service should be sent to an ingress point.
+ type: object
+ properties:
+ domain:
+ description: |-
+ Domain is set for load-balancer ingress points that are DNS based
+ (typically AWS load-balancers)
+ type: string
+ domainInternal:
+ description: |-
+ DomainInternal is set if there is a cluster-local DNS name to access the Ingress.
+
+ NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local
+ DNS name to allow routing in case of not having a mesh.
+ type: string
+ ip:
+ description: |-
+ IP is set for load-balancer ingress points that are IP based
+ (typically GCE or OpenStack load-balancers)
+ type: string
+ meshOnly:
+ description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh.
+ type: boolean
+ publicLoadBalancer:
+ description: PublicLoadBalancer contains the current status of the load-balancer.
+ type: object
+ properties:
+ ingress:
+ description: |-
+ Ingress is a list containing ingress points for the load-balancer.
+ Traffic intended for the service should be sent to these ingress points.
+ type: array
+ items:
+ description: |-
+ LoadBalancerIngressStatus represents the status of a load-balancer ingress point:
+ traffic intended for the service should be sent to an ingress point.
+ type: object
+ properties:
+ domain:
+ description: |-
+ Domain is set for load-balancer ingress points that are DNS based
+ (typically AWS load-balancers)
+ type: string
+ domainInternal:
+ description: |-
+ DomainInternal is set if there is a cluster-local DNS name to access the Ingress.
+
+ NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local
+ DNS name to allow routing in case of not having a mesh.
+ type: string
+ ip:
+ description: |-
+ IP is set for load-balancer ingress points that are IP based
+ (typically GCE or OpenStack load-balancers)
+ type: string
+ meshOnly:
+ description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh.
+ type: boolean
+ additionalPrinterColumns:
+ - name: Ready
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].status"
+ - name: Reason
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
+ names:
+ kind: Ingress
+ plural: ingresses
+ singular: ingress
+ categories:
+ - knative-internal
+ - networking
+ shortNames:
+ - kingress
+ - king
+ scope: Namespaced
+
+---
+# Copyright 2019 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: metrics.autoscaling.internal.knative.dev
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+ knative.dev/crd-install: "true"
+spec:
+ group: autoscaling.internal.knative.dev
+ names:
+ kind: Metric
+ plural: metrics
+ singular: metric
+ categories:
+ - knative-internal
+ - autoscaling
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ additionalPrinterColumns:
+ - name: Ready
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].status"
+ - name: Reason
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
+ schema:
+ openAPIV3Schema:
+ description: Metric represents a resource to configure the metric collector with.
+ type: object
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec holds the desired state of the Metric (from the client).
+ type: object
+ required:
+ - panicWindow
+ - scrapeTarget
+ - stableWindow
+ properties:
+ panicWindow:
+ description: PanicWindow is the aggregation window for metrics where quick reactions are needed.
+ type: integer
+ format: int64
+ scrapeTarget:
+ description: ScrapeTarget is the K8s service that publishes the metric endpoint.
+ type: string
+ stableWindow:
+ description: StableWindow is the aggregation window for metrics in a stable state.
+ type: integer
+ format: int64
+ status:
+ description: Status communicates the observed state of the Metric (from the controller).
+ type: object
+ properties:
+ annotations:
+ description: |-
+ Annotations is additional Status fields for the Resource to save some
+ additional State as well as convey more information to the user. This is
+ roughly akin to Annotations on any k8s resource, just the reconciler conveying
+ richer information outwards.
+ type: object
+ additionalProperties:
+ type: string
+ conditions:
+ description: Conditions the latest available observations of a resource's current state.
+ type: array
+ items:
+ description: |-
+ Condition defines a readiness condition for a Knative resource.
+ See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
+ type: object
+ required:
+ - status
+ - type
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time the condition transitioned from one status to another.
+ We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
+ differences (all other things held constant).
+ type: string
+ message:
+ description: A human readable message indicating details about the transition.
+ type: string
+ reason:
+ description: The reason for the condition's last transition.
+ type: string
+ severity:
+ description: |-
+ Severity with which to treat failures of this type of condition.
+ When this is not specified, it defaults to Error.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the 'Generation' of the Service that
+ was last processed by the controller.
+ type: integer
+ format: int64
+
+---
+# Copyright 2018 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: podautoscalers.autoscaling.internal.knative.dev
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+ knative.dev/crd-install: "true"
+spec:
+ group: autoscaling.internal.knative.dev
+ names:
+ kind: PodAutoscaler
+ plural: podautoscalers
+ singular: podautoscaler
+ categories:
+ - knative-internal
+ - autoscaling
+ shortNames:
+ - kpa
+ - pa
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ additionalPrinterColumns:
+ - name: DesiredScale
+ type: integer
+ jsonPath: ".status.desiredScale"
+ - name: ActualScale
+ type: integer
+ jsonPath: ".status.actualScale"
+ - name: Ready
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].status"
+ - name: Reason
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
+ schema:
+ openAPIV3Schema:
+ description: |-
+ PodAutoscaler is a Knative abstraction that encapsulates the interface by which Knative
+ components instantiate autoscalers. This definition is an abstraction that may be backed
+ by multiple definitions. For more information, see the Knative Pluggability presentation:
+ https://docs.google.com/presentation/d/19vW9HFZ6Puxt31biNZF3uLRejDmu82rxJIk1cWmxF7w/edit
+ type: object
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec holds the desired state of the PodAutoscaler (from the client).
+ type: object
+ required:
+ - protocolType
+ - scaleTargetRef
+ properties:
+ containerConcurrency:
+ description: |-
+ ContainerConcurrency specifies the maximum allowed
+ in-flight (concurrent) requests per container of the Revision.
+ Defaults to `0` which means unlimited concurrency.
+ type: integer
+ format: int64
+ protocolType:
+ description: The application-layer protocol. Matches `ProtocolType` inferred from the revision spec.
+ type: string
+ reachability:
+ description: |-
+ Reachability specifies whether or not the `ScaleTargetRef` can be reached (ie. has a route).
+ Defaults to `ReachabilityUnknown`
+ type: string
+ scaleTargetRef:
+ description: |-
+ ScaleTargetRef defines the /scale-able resource that this PodAutoscaler
+ is responsible for quickly right-sizing.
+ type: object
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ x-kubernetes-map-type: atomic
+ status:
+ description: Status communicates the observed state of the PodAutoscaler (from the controller).
+ type: object
+ required:
+ - metricsServiceName
+ - serviceName
+ properties:
+ actualScale:
+ description: ActualScale shows the actual number of replicas for the revision.
+ type: integer
+ format: int32
+ annotations:
+ description: |-
+ Annotations is additional Status fields for the Resource to save some
+ additional State as well as convey more information to the user. This is
+ roughly akin to Annotations on any k8s resource, just the reconciler conveying
+ richer information outwards.
+ type: object
+ additionalProperties:
+ type: string
+ conditions:
+ description: Conditions the latest available observations of a resource's current state.
+ type: array
+ items:
+ description: |-
+ Condition defines a readiness condition for a Knative resource.
+ See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
+ type: object
+ required:
+ - status
+ - type
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time the condition transitioned from one status to another.
+ We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
+ differences (all other things held constant).
+ type: string
+ message:
+ description: A human readable message indicating details about the transition.
+ type: string
+ reason:
+ description: The reason for the condition's last transition.
+ type: string
+ severity:
+ description: |-
+ Severity with which to treat failures of this type of condition.
+ When this is not specified, it defaults to Error.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition.
+ type: string
+ desiredScale:
+ description: DesiredScale shows the current desired number of replicas for the revision.
+ type: integer
+ format: int32
+ metricsServiceName:
+ description: |-
+ MetricsServiceName is the K8s Service name that provides revision metrics.
+ The service is managed by the PA object.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the 'Generation' of the Service that
+ was last processed by the controller.
+ type: integer
+ format: int64
+ serviceName:
+ description: |-
+ ServiceName is the K8s Service name that serves the revision, scaled by this PA.
+ The service is created and owned by the ServerlessService object owned by this PA.
+ type: string
+
+---
+# Copyright 2019 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: revisions.serving.knative.dev
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+ knative.dev/crd-install: "true"
+spec:
+ group: serving.knative.dev
+ names:
+ kind: Revision
+ plural: revisions
+ singular: revision
+ categories:
+ - all
+ - knative
+ - serving
+ shortNames:
+ - rev
+ scope: Namespaced
+ versions:
+ - name: v1
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ additionalPrinterColumns:
+ - name: Config Name
+ type: string
+ jsonPath: ".metadata.labels['serving\\.knative\\.dev/configuration']"
+ - name: Generation
+ type: string # int in string form :(
+ jsonPath: ".metadata.labels['serving\\.knative\\.dev/configurationGeneration']"
+ - name: Ready
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].status"
+ - name: Reason
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
+ - name: Actual Replicas
+ type: integer
+ jsonPath: ".status.actualReplicas"
+ - name: Desired Replicas
+ type: integer
+ jsonPath: ".status.desiredReplicas"
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Revision is an immutable snapshot of code and configuration. A revision
+ references a container image. Revisions are created by updates to a
+ Configuration.
+
+ See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#revision
+ type: object
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: RevisionSpec holds the desired state of the Revision (from the client).
+ type: object
+ required:
+ - containers
+ properties:
+ affinity:
+ description: This is accessible behind a feature flag - kubernetes.podspec-affinity
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ automountServiceAccountToken:
+ description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.
+ type: boolean
+ containerConcurrency:
+ description: |-
+ ContainerConcurrency specifies the maximum allowed in-flight (concurrent)
+ requests per container of the Revision. Defaults to `0` which means
+ concurrency to the application is not limited, and the system decides the
+ target concurrency for the autoscaler.
+ type: integer
+ format: int64
+ containers:
+ description: |-
+ List of containers belonging to the pod.
+ Containers cannot currently be added or removed.
+ There must be at least one container in a Pod.
+ Cannot be updated.
+ type: array
+ items:
+ description: A single application container that you want to run within a pod.
+ type: object
+ properties:
+ args:
+ description: |-
+ Arguments to the entrypoint.
+ The container image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ type: array
+ items:
+ type: string
+ x-kubernetes-list-type: atomic
+ command:
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The container image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ type: array
+ items:
+ type: string
+ x-kubernetes-list-type: atomic
+ env:
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
+ type: array
+ items:
+ description: EnvVar represents an environment variable present in a Container.
+ type: object
+ required:
+ - name
+ properties:
+ name:
+ description: Name of the environment variable. Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value. Cannot be used if value is not empty.
+ type: object
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ type: object
+ required:
+ - key
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: Specify whether the ConfigMap or its key must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-fieldref
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ resourceFieldRef:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-fieldref
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's namespace
+ type: object
+ required:
+ - key
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ envFrom:
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
+ type: array
+ items:
+ description: EnvFromSource represents the source of a set of ConfigMaps or Secrets
+ type: object
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ type: object
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: Specify whether the ConfigMap must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ type: object
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ x-kubernetes-list-type: atomic
+ image:
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
+ type: string
+ imagePullPolicy:
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ type: string
+ livenessProbe:
+ description: |-
+ Periodic probe of container liveness.
+ Container will be restarted if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: object
+ properties:
+ exec:
+ description: Exec specifies a command to execute in the container.
+ type: object
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ type: array
+ items:
+ type: string
+ x-kubernetes-list-type: atomic
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ type: integer
+ format: int32
+ grpc:
+ description: GRPC specifies a GRPC HealthCheckRequest.
+ type: object
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must be in the range 1 to 65535.
+ type: integer
+ format: int32
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ default: ""
+ httpGet:
+ description: HTTPGet specifies an HTTP GET request to perform.
+ type: object
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ type: array
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ type: object
+ required:
+ - name
+ - value
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ type: integer
+ format: int32
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ type: integer
+ format: int32
+ tcpSocket:
+ description: TCPSocket specifies a connection to a TCP port.
+ type: object
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ name:
+ description: |-
+ Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: |-
+ List of ports to expose from the container. Not specifying a port here
+ DOES NOT prevent that port from being exposed. Any port which is
+ listening on the default "0.0.0.0" address inside a container will be
+ accessible from the network.
+ Modifying this array with strategic merge patch may corrupt the data.
+ For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ type: array
+ items:
+ description: ContainerPort represents a network port in a single container.
+ type: object
+ properties:
+ containerPort:
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
+ type: integer
+ format: int32
+ name:
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
+ type: string
+ protocol:
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ default: TCP
+ readinessProbe:
+ description: |-
+ Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: object
+ properties:
+ exec:
+ description: Exec specifies a command to execute in the container.
+ type: object
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ type: array
+ items:
+ type: string
+ x-kubernetes-list-type: atomic
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ type: integer
+ format: int32
+ grpc:
+ description: GRPC specifies a GRPC HealthCheckRequest.
+ type: object
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must be in the range 1 to 65535.
+ type: integer
+ format: int32
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ default: ""
+ httpGet:
+ description: HTTPGet specifies an HTTP GET request to perform.
+ type: object
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ type: array
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ type: object
+ required:
+ - name
+ - value
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ type: integer
+ format: int32
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ type: integer
+ format: int32
+ tcpSocket:
+ description: TCPSocket specifies a connection to a TCP port.
+ type: object
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ resources:
+ description: |-
+ Compute Resources required by this container.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ properties:
+ limits:
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ additionalProperties:
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ requests:
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ additionalProperties:
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ securityContext:
+ description: |-
+ SecurityContext defines the security options the container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ type: object
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: object
+ properties:
+ add:
+ description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities
+ type: array
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ x-kubernetes-list-type: atomic
+ drop:
+ description: Removed capabilities
+ type: array
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ x-kubernetes-list-type: atomic
+ privileged:
+ description: |-
+ Run container in privileged mode. This can only be set to explicitly to 'false'
+ type: boolean
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: integer
+ format: int64
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: integer
+ format: int64
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: object
+ required:
+ - type
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ startupProbe:
+ description: |-
+ StartupProbe indicates that the Pod has successfully initialized.
+ If specified, no other probes are executed until this completes successfully.
+ If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+ when it might take a long time to load data or warm a cache, than during steady-state operation.
+ This cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: object
+ properties:
+ exec:
+ description: Exec specifies a command to execute in the container.
+ type: object
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ type: array
+ items:
+ type: string
+ x-kubernetes-list-type: atomic
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ type: integer
+ format: int32
+ grpc:
+ description: GRPC specifies a GRPC HealthCheckRequest.
+ type: object
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must be in the range 1 to 65535.
+ type: integer
+ format: int32
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ default: ""
+ httpGet:
+ description: HTTPGet specifies an HTTP GET request to perform.
+ type: object
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ type: array
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ type: object
+ required:
+ - name
+ - value
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ type: integer
+ format: int32
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ type: integer
+ format: int32
+ tcpSocket:
+ description: TCPSocket specifies a connection to a TCP port.
+ type: object
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ terminationMessagePath:
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
+ type: string
+ terminationMessagePolicy:
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
+ type: string
+ volumeMounts:
+ description: |-
+ Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ type: array
+ items:
+ description: VolumeMount describes a mounting of a Volume within a container.
+ type: object
+ required:
+ - mountPath
+ - name
+ properties:
+ mountPath:
+ description: |-
+ Path within the container at which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-volumes-mount-propagation
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
+ type: boolean
+ subPath:
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ x-kubernetes-list-map-keys:
+ - mountPath
+ x-kubernetes-list-type: map
+ workingDir:
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
+ type: string
+ dnsConfig:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-dnsconfig
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ dnsPolicy:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-dnspolicy
+ type: string
+ enableServiceLinks:
+ description: |-
+ EnableServiceLinks indicates whether information aboutservices should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.
+ type: boolean
+ hostAliases:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-hostaliases
+ type: array
+ items:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-hostaliases
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ hostIPC:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-hostipc
+ type: boolean
+ hostNetwork:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-hostnetwork
+ type: boolean
+ hostPID:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-hostpid
+ type: boolean
+ idleTimeoutSeconds:
+ description: |-
+ IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed
+ to stay open while not receiving any bytes from the user's application. If
+ unspecified, a system default will be provided.
+ type: integer
+ format: int64
+ imagePullSecrets:
+ description: |-
+ ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
+ If specified, these secrets will be passed to individual puller implementations for them to use.
+ More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
+ type: array
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ type: object
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ x-kubernetes-map-type: atomic
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ initContainers:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-init-containers
+ type: array
+ items:
+ description: This is accessible behind a feature flag - kubernetes.podspec-init-containers
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ nodeSelector:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-nodeselector
+ type: object
+ additionalProperties:
+ type: string
+ x-kubernetes-map-type: atomic
+ priorityClassName:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-priorityclassname
+ type: string
+ responseStartTimeoutSeconds:
+ description: |-
+ ResponseStartTimeoutSeconds is the maximum duration in seconds that the request
+ routing layer will wait for a request delivered to a container to begin
+ sending any network traffic.
+ type: integer
+ format: int64
+ runtimeClassName:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname
+ type: string
+ schedulerName:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-schedulername
+ type: string
+ securityContext:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-securitycontext
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ serviceAccountName:
+ description: |-
+ ServiceAccountName is the name of the ServiceAccount to use to run this pod.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+ type: string
+ shareProcessNamespace:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-shareprocessnamespace
+ type: boolean
+ timeoutSeconds:
+ description: |-
+ TimeoutSeconds is the maximum duration in seconds that the request instance
+ is allowed to respond to a request. If unspecified, a system default will
+ be provided.
+ type: integer
+ format: int64
+ tolerations:
+ description: This is accessible behind a feature flag - kubernetes.podspec-tolerations
+ type: array
+ items:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-tolerations
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ topologySpreadConstraints:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints
+ type: array
+ items:
+ description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ volumes:
+ description: |-
+ List of volumes that can be mounted by containers belonging to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes
+ type: array
+ items:
+ description: Volume represents a named volume in a pod that may be accessed by any container in the pod.
+ type: object
+ required:
+ - name
+ properties:
+ configMap:
+ description: configMap represents a configMap that should populate this volume
+ type: object
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode is optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ type: array
+ items:
+ description: Maps a string key to a path within a volume.
+ type: object
+ required:
+ - key
+ - path
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ x-kubernetes-list-type: atomic
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: optional specify whether the ConfigMap or its keys must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ csi:
+ description: This is accessible behind a feature flag - kubernetes.podspec-volumes-csi
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ emptyDir:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-volumes-emptydir
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ hostPath:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-volumes-hostpath
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ image:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-volumes-image
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ name:
+ description: |-
+ name of the volume.
+ Must be a DNS_LABEL and unique within the pod.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ persistentVolumeClaim:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ projected:
+ description: projected items for all in one resources secrets, configmaps, and downward API
+ type: object
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode are the mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ sources:
+ description: |-
+ sources is the list of volume projections. Each entry in this list
+ handles one source.
+ type: array
+ items:
+ description: |-
+ Projection that may be projected along with other supported volume types.
+ Exactly one of these fields must be set.
+ type: object
+ properties:
+ configMap:
+ description: configMap information about the configMap data to project
+ type: object
+ properties:
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ type: array
+ items:
+ description: Maps a string key to a path within a volume.
+ type: object
+ required:
+ - key
+ - path
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ x-kubernetes-list-type: atomic
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: optional specify whether the ConfigMap or its keys must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ downwardAPI:
+ description: downwardAPI information about the downwardAPI data to project
+ type: object
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume file
+ type: array
+ items:
+ description: DownwardAPIVolumeFile represents information to create the file containing the pod field
+ type: object
+ required:
+ - path
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.'
+ type: object
+ required:
+ - fieldPath
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the specified API version.
+ type: string
+ x-kubernetes-map-type: atomic
+ mode:
+ description: |-
+ Optional: mode bits used to set permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ path:
+ description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ type: object
+ required:
+ - resource
+ properties:
+ containerName:
+ description: 'Container name: required for volumes, optional for env vars'
+ type: string
+ divisor:
+ description: Specifies the output format of the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ x-kubernetes-map-type: atomic
+ x-kubernetes-list-type: atomic
+ secret:
+ description: secret information about the secret data to project
+ type: object
+ properties:
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ type: array
+ items:
+ description: Maps a string key to a path within a volume.
+ type: object
+ required:
+ - key
+ - path
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ x-kubernetes-list-type: atomic
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: optional field specify whether the Secret or its key must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ serviceAccountToken:
+ description: serviceAccountToken is information about the serviceAccountToken data to project
+ type: object
+ required:
+ - path
+ properties:
+ audience:
+ description: |-
+ audience is the intended audience of the token. A recipient of a token
+ must identify itself with an identifier specified in the audience of the
+ token, and otherwise should reject the token. The audience defaults to the
+ identifier of the apiserver.
+ type: string
+ expirationSeconds:
+ description: |-
+ expirationSeconds is the requested duration of validity of the service
+ account token. As the token approaches expiration, the kubelet volume
+ plugin will proactively rotate the service account token. The kubelet will
+ start trying to rotate the token if the token is older than 80 percent of
+ its time to live or if the token is older than 24 hours.Defaults to 1 hour
+ and must be at least 10 minutes.
+ type: integer
+ format: int64
+ path:
+ description: |-
+ path is the path relative to the mount point of the file to project the
+ token into.
+ type: string
+ x-kubernetes-list-type: atomic
+ secret:
+ description: |-
+ secret represents a secret that should populate this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ type: object
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode is Optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values
+ for mode bits. Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ items:
+ description: |-
+ items If unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ type: array
+ items:
+ description: Maps a string key to a path within a volume.
+ type: object
+ required:
+ - key
+ - path
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ x-kubernetes-list-type: atomic
+ optional:
+ description: optional field specify whether the Secret or its keys must be defined
+ type: boolean
+ secretName:
+ description: |-
+ secretName is the name of the secret in the pod's namespace to use.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ type: string
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ status:
+ description: RevisionStatus communicates the observed state of the Revision (from the controller).
+ type: object
+ properties:
+ actualReplicas:
+ description: ActualReplicas reflects the amount of ready pods running this revision.
+ type: integer
+ format: int32
+ annotations:
+ description: |-
+ Annotations is additional Status fields for the Resource to save some
+ additional State as well as convey more information to the user. This is
+ roughly akin to Annotations on any k8s resource, just the reconciler conveying
+ richer information outwards.
+ type: object
+ additionalProperties:
+ type: string
+ conditions:
+ description: Conditions the latest available observations of a resource's current state.
+ type: array
+ items:
+ description: |-
+ Condition defines a readiness condition for a Knative resource.
+ See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
+ type: object
+ required:
+ - status
+ - type
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time the condition transitioned from one status to another.
+ We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
+ differences (all other things held constant).
+ type: string
+ message:
+ description: A human readable message indicating details about the transition.
+ type: string
+ reason:
+ description: The reason for the condition's last transition.
+ type: string
+ severity:
+ description: |-
+ Severity with which to treat failures of this type of condition.
+ When this is not specified, it defaults to Error.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition.
+ type: string
+ containerStatuses:
+ description: |-
+ ContainerStatuses is a slice of images present in .Spec.Container[*].Image
+ to their respective digests and their container name.
+ The digests are resolved during the creation of Revision.
+ ContainerStatuses holds the container name and image digests
+ for both serving and non serving containers.
+ ref: http://bit.ly/image-digests
+ type: array
+ items:
+ description: ContainerStatus holds the information of container name and image digest value
+ type: object
+ properties:
+ imageDigest:
+ type: string
+ name:
+ type: string
+ desiredReplicas:
+ description: DesiredReplicas reflects the desired amount of pods running this revision.
+ type: integer
+ format: int32
+ initContainerStatuses:
+ description: |-
+ InitContainerStatuses is a slice of images present in .Spec.InitContainer[*].Image
+ to their respective digests and their container name.
+ The digests are resolved during the creation of Revision.
+ ContainerStatuses holds the container name and image digests
+ for both serving and non serving containers.
+ ref: http://bit.ly/image-digests
+ type: array
+ items:
+ description: ContainerStatus holds the information of container name and image digest value
+ type: object
+ properties:
+ imageDigest:
+ type: string
+ name:
+ type: string
+ logUrl:
+ description: |-
+ LogURL specifies the generated logging url for this particular revision
+ based on the revision url template specified in the controller's config.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the 'Generation' of the Service that
+ was last processed by the controller.
+ type: integer
+ format: int64
+
+---
+# Copyright 2019 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: routes.serving.knative.dev
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+ knative.dev/crd-install: "true"
+ duck.knative.dev/addressable: "true"
+spec:
+ group: serving.knative.dev
+ names:
+ kind: Route
+ plural: routes
+ singular: route
+ categories:
+ - all
+ - knative
+ - serving
+ shortNames:
+ - rt
+ scope: Namespaced
+ versions:
+ - name: v1
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ additionalPrinterColumns:
+ - name: URL
+ type: string
+ jsonPath: .status.url
+ - name: Ready
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].status"
+ - name: Reason
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Route is responsible for configuring ingress over a collection of Revisions.
+ Some of the Revisions a Route distributes traffic over may be specified by
+ referencing the Configuration responsible for creating them; in these cases
+ the Route is additionally responsible for monitoring the Configuration for
+ "latest ready revision" changes, and smoothly rolling out latest revisions.
+ See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#route
+ type: object
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec holds the desired state of the Route (from the client).
+ type: object
+ properties:
+ traffic:
+ description: |-
+ Traffic specifies how to distribute traffic over a collection of
+ revisions and configurations.
+ type: array
+ items:
+ description: TrafficTarget holds a single entry of the routing table for a Route.
+ type: object
+ properties:
+ configurationName:
+ description: |-
+ ConfigurationName of a configuration to whose latest revision we will send
+ this portion of traffic. When the "status.latestReadyRevisionName" of the
+ referenced configuration changes, we will automatically migrate traffic
+ from the prior "latest ready" revision to the new one. This field is never
+ set in Route's status, only its spec. This is mutually exclusive with
+ RevisionName.
+ type: string
+ latestRevision:
+ description: |-
+ LatestRevision may be optionally provided to indicate that the latest
+ ready Revision of the Configuration should be used for this traffic
+ target. When provided LatestRevision must be true if RevisionName is
+ empty; it must be false when RevisionName is non-empty.
+ type: boolean
+ percent:
+ description: |-
+ Percent indicates that percentage based routing should be used and
+ the value indicates the percent of traffic that is be routed to this
+ Revision or Configuration. `0` (zero) mean no traffic, `100` means all
+ traffic.
+ When percentage based routing is being used the follow rules apply:
+ - the sum of all percent values must equal 100
+ - when not specified, the implied value for `percent` is zero for
+ that particular Revision or Configuration
+ type: integer
+ format: int64
+ revisionName:
+ description: |-
+ RevisionName of a specific revision to which to send this portion of
+ traffic. This is mutually exclusive with ConfigurationName.
+ type: string
+ tag:
+ description: |-
+ Tag is optionally used to expose a dedicated url for referencing
+ this target exclusively.
+ type: string
+ url:
+ description: |-
+ URL displays the URL for accessing named traffic targets. URL is displayed in
+ status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and
+ a hostname, but may not contain anything else (e.g. basic auth, url path, etc.)
+ type: string
+ status:
+ description: Status communicates the observed state of the Route (from the controller).
+ type: object
+ properties:
+ address:
+ description: Address holds the information needed for a Route to be the target of an event.
+ type: object
+ properties:
+ CACerts:
+ description: |-
+ CACerts is the Certification Authority (CA) certificates in PEM format
+ according to https://www.rfc-editor.org/rfc/rfc7468.
+ type: string
+ audience:
+ description: Audience is the OIDC audience for this address.
+ type: string
+ name:
+ description: Name is the name of the address.
+ type: string
+ url:
+ type: string
+ annotations:
+ description: |-
+ Annotations is additional Status fields for the Resource to save some
+ additional State as well as convey more information to the user. This is
+ roughly akin to Annotations on any k8s resource, just the reconciler conveying
+ richer information outwards.
+ type: object
+ additionalProperties:
+ type: string
+ conditions:
+ description: Conditions the latest available observations of a resource's current state.
+ type: array
+ items:
+ description: |-
+ Condition defines a readiness condition for a Knative resource.
+ See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
+ type: object
+ required:
+ - status
+ - type
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time the condition transitioned from one status to another.
+ We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
+ differences (all other things held constant).
+ type: string
+ message:
+ description: A human readable message indicating details about the transition.
+ type: string
+ reason:
+ description: The reason for the condition's last transition.
+ type: string
+ severity:
+ description: |-
+ Severity with which to treat failures of this type of condition.
+ When this is not specified, it defaults to Error.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the 'Generation' of the Service that
+ was last processed by the controller.
+ type: integer
+ format: int64
+ traffic:
+ description: |-
+ Traffic holds the configured traffic distribution.
+ These entries will always contain RevisionName references.
+ When ConfigurationName appears in the spec, this will hold the
+ LatestReadyRevisionName that we last observed.
+ type: array
+ items:
+ description: TrafficTarget holds a single entry of the routing table for a Route.
+ type: object
+ properties:
+ configurationName:
+ description: |-
+ ConfigurationName of a configuration to whose latest revision we will send
+ this portion of traffic. When the "status.latestReadyRevisionName" of the
+ referenced configuration changes, we will automatically migrate traffic
+ from the prior "latest ready" revision to the new one. This field is never
+ set in Route's status, only its spec. This is mutually exclusive with
+ RevisionName.
+ type: string
+ latestRevision:
+ description: |-
+ LatestRevision may be optionally provided to indicate that the latest
+ ready Revision of the Configuration should be used for this traffic
+ target. When provided LatestRevision must be true if RevisionName is
+ empty; it must be false when RevisionName is non-empty.
+ type: boolean
+ percent:
+ description: |-
+ Percent indicates that percentage based routing should be used and
+ the value indicates the percent of traffic that is be routed to this
+ Revision or Configuration. `0` (zero) mean no traffic, `100` means all
+ traffic.
+ When percentage based routing is being used the follow rules apply:
+ - the sum of all percent values must equal 100
+ - when not specified, the implied value for `percent` is zero for
+ that particular Revision or Configuration
+ type: integer
+ format: int64
+ revisionName:
+ description: |-
+ RevisionName of a specific revision to which to send this portion of
+ traffic. This is mutually exclusive with ConfigurationName.
+ type: string
+ tag:
+ description: |-
+ Tag is optionally used to expose a dedicated url for referencing
+ this target exclusively.
+ type: string
+ url:
+ description: |-
+ URL displays the URL for accessing named traffic targets. URL is displayed in
+ status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and
+ a hostname, but may not contain anything else (e.g. basic auth, url path, etc.)
+ type: string
+ url:
+ description: |-
+ URL holds the url that will distribute traffic over the provided traffic targets.
+ It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix}
+ type: string
+
+---
+# Copyright 2019 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: serverlessservices.networking.internal.knative.dev
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/component: networking
+ app.kubernetes.io/version: "1.19.0"
+ knative.dev/crd-install: "true"
+spec:
+ group: networking.internal.knative.dev
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ schema:
+ openAPIV3Schema:
+ description: |-
+ ServerlessService is a proxy for the K8s service objects containing the
+ endpoints for the revision, whether those are endpoints of the activator or
+ revision pods.
+ See: https://knative.page.link/naxz for details.
+ type: object
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: |-
+ Spec is the desired state of the ServerlessService.
+ More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ type: object
+ required:
+ - objectRef
+ - protocolType
+ properties:
+ mode:
+ description: Mode describes the mode of operation of the ServerlessService.
+ type: string
+ numActivators:
+ description: |-
+ NumActivators contains number of Activators that this revision should be
+ assigned.
+ O means — assign all.
+ type: integer
+ format: int32
+ objectRef:
+ description: |-
+ ObjectRef defines the resource that this ServerlessService
+ is responsible for making "serverless".
+ type: object
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ x-kubernetes-map-type: atomic
+ protocolType:
+ description: |-
+ The application-layer protocol. Matches `RevisionProtocolType` set on the owning pa/revision.
+ serving imports networking, so just use string.
+ type: string
+ status:
+ description: |-
+ Status is the current state of the ServerlessService.
+ More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ type: object
+ properties:
+ annotations:
+ description: |-
+ Annotations is additional Status fields for the Resource to save some
+ additional State as well as convey more information to the user. This is
+ roughly akin to Annotations on any k8s resource, just the reconciler conveying
+ richer information outwards.
+ type: object
+ additionalProperties:
+ type: string
+ conditions:
+ description: Conditions the latest available observations of a resource's current state.
+ type: array
+ items:
+ description: |-
+ Condition defines a readiness condition for a Knative resource.
+ See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
+ type: object
+ required:
+ - status
+ - type
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time the condition transitioned from one status to another.
+ We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
+ differences (all other things held constant).
+ type: string
+ message:
+ description: A human readable message indicating details about the transition.
+ type: string
+ reason:
+ description: The reason for the condition's last transition.
+ type: string
+ severity:
+ description: |-
+ Severity with which to treat failures of this type of condition.
+ When this is not specified, it defaults to Error.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the 'Generation' of the Service that
+ was last processed by the controller.
+ type: integer
+ format: int64
+ privateServiceName:
+ description: |-
+ PrivateServiceName holds the name of a core K8s Service resource that
+ load balances over the user service pods backing this Revision.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName holds the name of a core K8s Service resource that
+ load balances over the pods backing this Revision (activator or revision).
+ type: string
+ additionalPrinterColumns:
+ - name: Mode
+ type: string
+ jsonPath: ".spec.mode"
+ - name: Activators
+ type: integer
+ jsonPath: ".spec.numActivators"
+ - name: ServiceName
+ type: string
+ jsonPath: ".status.serviceName"
+ - name: PrivateServiceName
+ type: string
+ jsonPath: ".status.privateServiceName"
+ - name: Ready
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].status"
+ - name: Reason
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
+ names:
+ kind: ServerlessService
+ plural: serverlessservices
+ singular: serverlessservice
+ categories:
+ - knative-internal
+ - networking
+ shortNames:
+ - sks
+ scope: Namespaced
+
+---
+# Copyright 2019 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: services.serving.knative.dev
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+ knative.dev/crd-install: "true"
+ duck.knative.dev/addressable: "true"
+ duck.knative.dev/podspecable: "true"
+spec:
+ group: serving.knative.dev
+ names:
+ kind: Service
+ plural: services
+ singular: service
+ categories:
+ - all
+ - knative
+ - serving
+ shortNames:
+ - kservice
+ - ksvc
+ scope: Namespaced
+ versions:
+ - name: v1
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ additionalPrinterColumns:
+ - name: URL
+ type: string
+ jsonPath: .status.url
+ - name: LatestCreated
+ type: string
+ jsonPath: .status.latestCreatedRevisionName
+ - name: LatestReady
+ type: string
+ jsonPath: .status.latestReadyRevisionName
+ - name: Ready
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].status"
+ - name: Reason
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Service acts as a top-level container that manages a Route and Configuration
+ which implement a network service. Service exists to provide a singular
+ abstraction which can be access controlled, reasoned about, and which
+ encapsulates software lifecycle decisions such as rollout policy and
+ team resource ownership. Service acts only as an orchestrator of the
+ underlying Routes and Configurations (much as a kubernetes Deployment
+ orchestrates ReplicaSets), and its usage is optional but recommended.
+
+ The Service's controller will track the statuses of its owned Configuration
+ and Route, reflecting their statuses and conditions as its own.
+
+ See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#service
+ type: object
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: |-
+ ServiceSpec represents the configuration for the Service object.
+ A Service's specification is the union of the specifications for a Route
+ and Configuration. The Service restricts what can be expressed in these
+ fields, e.g. the Route must reference the provided Configuration;
+ however, these limitations also enable friendlier defaulting,
+ e.g. Route never needs a Configuration name, and may be defaulted to
+ the appropriate "run latest" spec.
+ type: object
+ properties:
+ template:
+ description: Template holds the latest specification for the Revision to be stamped out.
+ type: object
+ properties:
+ metadata:
+ type: object
+ properties:
+ annotations:
+ type: object
+ additionalProperties:
+ type: string
+ finalizers:
+ type: array
+ items:
+ type: string
+ labels:
+ type: object
+ additionalProperties:
+ type: string
+ name:
+ type: string
+ namespace:
+ type: string
+ x-kubernetes-preserve-unknown-fields: true
+ spec:
+ description: RevisionSpec holds the desired state of the Revision (from the client).
+ type: object
+ required:
+ - containers
+ properties:
+ affinity:
+ description: This is accessible behind a feature flag - kubernetes.podspec-affinity
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ automountServiceAccountToken:
+ description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.
+ type: boolean
+ containerConcurrency:
+ description: |-
+ ContainerConcurrency specifies the maximum allowed in-flight (concurrent)
+ requests per container of the Revision. Defaults to `0` which means
+ concurrency to the application is not limited, and the system decides the
+ target concurrency for the autoscaler.
+ type: integer
+ format: int64
+ containers:
+ description: |-
+ List of containers belonging to the pod.
+ Containers cannot currently be added or removed.
+ There must be at least one container in a Pod.
+ Cannot be updated.
+ type: array
+ items:
+ description: A single application container that you want to run within a pod.
+ type: object
+ properties:
+ args:
+ description: |-
+ Arguments to the entrypoint.
+ The container image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ type: array
+ items:
+ type: string
+ x-kubernetes-list-type: atomic
+ command:
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The container image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ type: array
+ items:
+ type: string
+ x-kubernetes-list-type: atomic
+ env:
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
+ type: array
+ items:
+ description: EnvVar represents an environment variable present in a Container.
+ type: object
+ required:
+ - name
+ properties:
+ name:
+ description: Name of the environment variable. Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value. Cannot be used if value is not empty.
+ type: object
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ type: object
+ required:
+ - key
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: Specify whether the ConfigMap or its key must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-fieldref
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ resourceFieldRef:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-fieldref
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's namespace
+ type: object
+ required:
+ - key
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ envFrom:
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
+ type: array
+ items:
+ description: EnvFromSource represents the source of a set of ConfigMaps or Secrets
+ type: object
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ type: object
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: Specify whether the ConfigMap must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ type: object
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ x-kubernetes-list-type: atomic
+ image:
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
+ type: string
+ imagePullPolicy:
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ type: string
+ livenessProbe:
+ description: |-
+ Periodic probe of container liveness.
+ Container will be restarted if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: object
+ properties:
+ exec:
+ description: Exec specifies a command to execute in the container.
+ type: object
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ type: array
+ items:
+ type: string
+ x-kubernetes-list-type: atomic
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ type: integer
+ format: int32
+ grpc:
+ description: GRPC specifies a GRPC HealthCheckRequest.
+ type: object
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must be in the range 1 to 65535.
+ type: integer
+ format: int32
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ default: ""
+ httpGet:
+ description: HTTPGet specifies an HTTP GET request to perform.
+ type: object
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ type: array
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ type: object
+ required:
+ - name
+ - value
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ type: integer
+ format: int32
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ type: integer
+ format: int32
+ tcpSocket:
+ description: TCPSocket specifies a connection to a TCP port.
+ type: object
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ name:
+ description: |-
+ Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: |-
+ List of ports to expose from the container. Not specifying a port here
+ DOES NOT prevent that port from being exposed. Any port which is
+ listening on the default "0.0.0.0" address inside a container will be
+ accessible from the network.
+ Modifying this array with strategic merge patch may corrupt the data.
+ For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ type: array
+ items:
+ description: ContainerPort represents a network port in a single container.
+ type: object
+ properties:
+ containerPort:
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
+ type: integer
+ format: int32
+ name:
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
+ type: string
+ protocol:
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ default: TCP
+ readinessProbe:
+ description: |-
+ Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: object
+ properties:
+ exec:
+ description: Exec specifies a command to execute in the container.
+ type: object
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ type: array
+ items:
+ type: string
+ x-kubernetes-list-type: atomic
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ type: integer
+ format: int32
+ grpc:
+ description: GRPC specifies a GRPC HealthCheckRequest.
+ type: object
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must be in the range 1 to 65535.
+ type: integer
+ format: int32
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ default: ""
+ httpGet:
+ description: HTTPGet specifies an HTTP GET request to perform.
+ type: object
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ type: array
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ type: object
+ required:
+ - name
+ - value
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ type: integer
+ format: int32
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ type: integer
+ format: int32
+ tcpSocket:
+ description: TCPSocket specifies a connection to a TCP port.
+ type: object
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ resources:
+ description: |-
+ Compute Resources required by this container.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ properties:
+ limits:
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ additionalProperties:
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ requests:
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ additionalProperties:
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ securityContext:
+ description: |-
+ SecurityContext defines the security options the container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ type: object
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: object
+ properties:
+ add:
+ description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities
+ type: array
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ x-kubernetes-list-type: atomic
+ drop:
+ description: Removed capabilities
+ type: array
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ x-kubernetes-list-type: atomic
+ privileged:
+ description: |-
+ Run container in privileged mode. This can only be set to explicitly to 'false'
+ type: boolean
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: integer
+ format: int64
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: integer
+ format: int64
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: object
+ required:
+ - type
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ startupProbe:
+ description: |-
+ StartupProbe indicates that the Pod has successfully initialized.
+ If specified, no other probes are executed until this completes successfully.
+ If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+ when it might take a long time to load data or warm a cache, than during steady-state operation.
+ This cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: object
+ properties:
+ exec:
+ description: Exec specifies a command to execute in the container.
+ type: object
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ type: array
+ items:
+ type: string
+ x-kubernetes-list-type: atomic
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ type: integer
+ format: int32
+ grpc:
+ description: GRPC specifies a GRPC HealthCheckRequest.
+ type: object
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must be in the range 1 to 65535.
+ type: integer
+ format: int32
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ default: ""
+ httpGet:
+ description: HTTPGet specifies an HTTP GET request to perform.
+ type: object
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ type: array
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ type: object
+ required:
+ - name
+ - value
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ type: integer
+ format: int32
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ type: integer
+ format: int32
+ tcpSocket:
+ description: TCPSocket specifies a connection to a TCP port.
+ type: object
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ terminationMessagePath:
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
+ type: string
+ terminationMessagePolicy:
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
+ type: string
+ volumeMounts:
+ description: |-
+ Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ type: array
+ items:
+ description: VolumeMount describes a mounting of a Volume within a container.
+ type: object
+ required:
+ - mountPath
+ - name
+ properties:
+ mountPath:
+ description: |-
+ Path within the container at which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-volumes-mount-propagation
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
+ type: boolean
+ subPath:
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ x-kubernetes-list-map-keys:
+ - mountPath
+ x-kubernetes-list-type: map
+ workingDir:
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
+ type: string
+ dnsConfig:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-dnsconfig
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ dnsPolicy:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-dnspolicy
+ type: string
+ enableServiceLinks:
+ description: |-
+ EnableServiceLinks indicates whether information aboutservices should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.
+ type: boolean
+ hostAliases:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-hostaliases
+ type: array
+ items:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-hostaliases
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ hostIPC:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-hostipc
+ type: boolean
+ hostNetwork:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-hostnetwork
+ type: boolean
+ hostPID:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-hostpid
+ type: boolean
+ idleTimeoutSeconds:
+ description: |-
+ IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed
+ to stay open while not receiving any bytes from the user's application. If
+ unspecified, a system default will be provided.
+ type: integer
+ format: int64
+ imagePullSecrets:
+ description: |-
+ ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
+ If specified, these secrets will be passed to individual puller implementations for them to use.
+ More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
+ type: array
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ type: object
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ x-kubernetes-map-type: atomic
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ initContainers:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-init-containers
+ type: array
+ items:
+ description: This is accessible behind a feature flag - kubernetes.podspec-init-containers
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ nodeSelector:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-nodeselector
+ type: object
+ additionalProperties:
+ type: string
+ x-kubernetes-map-type: atomic
+ priorityClassName:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-priorityclassname
+ type: string
+ responseStartTimeoutSeconds:
+ description: |-
+ ResponseStartTimeoutSeconds is the maximum duration in seconds that the request
+ routing layer will wait for a request delivered to a container to begin
+ sending any network traffic.
+ type: integer
+ format: int64
+ runtimeClassName:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname
+ type: string
+ schedulerName:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-schedulername
+ type: string
+ securityContext:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-securitycontext
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ serviceAccountName:
+ description: |-
+ ServiceAccountName is the name of the ServiceAccount to use to run this pod.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+ type: string
+ shareProcessNamespace:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-shareprocessnamespace
+ type: boolean
+ timeoutSeconds:
+ description: |-
+ TimeoutSeconds is the maximum duration in seconds that the request instance
+ is allowed to respond to a request. If unspecified, a system default will
+ be provided.
+ type: integer
+ format: int64
+ tolerations:
+ description: This is accessible behind a feature flag - kubernetes.podspec-tolerations
+ type: array
+ items:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-tolerations
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ topologySpreadConstraints:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints
+ type: array
+ items:
+ description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ volumes:
+ description: |-
+ List of volumes that can be mounted by containers belonging to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes
+ type: array
+ items:
+ description: Volume represents a named volume in a pod that may be accessed by any container in the pod.
+ type: object
+ required:
+ - name
+ properties:
+ configMap:
+ description: configMap represents a configMap that should populate this volume
+ type: object
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode is optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ type: array
+ items:
+ description: Maps a string key to a path within a volume.
+ type: object
+ required:
+ - key
+ - path
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ x-kubernetes-list-type: atomic
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: optional specify whether the ConfigMap or its keys must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ csi:
+ description: This is accessible behind a feature flag - kubernetes.podspec-volumes-csi
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ emptyDir:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-volumes-emptydir
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ hostPath:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-volumes-hostpath
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ image:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-volumes-image
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ name:
+ description: |-
+ name of the volume.
+ Must be a DNS_LABEL and unique within the pod.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ persistentVolumeClaim:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ projected:
+ description: projected items for all in one resources secrets, configmaps, and downward API
+ type: object
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode are the mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ sources:
+ description: |-
+ sources is the list of volume projections. Each entry in this list
+ handles one source.
+ type: array
+ items:
+ description: |-
+ Projection that may be projected along with other supported volume types.
+ Exactly one of these fields must be set.
+ type: object
+ properties:
+ configMap:
+ description: configMap information about the configMap data to project
+ type: object
+ properties:
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ type: array
+ items:
+ description: Maps a string key to a path within a volume.
+ type: object
+ required:
+ - key
+ - path
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ x-kubernetes-list-type: atomic
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: optional specify whether the ConfigMap or its keys must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ downwardAPI:
+ description: downwardAPI information about the downwardAPI data to project
+ type: object
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume file
+ type: array
+ items:
+ description: DownwardAPIVolumeFile represents information to create the file containing the pod field
+ type: object
+ required:
+ - path
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.'
+ type: object
+ required:
+ - fieldPath
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the specified API version.
+ type: string
+ x-kubernetes-map-type: atomic
+ mode:
+ description: |-
+ Optional: mode bits used to set permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ path:
+ description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ type: object
+ required:
+ - resource
+ properties:
+ containerName:
+ description: 'Container name: required for volumes, optional for env vars'
+ type: string
+ divisor:
+ description: Specifies the output format of the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ x-kubernetes-map-type: atomic
+ x-kubernetes-list-type: atomic
+ secret:
+ description: secret information about the secret data to project
+ type: object
+ properties:
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ type: array
+ items:
+ description: Maps a string key to a path within a volume.
+ type: object
+ required:
+ - key
+ - path
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ x-kubernetes-list-type: atomic
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: optional field specify whether the Secret or its key must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ serviceAccountToken:
+ description: serviceAccountToken is information about the serviceAccountToken data to project
+ type: object
+ required:
+ - path
+ properties:
+ audience:
+ description: |-
+ audience is the intended audience of the token. A recipient of a token
+ must identify itself with an identifier specified in the audience of the
+ token, and otherwise should reject the token. The audience defaults to the
+ identifier of the apiserver.
+ type: string
+ expirationSeconds:
+ description: |-
+ expirationSeconds is the requested duration of validity of the service
+ account token. As the token approaches expiration, the kubelet volume
+ plugin will proactively rotate the service account token. The kubelet will
+ start trying to rotate the token if the token is older than 80 percent of
+ its time to live or if the token is older than 24 hours.Defaults to 1 hour
+ and must be at least 10 minutes.
+ type: integer
+ format: int64
+ path:
+ description: |-
+ path is the path relative to the mount point of the file to project the
+ token into.
+ type: string
+ x-kubernetes-list-type: atomic
+ secret:
+ description: |-
+ secret represents a secret that should populate this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ type: object
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode is Optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values
+ for mode bits. Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ items:
+ description: |-
+ items If unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ type: array
+ items:
+ description: Maps a string key to a path within a volume.
+ type: object
+ required:
+ - key
+ - path
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ x-kubernetes-list-type: atomic
+ optional:
+ description: optional field specify whether the Secret or its keys must be defined
+ type: boolean
+ secretName:
+ description: |-
+ secretName is the name of the secret in the pod's namespace to use.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ type: string
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ traffic:
+ description: |-
+ Traffic specifies how to distribute traffic over a collection of
+ revisions and configurations.
+ type: array
+ items:
+ description: TrafficTarget holds a single entry of the routing table for a Route.
+ type: object
+ properties:
+ configurationName:
+ description: |-
+ ConfigurationName of a configuration to whose latest revision we will send
+ this portion of traffic. When the "status.latestReadyRevisionName" of the
+ referenced configuration changes, we will automatically migrate traffic
+ from the prior "latest ready" revision to the new one. This field is never
+ set in Route's status, only its spec. This is mutually exclusive with
+ RevisionName.
+ type: string
+ latestRevision:
+ description: |-
+ LatestRevision may be optionally provided to indicate that the latest
+ ready Revision of the Configuration should be used for this traffic
+ target. When provided LatestRevision must be true if RevisionName is
+ empty; it must be false when RevisionName is non-empty.
+ type: boolean
+ percent:
+ description: |-
+ Percent indicates that percentage based routing should be used and
+ the value indicates the percent of traffic that is be routed to this
+ Revision or Configuration. `0` (zero) mean no traffic, `100` means all
+ traffic.
+ When percentage based routing is being used the follow rules apply:
+ - the sum of all percent values must equal 100
+ - when not specified, the implied value for `percent` is zero for
+ that particular Revision or Configuration
+ type: integer
+ format: int64
+ revisionName:
+ description: |-
+ RevisionName of a specific revision to which to send this portion of
+ traffic. This is mutually exclusive with ConfigurationName.
+ type: string
+ tag:
+ description: |-
+ Tag is optionally used to expose a dedicated url for referencing
+ this target exclusively.
+ type: string
+ url:
+ description: |-
+ URL displays the URL for accessing named traffic targets. URL is displayed in
+ status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and
+ a hostname, but may not contain anything else (e.g. basic auth, url path, etc.)
+ type: string
+ status:
+ description: ServiceStatus represents the Status stanza of the Service resource.
+ type: object
+ properties:
+ address:
+ description: Address holds the information needed for a Route to be the target of an event.
+ type: object
+ properties:
+ CACerts:
+ description: |-
+ CACerts is the Certification Authority (CA) certificates in PEM format
+ according to https://www.rfc-editor.org/rfc/rfc7468.
+ type: string
+ audience:
+ description: Audience is the OIDC audience for this address.
+ type: string
+ name:
+ description: Name is the name of the address.
+ type: string
+ url:
+ type: string
+ annotations:
+ description: |-
+ Annotations is additional Status fields for the Resource to save some
+ additional State as well as convey more information to the user. This is
+ roughly akin to Annotations on any k8s resource, just the reconciler conveying
+ richer information outwards.
+ type: object
+ additionalProperties:
+ type: string
+ conditions:
+ description: Conditions the latest available observations of a resource's current state.
+ type: array
+ items:
+ description: |-
+ Condition defines a readiness condition for a Knative resource.
+ See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
+ type: object
+ required:
+ - status
+ - type
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time the condition transitioned from one status to another.
+ We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
+ differences (all other things held constant).
+ type: string
+ message:
+ description: A human readable message indicating details about the transition.
+ type: string
+ reason:
+ description: The reason for the condition's last transition.
+ type: string
+ severity:
+ description: |-
+ Severity with which to treat failures of this type of condition.
+ When this is not specified, it defaults to Error.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition.
+ type: string
+ latestCreatedRevisionName:
+ description: |-
+ LatestCreatedRevisionName is the last revision that was created from this
+ Configuration. It might not be ready yet, for that use LatestReadyRevisionName.
+ type: string
+ latestReadyRevisionName:
+ description: |-
+ LatestReadyRevisionName holds the name of the latest Revision stamped out
+ from this Configuration that has had its "Ready" condition become "True".
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the 'Generation' of the Service that
+ was last processed by the controller.
+ type: integer
+ format: int64
+ traffic:
+ description: |-
+ Traffic holds the configured traffic distribution.
+ These entries will always contain RevisionName references.
+ When ConfigurationName appears in the spec, this will hold the
+ LatestReadyRevisionName that we last observed.
+ type: array
+ items:
+ description: TrafficTarget holds a single entry of the routing table for a Route.
+ type: object
+ properties:
+ configurationName:
+ description: |-
+ ConfigurationName of a configuration to whose latest revision we will send
+ this portion of traffic. When the "status.latestReadyRevisionName" of the
+ referenced configuration changes, we will automatically migrate traffic
+ from the prior "latest ready" revision to the new one. This field is never
+ set in Route's status, only its spec. This is mutually exclusive with
+ RevisionName.
+ type: string
+ latestRevision:
+ description: |-
+ LatestRevision may be optionally provided to indicate that the latest
+ ready Revision of the Configuration should be used for this traffic
+ target. When provided LatestRevision must be true if RevisionName is
+ empty; it must be false when RevisionName is non-empty.
+ type: boolean
+ percent:
+ description: |-
+ Percent indicates that percentage based routing should be used and
+ the value indicates the percent of traffic that is be routed to this
+ Revision or Configuration. `0` (zero) mean no traffic, `100` means all
+ traffic.
+ When percentage based routing is being used the follow rules apply:
+ - the sum of all percent values must equal 100
+ - when not specified, the implied value for `percent` is zero for
+ that particular Revision or Configuration
+ type: integer
+ format: int64
+ revisionName:
+ description: |-
+ RevisionName of a specific revision to which to send this portion of
+ traffic. This is mutually exclusive with ConfigurationName.
+ type: string
+ tag:
+ description: |-
+ Tag is optionally used to expose a dedicated url for referencing
+ this target exclusively.
+ type: string
+ url:
+ description: |-
+ URL displays the URL for accessing named traffic targets. URL is displayed in
+ status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and
+ a hostname, but may not contain anything else (e.g. basic auth, url path, etc.)
+ type: string
+ url:
+ description: |-
+ URL holds the url that will distribute traffic over the provided traffic targets.
+ It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix}
+ type: string
+
+---
+# Copyright 2018 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: images.caching.internal.knative.dev
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+ knative.dev/crd-install: "true"
+spec:
+ group: caching.internal.knative.dev
+ names:
+ kind: Image
+ plural: images
+ singular: image
+ categories:
+ - knative-internal
+ - caching
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Image is a Knative abstraction that encapsulates the interface by which Knative
+ components express a desire to have a particular image cached.
+ type: object
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec holds the desired state of the Image (from the client).
+ type: object
+ required:
+ - image
+ properties:
+ image:
+ description: Image is the name of the container image url to cache across the cluster.
+ type: string
+ imagePullSecrets:
+ description: |-
+ ImagePullSecrets contains the names of the Kubernetes Secrets containing login
+ information used by the Pods which will run this container.
+ type: array
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ type: object
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ x-kubernetes-map-type: atomic
+ serviceAccountName:
+ description: |-
+ ServiceAccountName is the name of the Kubernetes ServiceAccount as which the Pods
+ will run this container. This is potentially used to authenticate the image pull
+ if the service account has attached pull secrets. For more information:
+ https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account
+ type: string
+ status:
+ description: Status communicates the observed state of the Image (from the controller).
+ type: object
+ properties:
+ annotations:
+ description: |-
+ Annotations is additional Status fields for the Resource to save some
+ additional State as well as convey more information to the user. This is
+ roughly akin to Annotations on any k8s resource, just the reconciler conveying
+ richer information outwards.
+ type: object
+ additionalProperties:
+ type: string
+ conditions:
+ description: Conditions the latest available observations of a resource's current state.
+ type: array
+ items:
+ description: |-
+ Condition defines a readiness condition for a Knative resource.
+ See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
+ type: object
+ required:
+ - status
+ - type
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time the condition transitioned from one status to another.
+ We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
+ differences (all other things held constant).
+ type: string
+ message:
+ description: A human readable message indicating details about the transition.
+ type: string
+ reason:
+ description: The reason for the condition's last transition.
+ type: string
+ severity:
+ description: |-
+ Severity with which to treat failures of this type of condition.
+ When this is not specified, it defaults to Error.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the 'Generation' of the Service that
+ was last processed by the controller.
+ type: integer
+ format: int64
+ additionalPrinterColumns:
+ - name: Image
+ type: string
+ jsonPath: .spec.image
+
+---
diff --git a/integration/fixtures/knative/01-rbac.yml b/integration/fixtures/knative/01-rbac.yml
new file mode 100644
index 000000000..af29709e9
--- /dev/null
+++ b/integration/fixtures/knative/01-rbac.yml
@@ -0,0 +1,50 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: knative-networking-role
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - services
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - networking.internal.knative.dev
+ resources:
+ - ingresses
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - networking.internal.knative.dev
+ resources:
+ - ingresses/status
+ verbs:
+ - update
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: traefik
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: knative-networking-role
+subjects:
+ - kind: ServiceAccount
+ name: traefik
+ namespace: traefik
diff --git a/integration/fixtures/knative/02-traefik.yml b/integration/fixtures/knative/02-traefik.yml
new file mode 100644
index 000000000..15588a4a6
--- /dev/null
+++ b/integration/fixtures/knative/02-traefik.yml
@@ -0,0 +1,102 @@
+---
+kind: Namespace
+apiVersion: v1
+metadata:
+ name: traefik
+
+---
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+ name: traefik
+ namespace: traefik
+
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ name: traefik
+ namespace: traefik
+ labels:
+ app: traefik
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: traefik
+ template:
+ metadata:
+ labels:
+ app: traefik
+ spec:
+ serviceAccountName: traefik
+ containers:
+ - name: traefik
+ image: traefik/traefik:latest
+ imagePullPolicy: Never
+ args:
+ - --api.insecure
+ - --log.level=debug
+ - --entrypoints.pweb.address=:80
+ - --entrypoints.pwebsecure.address=:443
+ - --entrypoints.privweb.address=:8080
+ - --entrypoints.privwebsecure.address=:4443
+ - --entrypoints.traefik.address=:9000
+ - --experimental.knative
+ - --providers.knative.publicEntrypoints=pweb,pwebsecure
+ - --providers.knative.publicService.namespace=traefik
+ - --providers.knative.publicService.name=traefik
+ - --providers.knative.privateEntrypoints=privweb,privwebsecure
+ - --providers.knative.privateService.namespace=traefik
+ - --providers.knative.privateService.name=privtraefik
+ - --providers.knative.throttleduration=2s
+
+ ports:
+ - name: pweb
+ containerPort: 80
+ - name: pwebsecure
+ containerPort: 443
+ - name: privweb
+ containerPort: 8080
+ - name: privwebsecure
+ containerPort: 4443
+ - name: traefik
+ containerPort: 9000
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: traefik
+ namespace: traefik
+spec:
+ type: LoadBalancer
+ selector:
+ app: traefik
+ ports:
+ - port: 80
+ name: web
+ targetPort: pweb
+ - port: 443
+ name: websecure
+ targetPort: pwebsecure
+ - port: 9000
+ name: traefik
+ targetPort: traefik
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: privtraefik
+ namespace: traefik
+spec:
+ selector:
+ app: traefik
+ ports:
+ - port: 80
+ name: web
+ targetPort: privweb
+ - port: 443
+ name: websecure
+ targetPort: privwebsecure
diff --git a/integration/fixtures/knative/03-knative-serving-v1.19.0.yaml b/integration/fixtures/knative/03-knative-serving-v1.19.0.yaml
new file mode 100644
index 000000000..98a89d394
--- /dev/null
+++ b/integration/fixtures/knative/03-knative-serving-v1.19.0.yaml
@@ -0,0 +1,9513 @@
+# Copyright 2018 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: knative-serving
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+
+---
+# Copyright 2023 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: knative-serving-activator
+ namespace: knative-serving
+ labels:
+ serving.knative.dev/controller: "true"
+ app.kubernetes.io/version: "1.19.0"
+ app.kubernetes.io/name: knative-serving
+rules:
+ - apiGroups: [""]
+ resources: ["configmaps", "secrets"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: [""]
+ resources: ["secrets"]
+ verbs: ["get", "list", "watch"]
+ resourceNames: ["routing-serving-certs", "knative-serving-certs"]
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: knative-serving-activator-cluster
+ labels:
+ serving.knative.dev/controller: "true"
+ app.kubernetes.io/version: "1.19.0"
+ app.kubernetes.io/name: knative-serving
+rules:
+ - apiGroups: [""]
+ resources: ["services", "endpoints"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["serving.knative.dev"]
+ resources: ["revisions"]
+ verbs: ["get", "list", "watch"]
+
+---
+# Copyright 2019 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Use this aggregated ClusterRole when you need readonly access to "Addressables"
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ # Named like this to avoid clashing with eventing's existing `addressable-resolver` role
+ # (which should be identical, but isn't guaranteed to be installed alongside serving).
+ name: knative-serving-aggregated-addressable-resolver
+ labels:
+ app.kubernetes.io/version: "1.19.0"
+ app.kubernetes.io/name: knative-serving
+aggregationRule:
+ clusterRoleSelectors:
+ - matchLabels:
+ duck.knative.dev/addressable: "true"
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: knative-serving-addressable-resolver
+ labels:
+ app.kubernetes.io/version: "1.19.0"
+ app.kubernetes.io/name: knative-serving
+ # Labeled to facilitate aggregated cluster roles that act on Addressables.
+ duck.knative.dev/addressable: "true"
+# Do not use this role directly. These rules will be added to the "addressable-resolver" role.
+rules:
+ - apiGroups:
+ - serving.knative.dev
+ resources:
+ - routes
+ - routes/status
+ - services
+ - services/status
+ verbs:
+ - get
+ - list
+ - watch
+
+---
+# Copyright 2019 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: knative-serving-namespaced-admin
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+ app.kubernetes.io/version: "1.19.0"
+ app.kubernetes.io/name: knative-serving
+rules:
+ - apiGroups: ["serving.knative.dev"]
+ resources: ["*"]
+ verbs: ["*"]
+ - apiGroups: ["networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"]
+ resources: ["*"]
+ verbs: ["get", "list", "watch"]
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: knative-serving-namespaced-edit
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-edit: "true"
+ app.kubernetes.io/version: "1.19.0"
+ app.kubernetes.io/name: knative-serving
+rules:
+ - apiGroups: ["serving.knative.dev"]
+ resources: ["*"]
+ verbs: ["create", "update", "patch", "delete"]
+ - apiGroups: ["networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"]
+ resources: ["*"]
+ verbs: ["get", "list", "watch"]
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: knative-serving-namespaced-view
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-view: "true"
+ app.kubernetes.io/version: "1.19.0"
+ app.kubernetes.io/name: knative-serving
+rules:
+ - apiGroups: ["serving.knative.dev", "networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"]
+ resources: ["*"]
+ verbs: ["get", "list", "watch"]
+
+---
+# Copyright 2019 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: knative-serving-core
+ labels:
+ serving.knative.dev/controller: "true"
+ app.kubernetes.io/version: "1.19.0"
+ app.kubernetes.io/name: knative-serving
+rules:
+ - apiGroups: [""]
+ resources: ["pods", "namespaces", "secrets", "configmaps", "endpoints", "services", "events", "serviceaccounts"]
+ verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
+ - apiGroups: [""]
+ resources: ["endpoints/restricted"] # Permission for RestrictedEndpointsAdmission
+ verbs: ["create"]
+ - apiGroups: [""]
+ resources: ["namespaces/finalizers"] # finalizers are needed for the owner reference of the webhook
+ verbs: ["update"]
+ - apiGroups: ["apps"]
+ resources: ["deployments", "deployments/finalizers"] # finalizers are needed for the owner reference of the webhook
+ verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
+ - apiGroups: ["admissionregistration.k8s.io"]
+ resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"]
+ verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
+ - apiGroups: ["apiextensions.k8s.io"]
+ resources: ["customresourcedefinitions", "customresourcedefinitions/status"]
+ verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
+ - apiGroups: ["autoscaling"]
+ resources: ["horizontalpodautoscalers"]
+ verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
+ - apiGroups: ["coordination.k8s.io"]
+ resources: ["leases"]
+ verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
+ - apiGroups: ["serving.knative.dev", "autoscaling.internal.knative.dev", "networking.internal.knative.dev"]
+ resources: ["*", "*/status", "*/finalizers"]
+ verbs: ["get", "list", "create", "update", "delete", "deletecollection", "patch", "watch"]
+ - apiGroups: ["caching.internal.knative.dev"]
+ resources: ["images"]
+ verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
+ - apiGroups: ["cert-manager.io"]
+ resources: ["certificates", "clusterissuers", "certificaterequests", "issuers"]
+ verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
+ - apiGroups: ["acme.cert-manager.io"]
+ resources: ["challenges"]
+ verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
+ - apiGroups: ["rbac.authorization.k8s.io"]
+ resources: ["clusterroles"]
+ verbs: ["delete"]
+ resourceNames: ["knative-serving-certmanager"]
+
+---
+# Copyright 2019 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: knative-serving-podspecable-binding
+ labels:
+ app.kubernetes.io/version: "1.19.0"
+ app.kubernetes.io/name: knative-serving
+ # Labeled to facilitate aggregated cluster roles that act on PodSpecables.
+ duck.knative.dev/podspecable: "true"
+# Do not use this role directly. These rules will be added to the "podspecable-binder" role.
+rules:
+ - apiGroups:
+ - serving.knative.dev
+ resources:
+ - configurations
+ - services
+ verbs:
+ - list
+ - watch
+ - patch
+
+---
+# Copyright 2018 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: controller
+ namespace: knative-serving
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: knative-serving-admin
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+aggregationRule:
+ clusterRoleSelectors:
+ - matchLabels:
+ serving.knative.dev/controller: "true"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: knative-serving-controller-admin
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+subjects:
+ - kind: ServiceAccount
+ name: controller
+ namespace: knative-serving
+roleRef:
+ kind: ClusterRole
+ name: knative-serving-admin
+ apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: knative-serving-controller-addressable-resolver
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+subjects:
+ - kind: ServiceAccount
+ name: controller
+ namespace: knative-serving
+roleRef:
+ kind: ClusterRole
+ name: knative-serving-aggregated-addressable-resolver
+ apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: activator
+ namespace: knative-serving
+ labels:
+ app.kubernetes.io/component: activator
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: knative-serving-activator
+ namespace: knative-serving
+ labels:
+ app.kubernetes.io/component: activator
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+subjects:
+ - kind: ServiceAccount
+ name: activator
+ namespace: knative-serving
+roleRef:
+ kind: Role
+ name: knative-serving-activator
+ apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: knative-serving-activator-cluster
+ labels:
+ app.kubernetes.io/component: activator
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+subjects:
+ - kind: ServiceAccount
+ name: activator
+ namespace: knative-serving
+roleRef:
+ kind: ClusterRole
+ name: knative-serving-activator-cluster
+ apiGroup: rbac.authorization.k8s.io
+
+---
+# Copyright 2018 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: images.caching.internal.knative.dev
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+ knative.dev/crd-install: "true"
+spec:
+ group: caching.internal.knative.dev
+ names:
+ kind: Image
+ plural: images
+ singular: image
+ categories:
+ - knative-internal
+ - caching
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Image is a Knative abstraction that encapsulates the interface by which Knative
+ components express a desire to have a particular image cached.
+ type: object
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec holds the desired state of the Image (from the client).
+ type: object
+ required:
+ - image
+ properties:
+ image:
+ description: Image is the name of the container image url to cache across the cluster.
+ type: string
+ imagePullSecrets:
+ description: |-
+ ImagePullSecrets contains the names of the Kubernetes Secrets containing login
+ information used by the Pods which will run this container.
+ type: array
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ type: object
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ x-kubernetes-map-type: atomic
+ serviceAccountName:
+ description: |-
+ ServiceAccountName is the name of the Kubernetes ServiceAccount as which the Pods
+ will run this container. This is potentially used to authenticate the image pull
+ if the service account has attached pull secrets. For more information:
+ https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account
+ type: string
+ status:
+ description: Status communicates the observed state of the Image (from the controller).
+ type: object
+ properties:
+ annotations:
+ description: |-
+ Annotations is additional Status fields for the Resource to save some
+ additional State as well as convey more information to the user. This is
+ roughly akin to Annotations on any k8s resource, just the reconciler conveying
+ richer information outwards.
+ type: object
+ additionalProperties:
+ type: string
+ conditions:
+ description: Conditions the latest available observations of a resource's current state.
+ type: array
+ items:
+ description: |-
+ Condition defines a readiness condition for a Knative resource.
+ See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
+ type: object
+ required:
+ - status
+ - type
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time the condition transitioned from one status to another.
+ We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
+ differences (all other things held constant).
+ type: string
+ message:
+ description: A human readable message indicating details about the transition.
+ type: string
+ reason:
+ description: The reason for the condition's last transition.
+ type: string
+ severity:
+ description: |-
+ Severity with which to treat failures of this type of condition.
+ When this is not specified, it defaults to Error.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the 'Generation' of the Service that
+ was last processed by the controller.
+ type: integer
+ format: int64
+ additionalPrinterColumns:
+ - name: Image
+ type: string
+ jsonPath: .spec.image
+
+---
+apiVersion: networking.internal.knative.dev/v1alpha1
+kind: Certificate
+metadata:
+ annotations:
+ networking.knative.dev/certificate.class: cert-manager.certificate.networking.knative.dev
+ labels:
+ networking.knative.dev/certificate-type: system-internal
+ name: routing-serving-certs
+ namespace: knative-serving
+spec:
+ dnsNames:
+ - kn-routing
+ - data-plane.knative.dev # for reverse-compatibility with net-* implementations that do not work with multi-SANs
+ secretName: routing-serving-certs
+
+---
+# Copyright 2020 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: certificates.networking.internal.knative.dev
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/component: networking
+ app.kubernetes.io/version: "1.19.0"
+ knative.dev/crd-install: "true"
+spec:
+ group: networking.internal.knative.dev
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Certificate is responsible for provisioning a SSL certificate for the
+ given hosts. It is a Knative abstraction for various SSL certificate
+ provisioning solutions (such as cert-manager or self-signed SSL certificate).
+ type: object
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: |-
+ Spec is the desired state of the Certificate.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ type: object
+ required:
+ - dnsNames
+ - secretName
+ properties:
+ dnsNames:
+ description: |-
+ DNSNames is a list of DNS names the Certificate could support.
+ The wildcard format of DNSNames (e.g. *.default.example.com) is supported.
+ type: array
+ items:
+ type: string
+ domain:
+ description: Domain is the top level domain of the values for DNSNames.
+ type: string
+ secretName:
+ description: SecretName is the name of the secret resource to store the SSL certificate in.
+ type: string
+ status:
+ description: |-
+ Status is the current state of the Certificate.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ type: object
+ properties:
+ annotations:
+ description: |-
+ Annotations is additional Status fields for the Resource to save some
+ additional State as well as convey more information to the user. This is
+ roughly akin to Annotations on any k8s resource, just the reconciler conveying
+ richer information outwards.
+ type: object
+ additionalProperties:
+ type: string
+ conditions:
+ description: Conditions the latest available observations of a resource's current state.
+ type: array
+ items:
+ description: |-
+ Condition defines a readiness condition for a Knative resource.
+ See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
+ type: object
+ required:
+ - status
+ - type
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time the condition transitioned from one status to another.
+ We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
+ differences (all other things held constant).
+ type: string
+ message:
+ description: A human readable message indicating details about the transition.
+ type: string
+ reason:
+ description: The reason for the condition's last transition.
+ type: string
+ severity:
+ description: |-
+ Severity with which to treat failures of this type of condition.
+ When this is not specified, it defaults to Error.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition.
+ type: string
+ http01Challenges:
+ description: |-
+ HTTP01Challenges is a list of HTTP01 challenges that need to be fulfilled
+ in order to get the TLS certificate..
+ type: array
+ items:
+ description: |-
+ HTTP01Challenge defines the status of a HTTP01 challenge that a certificate needs
+ to fulfill.
+ type: object
+ properties:
+ serviceName:
+ description: ServiceName is the name of the service to serve HTTP01 challenge requests.
+ type: string
+ serviceNamespace:
+ description: ServiceNamespace is the namespace of the service to serve HTTP01 challenge requests.
+ type: string
+ servicePort:
+ description: ServicePort is the port of the service to serve HTTP01 challenge requests.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ url:
+ description: URL is the URL that the HTTP01 challenge is expected to serve on.
+ type: string
+ notAfter:
+ description: |-
+ The expiration time of the TLS certificate stored in the secret named
+ by this resource in spec.secretName.
+ type: string
+ format: date-time
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the 'Generation' of the Service that
+ was last processed by the controller.
+ type: integer
+ format: int64
+ additionalPrinterColumns:
+ - name: Ready
+ type: string
+ jsonPath: ".status.conditions[?(@.type==\"Ready\")].status"
+ - name: Reason
+ type: string
+ jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason"
+ names:
+ kind: Certificate
+ plural: certificates
+ singular: certificate
+ categories:
+ - knative-internal
+ - networking
+ shortNames:
+ - kcert
+ scope: Namespaced
+
+---
+# Copyright 2019 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: configurations.serving.knative.dev
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+ knative.dev/crd-install: "true"
+ duck.knative.dev/podspecable: "true"
+spec:
+ group: serving.knative.dev
+ names:
+ kind: Configuration
+ plural: configurations
+ singular: configuration
+ categories:
+ - all
+ - knative
+ - serving
+ shortNames:
+ - config
+ - cfg
+ scope: Namespaced
+ versions:
+ - name: v1
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ additionalPrinterColumns:
+ - name: LatestCreated
+ type: string
+ jsonPath: .status.latestCreatedRevisionName
+ - name: LatestReady
+ type: string
+ jsonPath: .status.latestReadyRevisionName
+ - name: Ready
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].status"
+ - name: Reason
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Configuration represents the "floating HEAD" of a linear history of Revisions.
+ Users create new Revisions by updating the Configuration's spec.
+ The "latest created" revision's name is available under status, as is the
+ "latest ready" revision's name.
+ See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#configuration
+ type: object
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ConfigurationSpec holds the desired state of the Configuration (from the client).
+ type: object
+ properties:
+ template:
+ description: Template holds the latest specification for the Revision to be stamped out.
+ type: object
+ properties:
+ metadata:
+ type: object
+ properties:
+ annotations:
+ type: object
+ additionalProperties:
+ type: string
+ finalizers:
+ type: array
+ items:
+ type: string
+ labels:
+ type: object
+ additionalProperties:
+ type: string
+ name:
+ type: string
+ namespace:
+ type: string
+ x-kubernetes-preserve-unknown-fields: true
+ spec:
+ description: RevisionSpec holds the desired state of the Revision (from the client).
+ type: object
+ required:
+ - containers
+ properties:
+ affinity:
+ description: This is accessible behind a feature flag - kubernetes.podspec-affinity
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ automountServiceAccountToken:
+ description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.
+ type: boolean
+ containerConcurrency:
+ description: |-
+ ContainerConcurrency specifies the maximum allowed in-flight (concurrent)
+ requests per container of the Revision. Defaults to `0` which means
+ concurrency to the application is not limited, and the system decides the
+ target concurrency for the autoscaler.
+ type: integer
+ format: int64
+ containers:
+ description: |-
+ List of containers belonging to the pod.
+ Containers cannot currently be added or removed.
+ There must be at least one container in a Pod.
+ Cannot be updated.
+ type: array
+ items:
+ description: A single application container that you want to run within a pod.
+ type: object
+ properties:
+ args:
+ description: |-
+ Arguments to the entrypoint.
+ The container image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ type: array
+ items:
+ type: string
+ x-kubernetes-list-type: atomic
+ command:
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The container image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ type: array
+ items:
+ type: string
+ x-kubernetes-list-type: atomic
+ env:
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
+ type: array
+ items:
+ description: EnvVar represents an environment variable present in a Container.
+ type: object
+ required:
+ - name
+ properties:
+ name:
+ description: Name of the environment variable. Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value. Cannot be used if value is not empty.
+ type: object
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ type: object
+ required:
+ - key
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: Specify whether the ConfigMap or its key must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-fieldref
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ resourceFieldRef:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-fieldref
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's namespace
+ type: object
+ required:
+ - key
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ envFrom:
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
+ type: array
+ items:
+ description: EnvFromSource represents the source of a set of ConfigMaps or Secrets
+ type: object
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ type: object
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: Specify whether the ConfigMap must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ type: object
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ x-kubernetes-list-type: atomic
+ image:
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
+ type: string
+ imagePullPolicy:
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ type: string
+ livenessProbe:
+ description: |-
+ Periodic probe of container liveness.
+ Container will be restarted if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: object
+ properties:
+ exec:
+ description: Exec specifies a command to execute in the container.
+ type: object
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ type: array
+ items:
+ type: string
+ x-kubernetes-list-type: atomic
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ type: integer
+ format: int32
+ grpc:
+ description: GRPC specifies a GRPC HealthCheckRequest.
+ type: object
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must be in the range 1 to 65535.
+ type: integer
+ format: int32
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ default: ""
+ httpGet:
+ description: HTTPGet specifies an HTTP GET request to perform.
+ type: object
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ type: array
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ type: object
+ required:
+ - name
+ - value
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ type: integer
+ format: int32
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ type: integer
+ format: int32
+ tcpSocket:
+ description: TCPSocket specifies a connection to a TCP port.
+ type: object
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ name:
+ description: |-
+ Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: |-
+ List of ports to expose from the container. Not specifying a port here
+ DOES NOT prevent that port from being exposed. Any port which is
+ listening on the default "0.0.0.0" address inside a container will be
+ accessible from the network.
+ Modifying this array with strategic merge patch may corrupt the data.
+ For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ type: array
+ items:
+ description: ContainerPort represents a network port in a single container.
+ type: object
+ properties:
+ containerPort:
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
+ type: integer
+ format: int32
+ name:
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
+ type: string
+ protocol:
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ default: TCP
+ readinessProbe:
+ description: |-
+ Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: object
+ properties:
+ exec:
+ description: Exec specifies a command to execute in the container.
+ type: object
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ type: array
+ items:
+ type: string
+ x-kubernetes-list-type: atomic
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ type: integer
+ format: int32
+ grpc:
+ description: GRPC specifies a GRPC HealthCheckRequest.
+ type: object
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must be in the range 1 to 65535.
+ type: integer
+ format: int32
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ default: ""
+ httpGet:
+ description: HTTPGet specifies an HTTP GET request to perform.
+ type: object
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ type: array
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ type: object
+ required:
+ - name
+ - value
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ type: integer
+ format: int32
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ type: integer
+ format: int32
+ tcpSocket:
+ description: TCPSocket specifies a connection to a TCP port.
+ type: object
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ resources:
+ description: |-
+ Compute Resources required by this container.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ properties:
+ limits:
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ additionalProperties:
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ requests:
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ additionalProperties:
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ securityContext:
+ description: |-
+ SecurityContext defines the security options the container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ type: object
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: object
+ properties:
+ add:
+ description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities
+ type: array
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ x-kubernetes-list-type: atomic
+ drop:
+ description: Removed capabilities
+ type: array
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ x-kubernetes-list-type: atomic
+ privileged:
+ description: |-
+ Run container in privileged mode. This can only be set to explicitly to 'false'
+ type: boolean
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: integer
+ format: int64
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: integer
+ format: int64
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: object
+ required:
+ - type
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ startupProbe:
+ description: |-
+ StartupProbe indicates that the Pod has successfully initialized.
+ If specified, no other probes are executed until this completes successfully.
+ If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+ when it might take a long time to load data or warm a cache, than during steady-state operation.
+ This cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: object
+ properties:
+ exec:
+ description: Exec specifies a command to execute in the container.
+ type: object
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ type: array
+ items:
+ type: string
+ x-kubernetes-list-type: atomic
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ type: integer
+ format: int32
+ grpc:
+ description: GRPC specifies a GRPC HealthCheckRequest.
+ type: object
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must be in the range 1 to 65535.
+ type: integer
+ format: int32
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ default: ""
+ httpGet:
+ description: HTTPGet specifies an HTTP GET request to perform.
+ type: object
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ type: array
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ type: object
+ required:
+ - name
+ - value
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ type: integer
+ format: int32
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ type: integer
+ format: int32
+ tcpSocket:
+ description: TCPSocket specifies a connection to a TCP port.
+ type: object
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ terminationMessagePath:
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
+ type: string
+ terminationMessagePolicy:
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
+ type: string
+ volumeMounts:
+ description: |-
+ Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ type: array
+ items:
+ description: VolumeMount describes a mounting of a Volume within a container.
+ type: object
+ required:
+ - mountPath
+ - name
+ properties:
+ mountPath:
+ description: |-
+ Path within the container at which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-volumes-mount-propagation
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
+ type: boolean
+ subPath:
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ x-kubernetes-list-map-keys:
+ - mountPath
+ x-kubernetes-list-type: map
+ workingDir:
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
+ type: string
+ dnsConfig:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-dnsconfig
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ dnsPolicy:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-dnspolicy
+ type: string
+ enableServiceLinks:
+ description: |-
+ EnableServiceLinks indicates whether information aboutservices should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.
+ type: boolean
+ hostAliases:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-hostaliases
+ type: array
+ items:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-hostaliases
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ hostIPC:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-hostipc
+ type: boolean
+ hostNetwork:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-hostnetwork
+ type: boolean
+ hostPID:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-hostpid
+ type: boolean
+ idleTimeoutSeconds:
+ description: |-
+ IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed
+ to stay open while not receiving any bytes from the user's application. If
+ unspecified, a system default will be provided.
+ type: integer
+ format: int64
+ imagePullSecrets:
+ description: |-
+ ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
+ If specified, these secrets will be passed to individual puller implementations for them to use.
+ More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
+ type: array
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ type: object
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ x-kubernetes-map-type: atomic
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ initContainers:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-init-containers
+ type: array
+ items:
+ description: This is accessible behind a feature flag - kubernetes.podspec-init-containers
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ nodeSelector:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-nodeselector
+ type: object
+ additionalProperties:
+ type: string
+ x-kubernetes-map-type: atomic
+ priorityClassName:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-priorityclassname
+ type: string
+ responseStartTimeoutSeconds:
+ description: |-
+ ResponseStartTimeoutSeconds is the maximum duration in seconds that the request
+ routing layer will wait for a request delivered to a container to begin
+ sending any network traffic.
+ type: integer
+ format: int64
+ runtimeClassName:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname
+ type: string
+ schedulerName:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-schedulername
+ type: string
+ securityContext:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-securitycontext
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ serviceAccountName:
+ description: |-
+ ServiceAccountName is the name of the ServiceAccount to use to run this pod.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+ type: string
+ shareProcessNamespace:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-shareprocessnamespace
+ type: boolean
+ timeoutSeconds:
+ description: |-
+ TimeoutSeconds is the maximum duration in seconds that the request instance
+ is allowed to respond to a request. If unspecified, a system default will
+ be provided.
+ type: integer
+ format: int64
+ tolerations:
+ description: This is accessible behind a feature flag - kubernetes.podspec-tolerations
+ type: array
+ items:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-tolerations
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ topologySpreadConstraints:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints
+ type: array
+ items:
+ description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ volumes:
+ description: |-
+ List of volumes that can be mounted by containers belonging to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes
+ type: array
+ items:
+ description: Volume represents a named volume in a pod that may be accessed by any container in the pod.
+ type: object
+ required:
+ - name
+ properties:
+ configMap:
+ description: configMap represents a configMap that should populate this volume
+ type: object
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode is optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ type: array
+ items:
+ description: Maps a string key to a path within a volume.
+ type: object
+ required:
+ - key
+ - path
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ x-kubernetes-list-type: atomic
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: optional specify whether the ConfigMap or its keys must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ csi:
+ description: This is accessible behind a feature flag - kubernetes.podspec-volumes-csi
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ emptyDir:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-volumes-emptydir
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ hostPath:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-volumes-hostpath
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ image:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-volumes-image
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ name:
+ description: |-
+ name of the volume.
+ Must be a DNS_LABEL and unique within the pod.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ persistentVolumeClaim:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ projected:
+ description: projected items for all in one resources secrets, configmaps, and downward API
+ type: object
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode are the mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ sources:
+ description: |-
+ sources is the list of volume projections. Each entry in this list
+ handles one source.
+ type: array
+ items:
+ description: |-
+ Projection that may be projected along with other supported volume types.
+ Exactly one of these fields must be set.
+ type: object
+ properties:
+ configMap:
+ description: configMap information about the configMap data to project
+ type: object
+ properties:
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ type: array
+ items:
+ description: Maps a string key to a path within a volume.
+ type: object
+ required:
+ - key
+ - path
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ x-kubernetes-list-type: atomic
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: optional specify whether the ConfigMap or its keys must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ downwardAPI:
+ description: downwardAPI information about the downwardAPI data to project
+ type: object
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume file
+ type: array
+ items:
+ description: DownwardAPIVolumeFile represents information to create the file containing the pod field
+ type: object
+ required:
+ - path
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.'
+ type: object
+ required:
+ - fieldPath
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the specified API version.
+ type: string
+ x-kubernetes-map-type: atomic
+ mode:
+ description: |-
+ Optional: mode bits used to set permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ path:
+ description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ type: object
+ required:
+ - resource
+ properties:
+ containerName:
+ description: 'Container name: required for volumes, optional for env vars'
+ type: string
+ divisor:
+ description: Specifies the output format of the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ x-kubernetes-map-type: atomic
+ x-kubernetes-list-type: atomic
+ secret:
+ description: secret information about the secret data to project
+ type: object
+ properties:
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ type: array
+ items:
+ description: Maps a string key to a path within a volume.
+ type: object
+ required:
+ - key
+ - path
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ x-kubernetes-list-type: atomic
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: optional field specify whether the Secret or its key must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ serviceAccountToken:
+ description: serviceAccountToken is information about the serviceAccountToken data to project
+ type: object
+ required:
+ - path
+ properties:
+ audience:
+ description: |-
+ audience is the intended audience of the token. A recipient of a token
+ must identify itself with an identifier specified in the audience of the
+ token, and otherwise should reject the token. The audience defaults to the
+ identifier of the apiserver.
+ type: string
+ expirationSeconds:
+ description: |-
+ expirationSeconds is the requested duration of validity of the service
+ account token. As the token approaches expiration, the kubelet volume
+ plugin will proactively rotate the service account token. The kubelet will
+ start trying to rotate the token if the token is older than 80 percent of
+ its time to live or if the token is older than 24 hours.Defaults to 1 hour
+ and must be at least 10 minutes.
+ type: integer
+ format: int64
+ path:
+ description: |-
+ path is the path relative to the mount point of the file to project the
+ token into.
+ type: string
+ x-kubernetes-list-type: atomic
+ secret:
+ description: |-
+ secret represents a secret that should populate this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ type: object
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode is Optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values
+ for mode bits. Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ items:
+ description: |-
+ items If unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ type: array
+ items:
+ description: Maps a string key to a path within a volume.
+ type: object
+ required:
+ - key
+ - path
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ x-kubernetes-list-type: atomic
+ optional:
+ description: optional field specify whether the Secret or its keys must be defined
+ type: boolean
+ secretName:
+ description: |-
+ secretName is the name of the secret in the pod's namespace to use.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ type: string
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ status:
+ description: ConfigurationStatus communicates the observed state of the Configuration (from the controller).
+ type: object
+ properties:
+ annotations:
+ description: |-
+ Annotations is additional Status fields for the Resource to save some
+ additional State as well as convey more information to the user. This is
+ roughly akin to Annotations on any k8s resource, just the reconciler conveying
+ richer information outwards.
+ type: object
+ additionalProperties:
+ type: string
+ conditions:
+ description: Conditions the latest available observations of a resource's current state.
+ type: array
+ items:
+ description: |-
+ Condition defines a readiness condition for a Knative resource.
+ See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
+ type: object
+ required:
+ - status
+ - type
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time the condition transitioned from one status to another.
+ We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
+ differences (all other things held constant).
+ type: string
+ message:
+ description: A human readable message indicating details about the transition.
+ type: string
+ reason:
+ description: The reason for the condition's last transition.
+ type: string
+ severity:
+ description: |-
+ Severity with which to treat failures of this type of condition.
+ When this is not specified, it defaults to Error.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition.
+ type: string
+ latestCreatedRevisionName:
+ description: |-
+ LatestCreatedRevisionName is the last revision that was created from this
+ Configuration. It might not be ready yet, for that use LatestReadyRevisionName.
+ type: string
+ latestReadyRevisionName:
+ description: |-
+ LatestReadyRevisionName holds the name of the latest Revision stamped out
+ from this Configuration that has had its "Ready" condition become "True".
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the 'Generation' of the Service that
+ was last processed by the controller.
+ type: integer
+ format: int64
+
+---
+# Copyright 2020 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: clusterdomainclaims.networking.internal.knative.dev
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/component: networking
+ app.kubernetes.io/version: "1.19.0"
+ knative.dev/crd-install: "true"
+spec:
+ group: networking.internal.knative.dev
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ schema:
+ openAPIV3Schema:
+ description: ClusterDomainClaim is a cluster-wide reservation for a particular domain name.
+ type: object
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: |-
+ Spec is the desired state of the ClusterDomainClaim.
+ More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ type: object
+ required:
+ - namespace
+ properties:
+ namespace:
+ description: |-
+ Namespace is the namespace which is allowed to create a DomainMapping
+ using this ClusterDomainClaim's name.
+ type: string
+ names:
+ kind: ClusterDomainClaim
+ plural: clusterdomainclaims
+ singular: clusterdomainclaim
+ categories:
+ - knative-internal
+ - networking
+ shortNames:
+ - cdc
+ scope: Cluster
+
+---
+# Copyright 2020 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: domainmappings.serving.knative.dev
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+ knative.dev/crd-install: "true"
+spec:
+ group: serving.knative.dev
+ versions:
+ - name: v1beta1
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ additionalPrinterColumns:
+ - name: URL
+ type: string
+ jsonPath: .status.url
+ - name: Ready
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].status"
+ - name: Reason
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
+ "schema":
+ "openAPIV3Schema":
+ description: DomainMapping is a mapping from a custom hostname to an Addressable.
+ type: object
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: |-
+ Spec is the desired state of the DomainMapping.
+ More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ type: object
+ required:
+ - ref
+ properties:
+ ref:
+ description: |-
+ Ref specifies the target of the Domain Mapping.
+
+ The object identified by the Ref must be an Addressable with a URL of the
+ form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain,
+ and `{name}` and `{namespace}` are the name and namespace of a Kubernetes
+ Service.
+
+ This contract is satisfied by Knative types such as Knative Services and
+ Knative Routes, and by Kubernetes Services.
+ type: object
+ required:
+ - kind
+ - name
+ properties:
+ address:
+ description: Address points to a specific Address Name.
+ type: string
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ group:
+ description: |-
+ Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup.
+ Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ This is optional field, it gets defaulted to the object holding it if left out.
+ type: string
+ tls:
+ description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret.
+ type: object
+ required:
+ - secretName
+ properties:
+ secretName:
+ description: SecretName is the name of the existing secret used to terminate TLS traffic.
+ type: string
+ status:
+ description: |-
+ Status is the current state of the DomainMapping.
+ More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ type: object
+ properties:
+ address:
+ description: Address holds the information needed for a DomainMapping to be the target of an event.
+ type: object
+ properties:
+ CACerts:
+ description: |-
+ CACerts is the Certification Authority (CA) certificates in PEM format
+ according to https://www.rfc-editor.org/rfc/rfc7468.
+ type: string
+ audience:
+ description: Audience is the OIDC audience for this address.
+ type: string
+ name:
+ description: Name is the name of the address.
+ type: string
+ url:
+ type: string
+ annotations:
+ description: |-
+ Annotations is additional Status fields for the Resource to save some
+ additional State as well as convey more information to the user. This is
+ roughly akin to Annotations on any k8s resource, just the reconciler conveying
+ richer information outwards.
+ type: object
+ additionalProperties:
+ type: string
+ conditions:
+ description: Conditions the latest available observations of a resource's current state.
+ type: array
+ items:
+ description: |-
+ Condition defines a readiness condition for a Knative resource.
+ See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
+ type: object
+ required:
+ - status
+ - type
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time the condition transitioned from one status to another.
+ We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
+ differences (all other things held constant).
+ type: string
+ message:
+ description: A human readable message indicating details about the transition.
+ type: string
+ reason:
+ description: The reason for the condition's last transition.
+ type: string
+ severity:
+ description: |-
+ Severity with which to treat failures of this type of condition.
+ When this is not specified, it defaults to Error.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the 'Generation' of the Service that
+ was last processed by the controller.
+ type: integer
+ format: int64
+ url:
+ description: URL is the URL of this DomainMapping.
+ type: string
+ names:
+ kind: DomainMapping
+ plural: domainmappings
+ singular: domainmapping
+ categories:
+ - all
+ - knative
+ - serving
+ shortNames:
+ - dm
+ scope: Namespaced
+
+---
+# Copyright 2020 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: ingresses.networking.internal.knative.dev
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/component: networking
+ app.kubernetes.io/version: "1.19.0"
+ knative.dev/crd-install: "true"
+spec:
+ group: networking.internal.knative.dev
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Ingress is a collection of rules that allow inbound connections to reach the endpoints defined
+ by a backend. An Ingress can be configured to give services externally-reachable URLs, load
+ balance traffic, offer name based virtual hosting, etc.
+
+ This is heavily based on K8s Ingress https://godoc.org/k8s.io/api/networking/v1beta1#Ingress
+ which some highlighted modifications.
+ type: object
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: |-
+ Spec is the desired state of the Ingress.
+ More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ type: object
+ properties:
+ httpOption:
+ description: |-
+ HTTPOption is the option of HTTP. It has the following two values:
+ `HTTPOptionEnabled`, `HTTPOptionRedirected`
+ type: string
+ rules:
+ description: A list of host rules used to configure the Ingress.
+ type: array
+ items:
+ description: |-
+ IngressRule represents the rules mapping the paths under a specified host to
+ the related backend services. Incoming requests are first evaluated for a host
+ match, then routed to the backend associated with the matching IngressRuleValue.
+ type: object
+ properties:
+ hosts:
+ description: |-
+ Host is the fully qualified domain name of a network host, as defined
+ by RFC 3986. Note the following deviations from the "host" part of the
+ URI as defined in the RFC:
+ 1. IPs are not allowed. Currently a rule value can only apply to the
+ IP in the Spec of the parent .
+ 2. The `:` delimiter is not respected because ports are not allowed.
+ Currently the port of an Ingress is implicitly :80 for http and
+ :443 for https.
+ Both these may change in the future.
+ If the host is unspecified, the Ingress routes all traffic based on the
+ specified IngressRuleValue.
+ If multiple matching Hosts were provided, the first rule will take precedent.
+ type: array
+ items:
+ type: string
+ http:
+ description: |-
+ HTTP represents a rule to apply against incoming requests. If the
+ rule is satisfied, the request is routed to the specified backend.
+ type: object
+ required:
+ - paths
+ properties:
+ paths:
+ description: |-
+ A collection of paths that map requests to backends.
+
+ If they are multiple matching paths, the first match takes precedence.
+ type: array
+ items:
+ description: |-
+ HTTPIngressPath associates a path regex with a backend. Incoming URLs matching
+ the path are forwarded to the backend.
+ type: object
+ required:
+ - splits
+ properties:
+ appendHeaders:
+ description: |-
+ AppendHeaders allow specifying additional HTTP headers to add
+ before forwarding a request to the destination service.
+
+ NOTE: This differs from K8s Ingress which doesn't allow header appending.
+ type: object
+ additionalProperties:
+ type: string
+ headers:
+ description: |-
+ Headers defines header matching rules which is a map from a header name
+ to HeaderMatch which specify a matching condition.
+ When a request matched with all the header matching rules,
+ the request is routed by the corresponding ingress rule.
+ If it is empty, the headers are not used for matching
+ type: object
+ additionalProperties:
+ description: |-
+ HeaderMatch represents a matching value of Headers in HTTPIngressPath.
+ Currently, only the exact matching is supported.
+ type: object
+ required:
+ - exact
+ properties:
+ exact:
+ type: string
+ path:
+ description: |-
+ Path represents a literal prefix to which this rule should apply.
+ Currently it can contain characters disallowed from the conventional
+ "path" part of a URL as defined by RFC 3986. Paths must begin with
+ a '/'. If unspecified, the path defaults to a catch all sending
+ traffic to the backend.
+ type: string
+ rewriteHost:
+ description: |-
+ RewriteHost rewrites the incoming request's host header.
+
+ This field is currently experimental and not supported by all Ingress
+ implementations.
+ type: string
+ splits:
+ description: |-
+ Splits defines the referenced service endpoints to which the traffic
+ will be forwarded to.
+ type: array
+ items:
+ description: IngressBackendSplit describes all endpoints for a given service and port.
+ type: object
+ required:
+ - serviceName
+ - serviceNamespace
+ - servicePort
+ properties:
+ appendHeaders:
+ description: |-
+ AppendHeaders allow specifying additional HTTP headers to add
+ before forwarding a request to the destination service.
+
+ NOTE: This differs from K8s Ingress which doesn't allow header appending.
+ type: object
+ additionalProperties:
+ type: string
+ percent:
+ description: |-
+ Specifies the split percentage, a number between 0 and 100. If
+ only one split is specified, we default to 100.
+
+ NOTE: This differs from K8s Ingress to allow percentage split.
+ type: integer
+ serviceName:
+ description: Specifies the name of the referenced service.
+ type: string
+ serviceNamespace:
+ description: |-
+ Specifies the namespace of the referenced service.
+
+ NOTE: This differs from K8s Ingress to allow routing to different namespaces.
+ type: string
+ servicePort:
+ description: Specifies the port of the referenced service.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ visibility:
+ description: |-
+ Visibility signifies whether this rule should `ClusterLocal`. If it's not
+ specified then it defaults to `ExternalIP`.
+ type: string
+ tls:
+ description: |-
+ TLS configuration. Currently Ingress only supports a single TLS
+ port: 443. If multiple members of this list specify different hosts, they
+ will be multiplexed on the same port according to the hostname specified
+ through the SNI TLS extension, if the ingress controller fulfilling the
+ ingress supports SNI.
+ type: array
+ items:
+ description: IngressTLS describes the transport layer security associated with an Ingress.
+ type: object
+ properties:
+ hosts:
+ description: |-
+ Hosts is a list of hosts included in the TLS certificate. The values in
+ this list must match the name/s used in the tlsSecret. Defaults to the
+ wildcard host setting for the loadbalancer controller fulfilling this
+ Ingress, if left unspecified.
+ type: array
+ items:
+ type: string
+ secretName:
+ description: SecretName is the name of the secret used to terminate SSL traffic.
+ type: string
+ secretNamespace:
+ description: |-
+ SecretNamespace is the namespace of the secret used to terminate SSL traffic.
+ If not set the namespace should be assumed to be the same as the Ingress.
+ If set the secret should have the same namespace as the Ingress otherwise
+ the behaviour is undefined and not supported.
+ type: string
+ status:
+ description: |-
+ Status is the current state of the Ingress.
+ More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ type: object
+ properties:
+ annotations:
+ description: |-
+ Annotations is additional Status fields for the Resource to save some
+ additional State as well as convey more information to the user. This is
+ roughly akin to Annotations on any k8s resource, just the reconciler conveying
+ richer information outwards.
+ type: object
+ additionalProperties:
+ type: string
+ conditions:
+ description: Conditions the latest available observations of a resource's current state.
+ type: array
+ items:
+ description: |-
+ Condition defines a readiness condition for a Knative resource.
+ See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
+ type: object
+ required:
+ - status
+ - type
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time the condition transitioned from one status to another.
+ We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
+ differences (all other things held constant).
+ type: string
+ message:
+ description: A human readable message indicating details about the transition.
+ type: string
+ reason:
+ description: The reason for the condition's last transition.
+ type: string
+ severity:
+ description: |-
+ Severity with which to treat failures of this type of condition.
+ When this is not specified, it defaults to Error.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the 'Generation' of the Service that
+ was last processed by the controller.
+ type: integer
+ format: int64
+ privateLoadBalancer:
+ description: PrivateLoadBalancer contains the current status of the load-balancer.
+ type: object
+ properties:
+ ingress:
+ description: |-
+ Ingress is a list containing ingress points for the load-balancer.
+ Traffic intended for the service should be sent to these ingress points.
+ type: array
+ items:
+ description: |-
+ LoadBalancerIngressStatus represents the status of a load-balancer ingress point:
+ traffic intended for the service should be sent to an ingress point.
+ type: object
+ properties:
+ domain:
+ description: |-
+ Domain is set for load-balancer ingress points that are DNS based
+ (typically AWS load-balancers)
+ type: string
+ domainInternal:
+ description: |-
+ DomainInternal is set if there is a cluster-local DNS name to access the Ingress.
+
+ NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local
+ DNS name to allow routing in case of not having a mesh.
+ type: string
+ ip:
+ description: |-
+ IP is set for load-balancer ingress points that are IP based
+ (typically GCE or OpenStack load-balancers)
+ type: string
+ meshOnly:
+ description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh.
+ type: boolean
+ publicLoadBalancer:
+ description: PublicLoadBalancer contains the current status of the load-balancer.
+ type: object
+ properties:
+ ingress:
+ description: |-
+ Ingress is a list containing ingress points for the load-balancer.
+ Traffic intended for the service should be sent to these ingress points.
+ type: array
+ items:
+ description: |-
+ LoadBalancerIngressStatus represents the status of a load-balancer ingress point:
+ traffic intended for the service should be sent to an ingress point.
+ type: object
+ properties:
+ domain:
+ description: |-
+ Domain is set for load-balancer ingress points that are DNS based
+ (typically AWS load-balancers)
+ type: string
+ domainInternal:
+ description: |-
+ DomainInternal is set if there is a cluster-local DNS name to access the Ingress.
+
+ NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local
+ DNS name to allow routing in case of not having a mesh.
+ type: string
+ ip:
+ description: |-
+ IP is set for load-balancer ingress points that are IP based
+ (typically GCE or OpenStack load-balancers)
+ type: string
+ meshOnly:
+ description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh.
+ type: boolean
+ additionalPrinterColumns:
+ - name: Ready
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].status"
+ - name: Reason
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
+ names:
+ kind: Ingress
+ plural: ingresses
+ singular: ingress
+ categories:
+ - knative-internal
+ - networking
+ shortNames:
+ - kingress
+ - king
+ scope: Namespaced
+
+---
+# Copyright 2019 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: metrics.autoscaling.internal.knative.dev
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+ knative.dev/crd-install: "true"
+spec:
+ group: autoscaling.internal.knative.dev
+ names:
+ kind: Metric
+ plural: metrics
+ singular: metric
+ categories:
+ - knative-internal
+ - autoscaling
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ additionalPrinterColumns:
+ - name: Ready
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].status"
+ - name: Reason
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
+ schema:
+ openAPIV3Schema:
+ description: Metric represents a resource to configure the metric collector with.
+ type: object
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec holds the desired state of the Metric (from the client).
+ type: object
+ required:
+ - panicWindow
+ - scrapeTarget
+ - stableWindow
+ properties:
+ panicWindow:
+ description: PanicWindow is the aggregation window for metrics where quick reactions are needed.
+ type: integer
+ format: int64
+ scrapeTarget:
+ description: ScrapeTarget is the K8s service that publishes the metric endpoint.
+ type: string
+ stableWindow:
+ description: StableWindow is the aggregation window for metrics in a stable state.
+ type: integer
+ format: int64
+ status:
+ description: Status communicates the observed state of the Metric (from the controller).
+ type: object
+ properties:
+ annotations:
+ description: |-
+ Annotations is additional Status fields for the Resource to save some
+ additional State as well as convey more information to the user. This is
+ roughly akin to Annotations on any k8s resource, just the reconciler conveying
+ richer information outwards.
+ type: object
+ additionalProperties:
+ type: string
+ conditions:
+ description: Conditions the latest available observations of a resource's current state.
+ type: array
+ items:
+ description: |-
+ Condition defines a readiness condition for a Knative resource.
+ See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
+ type: object
+ required:
+ - status
+ - type
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time the condition transitioned from one status to another.
+ We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
+ differences (all other things held constant).
+ type: string
+ message:
+ description: A human readable message indicating details about the transition.
+ type: string
+ reason:
+ description: The reason for the condition's last transition.
+ type: string
+ severity:
+ description: |-
+ Severity with which to treat failures of this type of condition.
+ When this is not specified, it defaults to Error.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the 'Generation' of the Service that
+ was last processed by the controller.
+ type: integer
+ format: int64
+
+---
+# Copyright 2018 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: podautoscalers.autoscaling.internal.knative.dev
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+ knative.dev/crd-install: "true"
+spec:
+ group: autoscaling.internal.knative.dev
+ names:
+ kind: PodAutoscaler
+ plural: podautoscalers
+ singular: podautoscaler
+ categories:
+ - knative-internal
+ - autoscaling
+ shortNames:
+ - kpa
+ - pa
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ additionalPrinterColumns:
+ - name: DesiredScale
+ type: integer
+ jsonPath: ".status.desiredScale"
+ - name: ActualScale
+ type: integer
+ jsonPath: ".status.actualScale"
+ - name: Ready
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].status"
+ - name: Reason
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
+ schema:
+ openAPIV3Schema:
+ description: |-
+ PodAutoscaler is a Knative abstraction that encapsulates the interface by which Knative
+ components instantiate autoscalers. This definition is an abstraction that may be backed
+ by multiple definitions. For more information, see the Knative Pluggability presentation:
+ https://docs.google.com/presentation/d/19vW9HFZ6Puxt31biNZF3uLRejDmu82rxJIk1cWmxF7w/edit
+ type: object
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec holds the desired state of the PodAutoscaler (from the client).
+ type: object
+ required:
+ - protocolType
+ - scaleTargetRef
+ properties:
+ containerConcurrency:
+ description: |-
+ ContainerConcurrency specifies the maximum allowed
+ in-flight (concurrent) requests per container of the Revision.
+ Defaults to `0` which means unlimited concurrency.
+ type: integer
+ format: int64
+ protocolType:
+ description: The application-layer protocol. Matches `ProtocolType` inferred from the revision spec.
+ type: string
+ reachability:
+ description: |-
+ Reachability specifies whether or not the `ScaleTargetRef` can be reached (ie. has a route).
+ Defaults to `ReachabilityUnknown`
+ type: string
+ scaleTargetRef:
+ description: |-
+ ScaleTargetRef defines the /scale-able resource that this PodAutoscaler
+ is responsible for quickly right-sizing.
+ type: object
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ x-kubernetes-map-type: atomic
+ status:
+ description: Status communicates the observed state of the PodAutoscaler (from the controller).
+ type: object
+ required:
+ - metricsServiceName
+ - serviceName
+ properties:
+ actualScale:
+ description: ActualScale shows the actual number of replicas for the revision.
+ type: integer
+ format: int32
+ annotations:
+ description: |-
+ Annotations is additional Status fields for the Resource to save some
+ additional State as well as convey more information to the user. This is
+ roughly akin to Annotations on any k8s resource, just the reconciler conveying
+ richer information outwards.
+ type: object
+ additionalProperties:
+ type: string
+ conditions:
+ description: Conditions the latest available observations of a resource's current state.
+ type: array
+ items:
+ description: |-
+ Condition defines a readiness condition for a Knative resource.
+ See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
+ type: object
+ required:
+ - status
+ - type
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time the condition transitioned from one status to another.
+ We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
+ differences (all other things held constant).
+ type: string
+ message:
+ description: A human readable message indicating details about the transition.
+ type: string
+ reason:
+ description: The reason for the condition's last transition.
+ type: string
+ severity:
+ description: |-
+ Severity with which to treat failures of this type of condition.
+ When this is not specified, it defaults to Error.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition.
+ type: string
+ desiredScale:
+ description: DesiredScale shows the current desired number of replicas for the revision.
+ type: integer
+ format: int32
+ metricsServiceName:
+ description: |-
+ MetricsServiceName is the K8s Service name that provides revision metrics.
+ The service is managed by the PA object.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the 'Generation' of the Service that
+ was last processed by the controller.
+ type: integer
+ format: int64
+ serviceName:
+ description: |-
+ ServiceName is the K8s Service name that serves the revision, scaled by this PA.
+ The service is created and owned by the ServerlessService object owned by this PA.
+ type: string
+
+---
+# Copyright 2019 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: revisions.serving.knative.dev
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+ knative.dev/crd-install: "true"
+spec:
+ group: serving.knative.dev
+ names:
+ kind: Revision
+ plural: revisions
+ singular: revision
+ categories:
+ - all
+ - knative
+ - serving
+ shortNames:
+ - rev
+ scope: Namespaced
+ versions:
+ - name: v1
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ additionalPrinterColumns:
+ - name: Config Name
+ type: string
+ jsonPath: ".metadata.labels['serving\\.knative\\.dev/configuration']"
+ - name: Generation
+ type: string # int in string form :(
+ jsonPath: ".metadata.labels['serving\\.knative\\.dev/configurationGeneration']"
+ - name: Ready
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].status"
+ - name: Reason
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
+ - name: Actual Replicas
+ type: integer
+ jsonPath: ".status.actualReplicas"
+ - name: Desired Replicas
+ type: integer
+ jsonPath: ".status.desiredReplicas"
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Revision is an immutable snapshot of code and configuration. A revision
+ references a container image. Revisions are created by updates to a
+ Configuration.
+
+ See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#revision
+ type: object
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: RevisionSpec holds the desired state of the Revision (from the client).
+ type: object
+ required:
+ - containers
+ properties:
+ affinity:
+ description: This is accessible behind a feature flag - kubernetes.podspec-affinity
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ automountServiceAccountToken:
+ description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.
+ type: boolean
+ containerConcurrency:
+ description: |-
+ ContainerConcurrency specifies the maximum allowed in-flight (concurrent)
+ requests per container of the Revision. Defaults to `0` which means
+ concurrency to the application is not limited, and the system decides the
+ target concurrency for the autoscaler.
+ type: integer
+ format: int64
+ containers:
+ description: |-
+ List of containers belonging to the pod.
+ Containers cannot currently be added or removed.
+ There must be at least one container in a Pod.
+ Cannot be updated.
+ type: array
+ items:
+ description: A single application container that you want to run within a pod.
+ type: object
+ properties:
+ args:
+ description: |-
+ Arguments to the entrypoint.
+ The container image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ type: array
+ items:
+ type: string
+ x-kubernetes-list-type: atomic
+ command:
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The container image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ type: array
+ items:
+ type: string
+ x-kubernetes-list-type: atomic
+ env:
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
+ type: array
+ items:
+ description: EnvVar represents an environment variable present in a Container.
+ type: object
+ required:
+ - name
+ properties:
+ name:
+ description: Name of the environment variable. Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value. Cannot be used if value is not empty.
+ type: object
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ type: object
+ required:
+ - key
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: Specify whether the ConfigMap or its key must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-fieldref
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ resourceFieldRef:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-fieldref
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's namespace
+ type: object
+ required:
+ - key
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ envFrom:
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
+ type: array
+ items:
+ description: EnvFromSource represents the source of a set of ConfigMaps or Secrets
+ type: object
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ type: object
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: Specify whether the ConfigMap must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ type: object
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ x-kubernetes-list-type: atomic
+ image:
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
+ type: string
+ imagePullPolicy:
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ type: string
+ livenessProbe:
+ description: |-
+ Periodic probe of container liveness.
+ Container will be restarted if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: object
+ properties:
+ exec:
+ description: Exec specifies a command to execute in the container.
+ type: object
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ type: array
+ items:
+ type: string
+ x-kubernetes-list-type: atomic
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ type: integer
+ format: int32
+ grpc:
+ description: GRPC specifies a GRPC HealthCheckRequest.
+ type: object
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must be in the range 1 to 65535.
+ type: integer
+ format: int32
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ default: ""
+ httpGet:
+ description: HTTPGet specifies an HTTP GET request to perform.
+ type: object
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ type: array
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ type: object
+ required:
+ - name
+ - value
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ type: integer
+ format: int32
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ type: integer
+ format: int32
+ tcpSocket:
+ description: TCPSocket specifies a connection to a TCP port.
+ type: object
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ name:
+ description: |-
+ Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: |-
+ List of ports to expose from the container. Not specifying a port here
+ DOES NOT prevent that port from being exposed. Any port which is
+ listening on the default "0.0.0.0" address inside a container will be
+ accessible from the network.
+ Modifying this array with strategic merge patch may corrupt the data.
+ For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ type: array
+ items:
+ description: ContainerPort represents a network port in a single container.
+ type: object
+ properties:
+ containerPort:
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
+ type: integer
+ format: int32
+ name:
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
+ type: string
+ protocol:
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ default: TCP
+ readinessProbe:
+ description: |-
+ Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: object
+ properties:
+ exec:
+ description: Exec specifies a command to execute in the container.
+ type: object
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ type: array
+ items:
+ type: string
+ x-kubernetes-list-type: atomic
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ type: integer
+ format: int32
+ grpc:
+ description: GRPC specifies a GRPC HealthCheckRequest.
+ type: object
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must be in the range 1 to 65535.
+ type: integer
+ format: int32
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ default: ""
+ httpGet:
+ description: HTTPGet specifies an HTTP GET request to perform.
+ type: object
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ type: array
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ type: object
+ required:
+ - name
+ - value
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ type: integer
+ format: int32
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ type: integer
+ format: int32
+ tcpSocket:
+ description: TCPSocket specifies a connection to a TCP port.
+ type: object
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ resources:
+ description: |-
+ Compute Resources required by this container.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ properties:
+ limits:
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ additionalProperties:
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ requests:
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ additionalProperties:
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ securityContext:
+ description: |-
+ SecurityContext defines the security options the container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ type: object
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: object
+ properties:
+ add:
+ description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities
+ type: array
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ x-kubernetes-list-type: atomic
+ drop:
+ description: Removed capabilities
+ type: array
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ x-kubernetes-list-type: atomic
+ privileged:
+ description: |-
+ Run container in privileged mode. This can only be set to explicitly to 'false'
+ type: boolean
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: integer
+ format: int64
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: integer
+ format: int64
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: object
+ required:
+ - type
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ startupProbe:
+ description: |-
+ StartupProbe indicates that the Pod has successfully initialized.
+ If specified, no other probes are executed until this completes successfully.
+ If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+ when it might take a long time to load data or warm a cache, than during steady-state operation.
+ This cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: object
+ properties:
+ exec:
+ description: Exec specifies a command to execute in the container.
+ type: object
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ type: array
+ items:
+ type: string
+ x-kubernetes-list-type: atomic
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ type: integer
+ format: int32
+ grpc:
+ description: GRPC specifies a GRPC HealthCheckRequest.
+ type: object
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must be in the range 1 to 65535.
+ type: integer
+ format: int32
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ default: ""
+ httpGet:
+ description: HTTPGet specifies an HTTP GET request to perform.
+ type: object
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ type: array
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ type: object
+ required:
+ - name
+ - value
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ type: integer
+ format: int32
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ type: integer
+ format: int32
+ tcpSocket:
+ description: TCPSocket specifies a connection to a TCP port.
+ type: object
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ terminationMessagePath:
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
+ type: string
+ terminationMessagePolicy:
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
+ type: string
+ volumeMounts:
+ description: |-
+ Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ type: array
+ items:
+ description: VolumeMount describes a mounting of a Volume within a container.
+ type: object
+ required:
+ - mountPath
+ - name
+ properties:
+ mountPath:
+ description: |-
+ Path within the container at which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-volumes-mount-propagation
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
+ type: boolean
+ subPath:
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ x-kubernetes-list-map-keys:
+ - mountPath
+ x-kubernetes-list-type: map
+ workingDir:
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
+ type: string
+ dnsConfig:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-dnsconfig
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ dnsPolicy:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-dnspolicy
+ type: string
+ enableServiceLinks:
+ description: |-
+ EnableServiceLinks indicates whether information aboutservices should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.
+ type: boolean
+ hostAliases:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-hostaliases
+ type: array
+ items:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-hostaliases
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ hostIPC:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-hostipc
+ type: boolean
+ hostNetwork:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-hostnetwork
+ type: boolean
+ hostPID:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-hostpid
+ type: boolean
+ idleTimeoutSeconds:
+ description: |-
+ IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed
+ to stay open while not receiving any bytes from the user's application. If
+ unspecified, a system default will be provided.
+ type: integer
+ format: int64
+ imagePullSecrets:
+ description: |-
+ ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
+ If specified, these secrets will be passed to individual puller implementations for them to use.
+ More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
+ type: array
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ type: object
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ x-kubernetes-map-type: atomic
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ initContainers:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-init-containers
+ type: array
+ items:
+ description: This is accessible behind a feature flag - kubernetes.podspec-init-containers
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ nodeSelector:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-nodeselector
+ type: object
+ additionalProperties:
+ type: string
+ x-kubernetes-map-type: atomic
+ priorityClassName:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-priorityclassname
+ type: string
+ responseStartTimeoutSeconds:
+ description: |-
+ ResponseStartTimeoutSeconds is the maximum duration in seconds that the request
+ routing layer will wait for a request delivered to a container to begin
+ sending any network traffic.
+ type: integer
+ format: int64
+ runtimeClassName:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname
+ type: string
+ schedulerName:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-schedulername
+ type: string
+ securityContext:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-securitycontext
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ serviceAccountName:
+ description: |-
+ ServiceAccountName is the name of the ServiceAccount to use to run this pod.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+ type: string
+ shareProcessNamespace:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-shareprocessnamespace
+ type: boolean
+ timeoutSeconds:
+ description: |-
+ TimeoutSeconds is the maximum duration in seconds that the request instance
+ is allowed to respond to a request. If unspecified, a system default will
+ be provided.
+ type: integer
+ format: int64
+ tolerations:
+ description: This is accessible behind a feature flag - kubernetes.podspec-tolerations
+ type: array
+ items:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-tolerations
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ topologySpreadConstraints:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints
+ type: array
+ items:
+ description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ volumes:
+ description: |-
+ List of volumes that can be mounted by containers belonging to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes
+ type: array
+ items:
+ description: Volume represents a named volume in a pod that may be accessed by any container in the pod.
+ type: object
+ required:
+ - name
+ properties:
+ configMap:
+ description: configMap represents a configMap that should populate this volume
+ type: object
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode is optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ type: array
+ items:
+ description: Maps a string key to a path within a volume.
+ type: object
+ required:
+ - key
+ - path
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ x-kubernetes-list-type: atomic
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: optional specify whether the ConfigMap or its keys must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ csi:
+ description: This is accessible behind a feature flag - kubernetes.podspec-volumes-csi
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ emptyDir:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-volumes-emptydir
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ hostPath:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-volumes-hostpath
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ image:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-volumes-image
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ name:
+ description: |-
+ name of the volume.
+ Must be a DNS_LABEL and unique within the pod.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ persistentVolumeClaim:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ projected:
+ description: projected items for all in one resources secrets, configmaps, and downward API
+ type: object
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode are the mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ sources:
+ description: |-
+ sources is the list of volume projections. Each entry in this list
+ handles one source.
+ type: array
+ items:
+ description: |-
+ Projection that may be projected along with other supported volume types.
+ Exactly one of these fields must be set.
+ type: object
+ properties:
+ configMap:
+ description: configMap information about the configMap data to project
+ type: object
+ properties:
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ type: array
+ items:
+ description: Maps a string key to a path within a volume.
+ type: object
+ required:
+ - key
+ - path
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ x-kubernetes-list-type: atomic
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: optional specify whether the ConfigMap or its keys must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ downwardAPI:
+ description: downwardAPI information about the downwardAPI data to project
+ type: object
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume file
+ type: array
+ items:
+ description: DownwardAPIVolumeFile represents information to create the file containing the pod field
+ type: object
+ required:
+ - path
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.'
+ type: object
+ required:
+ - fieldPath
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the specified API version.
+ type: string
+ x-kubernetes-map-type: atomic
+ mode:
+ description: |-
+ Optional: mode bits used to set permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ path:
+ description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ type: object
+ required:
+ - resource
+ properties:
+ containerName:
+ description: 'Container name: required for volumes, optional for env vars'
+ type: string
+ divisor:
+ description: Specifies the output format of the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ x-kubernetes-map-type: atomic
+ x-kubernetes-list-type: atomic
+ secret:
+ description: secret information about the secret data to project
+ type: object
+ properties:
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ type: array
+ items:
+ description: Maps a string key to a path within a volume.
+ type: object
+ required:
+ - key
+ - path
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ x-kubernetes-list-type: atomic
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: optional field specify whether the Secret or its key must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ serviceAccountToken:
+ description: serviceAccountToken is information about the serviceAccountToken data to project
+ type: object
+ required:
+ - path
+ properties:
+ audience:
+ description: |-
+ audience is the intended audience of the token. A recipient of a token
+ must identify itself with an identifier specified in the audience of the
+ token, and otherwise should reject the token. The audience defaults to the
+ identifier of the apiserver.
+ type: string
+ expirationSeconds:
+ description: |-
+ expirationSeconds is the requested duration of validity of the service
+ account token. As the token approaches expiration, the kubelet volume
+ plugin will proactively rotate the service account token. The kubelet will
+ start trying to rotate the token if the token is older than 80 percent of
+ its time to live or if the token is older than 24 hours.Defaults to 1 hour
+ and must be at least 10 minutes.
+ type: integer
+ format: int64
+ path:
+ description: |-
+ path is the path relative to the mount point of the file to project the
+ token into.
+ type: string
+ x-kubernetes-list-type: atomic
+ secret:
+ description: |-
+ secret represents a secret that should populate this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ type: object
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode is Optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values
+ for mode bits. Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ items:
+ description: |-
+ items If unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ type: array
+ items:
+ description: Maps a string key to a path within a volume.
+ type: object
+ required:
+ - key
+ - path
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ x-kubernetes-list-type: atomic
+ optional:
+ description: optional field specify whether the Secret or its keys must be defined
+ type: boolean
+ secretName:
+ description: |-
+ secretName is the name of the secret in the pod's namespace to use.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ type: string
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ status:
+ description: RevisionStatus communicates the observed state of the Revision (from the controller).
+ type: object
+ properties:
+ actualReplicas:
+ description: ActualReplicas reflects the amount of ready pods running this revision.
+ type: integer
+ format: int32
+ annotations:
+ description: |-
+ Annotations is additional Status fields for the Resource to save some
+ additional State as well as convey more information to the user. This is
+ roughly akin to Annotations on any k8s resource, just the reconciler conveying
+ richer information outwards.
+ type: object
+ additionalProperties:
+ type: string
+ conditions:
+ description: Conditions the latest available observations of a resource's current state.
+ type: array
+ items:
+ description: |-
+ Condition defines a readiness condition for a Knative resource.
+ See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
+ type: object
+ required:
+ - status
+ - type
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time the condition transitioned from one status to another.
+ We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
+ differences (all other things held constant).
+ type: string
+ message:
+ description: A human readable message indicating details about the transition.
+ type: string
+ reason:
+ description: The reason for the condition's last transition.
+ type: string
+ severity:
+ description: |-
+ Severity with which to treat failures of this type of condition.
+ When this is not specified, it defaults to Error.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition.
+ type: string
+ containerStatuses:
+ description: |-
+ ContainerStatuses is a slice of images present in .Spec.Container[*].Image
+ to their respective digests and their container name.
+ The digests are resolved during the creation of Revision.
+ ContainerStatuses holds the container name and image digests
+ for both serving and non serving containers.
+ ref: http://bit.ly/image-digests
+ type: array
+ items:
+ description: ContainerStatus holds the information of container name and image digest value
+ type: object
+ properties:
+ imageDigest:
+ type: string
+ name:
+ type: string
+ desiredReplicas:
+ description: DesiredReplicas reflects the desired amount of pods running this revision.
+ type: integer
+ format: int32
+ initContainerStatuses:
+ description: |-
+ InitContainerStatuses is a slice of images present in .Spec.InitContainer[*].Image
+ to their respective digests and their container name.
+ The digests are resolved during the creation of Revision.
+ ContainerStatuses holds the container name and image digests
+ for both serving and non serving containers.
+ ref: http://bit.ly/image-digests
+ type: array
+ items:
+ description: ContainerStatus holds the information of container name and image digest value
+ type: object
+ properties:
+ imageDigest:
+ type: string
+ name:
+ type: string
+ logUrl:
+ description: |-
+ LogURL specifies the generated logging url for this particular revision
+ based on the revision url template specified in the controller's config.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the 'Generation' of the Service that
+ was last processed by the controller.
+ type: integer
+ format: int64
+
+---
+# Copyright 2019 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: routes.serving.knative.dev
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+ knative.dev/crd-install: "true"
+ duck.knative.dev/addressable: "true"
+spec:
+ group: serving.knative.dev
+ names:
+ kind: Route
+ plural: routes
+ singular: route
+ categories:
+ - all
+ - knative
+ - serving
+ shortNames:
+ - rt
+ scope: Namespaced
+ versions:
+ - name: v1
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ additionalPrinterColumns:
+ - name: URL
+ type: string
+ jsonPath: .status.url
+ - name: Ready
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].status"
+ - name: Reason
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Route is responsible for configuring ingress over a collection of Revisions.
+ Some of the Revisions a Route distributes traffic over may be specified by
+ referencing the Configuration responsible for creating them; in these cases
+ the Route is additionally responsible for monitoring the Configuration for
+ "latest ready revision" changes, and smoothly rolling out latest revisions.
+ See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#route
+ type: object
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec holds the desired state of the Route (from the client).
+ type: object
+ properties:
+ traffic:
+ description: |-
+ Traffic specifies how to distribute traffic over a collection of
+ revisions and configurations.
+ type: array
+ items:
+ description: TrafficTarget holds a single entry of the routing table for a Route.
+ type: object
+ properties:
+ configurationName:
+ description: |-
+ ConfigurationName of a configuration to whose latest revision we will send
+ this portion of traffic. When the "status.latestReadyRevisionName" of the
+ referenced configuration changes, we will automatically migrate traffic
+ from the prior "latest ready" revision to the new one. This field is never
+ set in Route's status, only its spec. This is mutually exclusive with
+ RevisionName.
+ type: string
+ latestRevision:
+ description: |-
+ LatestRevision may be optionally provided to indicate that the latest
+ ready Revision of the Configuration should be used for this traffic
+ target. When provided LatestRevision must be true if RevisionName is
+ empty; it must be false when RevisionName is non-empty.
+ type: boolean
+ percent:
+ description: |-
+ Percent indicates that percentage based routing should be used and
+ the value indicates the percent of traffic that is be routed to this
+ Revision or Configuration. `0` (zero) mean no traffic, `100` means all
+ traffic.
+ When percentage based routing is being used the follow rules apply:
+ - the sum of all percent values must equal 100
+ - when not specified, the implied value for `percent` is zero for
+ that particular Revision or Configuration
+ type: integer
+ format: int64
+ revisionName:
+ description: |-
+ RevisionName of a specific revision to which to send this portion of
+ traffic. This is mutually exclusive with ConfigurationName.
+ type: string
+ tag:
+ description: |-
+ Tag is optionally used to expose a dedicated url for referencing
+ this target exclusively.
+ type: string
+ url:
+ description: |-
+ URL displays the URL for accessing named traffic targets. URL is displayed in
+ status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and
+ a hostname, but may not contain anything else (e.g. basic auth, url path, etc.)
+ type: string
+ status:
+ description: Status communicates the observed state of the Route (from the controller).
+ type: object
+ properties:
+ address:
+ description: Address holds the information needed for a Route to be the target of an event.
+ type: object
+ properties:
+ CACerts:
+ description: |-
+ CACerts is the Certification Authority (CA) certificates in PEM format
+ according to https://www.rfc-editor.org/rfc/rfc7468.
+ type: string
+ audience:
+ description: Audience is the OIDC audience for this address.
+ type: string
+ name:
+ description: Name is the name of the address.
+ type: string
+ url:
+ type: string
+ annotations:
+ description: |-
+ Annotations is additional Status fields for the Resource to save some
+ additional State as well as convey more information to the user. This is
+ roughly akin to Annotations on any k8s resource, just the reconciler conveying
+ richer information outwards.
+ type: object
+ additionalProperties:
+ type: string
+ conditions:
+ description: Conditions the latest available observations of a resource's current state.
+ type: array
+ items:
+ description: |-
+ Condition defines a readiness condition for a Knative resource.
+ See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
+ type: object
+ required:
+ - status
+ - type
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time the condition transitioned from one status to another.
+ We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
+ differences (all other things held constant).
+ type: string
+ message:
+ description: A human readable message indicating details about the transition.
+ type: string
+ reason:
+ description: The reason for the condition's last transition.
+ type: string
+ severity:
+ description: |-
+ Severity with which to treat failures of this type of condition.
+ When this is not specified, it defaults to Error.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the 'Generation' of the Service that
+ was last processed by the controller.
+ type: integer
+ format: int64
+ traffic:
+ description: |-
+ Traffic holds the configured traffic distribution.
+ These entries will always contain RevisionName references.
+ When ConfigurationName appears in the spec, this will hold the
+ LatestReadyRevisionName that we last observed.
+ type: array
+ items:
+ description: TrafficTarget holds a single entry of the routing table for a Route.
+ type: object
+ properties:
+ configurationName:
+ description: |-
+ ConfigurationName of a configuration to whose latest revision we will send
+ this portion of traffic. When the "status.latestReadyRevisionName" of the
+ referenced configuration changes, we will automatically migrate traffic
+ from the prior "latest ready" revision to the new one. This field is never
+ set in Route's status, only its spec. This is mutually exclusive with
+ RevisionName.
+ type: string
+ latestRevision:
+ description: |-
+ LatestRevision may be optionally provided to indicate that the latest
+ ready Revision of the Configuration should be used for this traffic
+ target. When provided LatestRevision must be true if RevisionName is
+ empty; it must be false when RevisionName is non-empty.
+ type: boolean
+ percent:
+ description: |-
+ Percent indicates that percentage based routing should be used and
+ the value indicates the percent of traffic that is be routed to this
+ Revision or Configuration. `0` (zero) mean no traffic, `100` means all
+ traffic.
+ When percentage based routing is being used the follow rules apply:
+ - the sum of all percent values must equal 100
+ - when not specified, the implied value for `percent` is zero for
+ that particular Revision or Configuration
+ type: integer
+ format: int64
+ revisionName:
+ description: |-
+ RevisionName of a specific revision to which to send this portion of
+ traffic. This is mutually exclusive with ConfigurationName.
+ type: string
+ tag:
+ description: |-
+ Tag is optionally used to expose a dedicated url for referencing
+ this target exclusively.
+ type: string
+ url:
+ description: |-
+ URL displays the URL for accessing named traffic targets. URL is displayed in
+ status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and
+ a hostname, but may not contain anything else (e.g. basic auth, url path, etc.)
+ type: string
+ url:
+ description: |-
+ URL holds the url that will distribute traffic over the provided traffic targets.
+ It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix}
+ type: string
+
+---
+# Copyright 2019 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: serverlessservices.networking.internal.knative.dev
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/component: networking
+ app.kubernetes.io/version: "1.19.0"
+ knative.dev/crd-install: "true"
+spec:
+ group: networking.internal.knative.dev
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ schema:
+ openAPIV3Schema:
+ description: |-
+ ServerlessService is a proxy for the K8s service objects containing the
+ endpoints for the revision, whether those are endpoints of the activator or
+ revision pods.
+ See: https://knative.page.link/naxz for details.
+ type: object
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: |-
+ Spec is the desired state of the ServerlessService.
+ More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ type: object
+ required:
+ - objectRef
+ - protocolType
+ properties:
+ mode:
+ description: Mode describes the mode of operation of the ServerlessService.
+ type: string
+ numActivators:
+ description: |-
+ NumActivators contains number of Activators that this revision should be
+ assigned.
+ O means — assign all.
+ type: integer
+ format: int32
+ objectRef:
+ description: |-
+ ObjectRef defines the resource that this ServerlessService
+ is responsible for making "serverless".
+ type: object
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ x-kubernetes-map-type: atomic
+ protocolType:
+ description: |-
+ The application-layer protocol. Matches `RevisionProtocolType` set on the owning pa/revision.
+ serving imports networking, so just use string.
+ type: string
+ status:
+ description: |-
+ Status is the current state of the ServerlessService.
+ More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ type: object
+ properties:
+ annotations:
+ description: |-
+ Annotations is additional Status fields for the Resource to save some
+ additional State as well as convey more information to the user. This is
+ roughly akin to Annotations on any k8s resource, just the reconciler conveying
+ richer information outwards.
+ type: object
+ additionalProperties:
+ type: string
+ conditions:
+ description: Conditions the latest available observations of a resource's current state.
+ type: array
+ items:
+ description: |-
+ Condition defines a readiness condition for a Knative resource.
+ See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
+ type: object
+ required:
+ - status
+ - type
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time the condition transitioned from one status to another.
+ We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
+ differences (all other things held constant).
+ type: string
+ message:
+ description: A human readable message indicating details about the transition.
+ type: string
+ reason:
+ description: The reason for the condition's last transition.
+ type: string
+ severity:
+ description: |-
+ Severity with which to treat failures of this type of condition.
+ When this is not specified, it defaults to Error.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the 'Generation' of the Service that
+ was last processed by the controller.
+ type: integer
+ format: int64
+ privateServiceName:
+ description: |-
+ PrivateServiceName holds the name of a core K8s Service resource that
+ load balances over the user service pods backing this Revision.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName holds the name of a core K8s Service resource that
+ load balances over the pods backing this Revision (activator or revision).
+ type: string
+ additionalPrinterColumns:
+ - name: Mode
+ type: string
+ jsonPath: ".spec.mode"
+ - name: Activators
+ type: integer
+ jsonPath: ".spec.numActivators"
+ - name: ServiceName
+ type: string
+ jsonPath: ".status.serviceName"
+ - name: PrivateServiceName
+ type: string
+ jsonPath: ".status.privateServiceName"
+ - name: Ready
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].status"
+ - name: Reason
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
+ names:
+ kind: ServerlessService
+ plural: serverlessservices
+ singular: serverlessservice
+ categories:
+ - knative-internal
+ - networking
+ shortNames:
+ - sks
+ scope: Namespaced
+
+---
+# Copyright 2019 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: services.serving.knative.dev
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+ knative.dev/crd-install: "true"
+ duck.knative.dev/addressable: "true"
+ duck.knative.dev/podspecable: "true"
+spec:
+ group: serving.knative.dev
+ names:
+ kind: Service
+ plural: services
+ singular: service
+ categories:
+ - all
+ - knative
+ - serving
+ shortNames:
+ - kservice
+ - ksvc
+ scope: Namespaced
+ versions:
+ - name: v1
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ additionalPrinterColumns:
+ - name: URL
+ type: string
+ jsonPath: .status.url
+ - name: LatestCreated
+ type: string
+ jsonPath: .status.latestCreatedRevisionName
+ - name: LatestReady
+ type: string
+ jsonPath: .status.latestReadyRevisionName
+ - name: Ready
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].status"
+ - name: Reason
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Service acts as a top-level container that manages a Route and Configuration
+ which implement a network service. Service exists to provide a singular
+ abstraction which can be access controlled, reasoned about, and which
+ encapsulates software lifecycle decisions such as rollout policy and
+ team resource ownership. Service acts only as an orchestrator of the
+ underlying Routes and Configurations (much as a kubernetes Deployment
+ orchestrates ReplicaSets), and its usage is optional but recommended.
+
+ The Service's controller will track the statuses of its owned Configuration
+ and Route, reflecting their statuses and conditions as its own.
+
+ See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#service
+ type: object
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: |-
+ ServiceSpec represents the configuration for the Service object.
+ A Service's specification is the union of the specifications for a Route
+ and Configuration. The Service restricts what can be expressed in these
+ fields, e.g. the Route must reference the provided Configuration;
+ however, these limitations also enable friendlier defaulting,
+ e.g. Route never needs a Configuration name, and may be defaulted to
+ the appropriate "run latest" spec.
+ type: object
+ properties:
+ template:
+ description: Template holds the latest specification for the Revision to be stamped out.
+ type: object
+ properties:
+ metadata:
+ type: object
+ properties:
+ annotations:
+ type: object
+ additionalProperties:
+ type: string
+ finalizers:
+ type: array
+ items:
+ type: string
+ labels:
+ type: object
+ additionalProperties:
+ type: string
+ name:
+ type: string
+ namespace:
+ type: string
+ x-kubernetes-preserve-unknown-fields: true
+ spec:
+ description: RevisionSpec holds the desired state of the Revision (from the client).
+ type: object
+ required:
+ - containers
+ properties:
+ affinity:
+ description: This is accessible behind a feature flag - kubernetes.podspec-affinity
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ automountServiceAccountToken:
+ description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.
+ type: boolean
+ containerConcurrency:
+ description: |-
+ ContainerConcurrency specifies the maximum allowed in-flight (concurrent)
+ requests per container of the Revision. Defaults to `0` which means
+ concurrency to the application is not limited, and the system decides the
+ target concurrency for the autoscaler.
+ type: integer
+ format: int64
+ containers:
+ description: |-
+ List of containers belonging to the pod.
+ Containers cannot currently be added or removed.
+ There must be at least one container in a Pod.
+ Cannot be updated.
+ type: array
+ items:
+ description: A single application container that you want to run within a pod.
+ type: object
+ properties:
+ args:
+ description: |-
+ Arguments to the entrypoint.
+ The container image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ type: array
+ items:
+ type: string
+ x-kubernetes-list-type: atomic
+ command:
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The container image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ type: array
+ items:
+ type: string
+ x-kubernetes-list-type: atomic
+ env:
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
+ type: array
+ items:
+ description: EnvVar represents an environment variable present in a Container.
+ type: object
+ required:
+ - name
+ properties:
+ name:
+ description: Name of the environment variable. Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value. Cannot be used if value is not empty.
+ type: object
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ type: object
+ required:
+ - key
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: Specify whether the ConfigMap or its key must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-fieldref
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ resourceFieldRef:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-fieldref
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's namespace
+ type: object
+ required:
+ - key
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ envFrom:
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
+ type: array
+ items:
+ description: EnvFromSource represents the source of a set of ConfigMaps or Secrets
+ type: object
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ type: object
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: Specify whether the ConfigMap must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ type: object
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ x-kubernetes-list-type: atomic
+ image:
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
+ type: string
+ imagePullPolicy:
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ type: string
+ livenessProbe:
+ description: |-
+ Periodic probe of container liveness.
+ Container will be restarted if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: object
+ properties:
+ exec:
+ description: Exec specifies a command to execute in the container.
+ type: object
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ type: array
+ items:
+ type: string
+ x-kubernetes-list-type: atomic
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ type: integer
+ format: int32
+ grpc:
+ description: GRPC specifies a GRPC HealthCheckRequest.
+ type: object
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must be in the range 1 to 65535.
+ type: integer
+ format: int32
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ default: ""
+ httpGet:
+ description: HTTPGet specifies an HTTP GET request to perform.
+ type: object
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ type: array
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ type: object
+ required:
+ - name
+ - value
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ type: integer
+ format: int32
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ type: integer
+ format: int32
+ tcpSocket:
+ description: TCPSocket specifies a connection to a TCP port.
+ type: object
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ name:
+ description: |-
+ Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: |-
+ List of ports to expose from the container. Not specifying a port here
+ DOES NOT prevent that port from being exposed. Any port which is
+ listening on the default "0.0.0.0" address inside a container will be
+ accessible from the network.
+ Modifying this array with strategic merge patch may corrupt the data.
+ For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ type: array
+ items:
+ description: ContainerPort represents a network port in a single container.
+ type: object
+ properties:
+ containerPort:
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
+ type: integer
+ format: int32
+ name:
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
+ type: string
+ protocol:
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ default: TCP
+ readinessProbe:
+ description: |-
+ Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: object
+ properties:
+ exec:
+ description: Exec specifies a command to execute in the container.
+ type: object
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ type: array
+ items:
+ type: string
+ x-kubernetes-list-type: atomic
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ type: integer
+ format: int32
+ grpc:
+ description: GRPC specifies a GRPC HealthCheckRequest.
+ type: object
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must be in the range 1 to 65535.
+ type: integer
+ format: int32
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ default: ""
+ httpGet:
+ description: HTTPGet specifies an HTTP GET request to perform.
+ type: object
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ type: array
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ type: object
+ required:
+ - name
+ - value
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ type: integer
+ format: int32
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ type: integer
+ format: int32
+ tcpSocket:
+ description: TCPSocket specifies a connection to a TCP port.
+ type: object
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ resources:
+ description: |-
+ Compute Resources required by this container.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ properties:
+ limits:
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ additionalProperties:
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ requests:
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ additionalProperties:
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ securityContext:
+ description: |-
+ SecurityContext defines the security options the container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ type: object
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: object
+ properties:
+ add:
+ description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities
+ type: array
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ x-kubernetes-list-type: atomic
+ drop:
+ description: Removed capabilities
+ type: array
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ x-kubernetes-list-type: atomic
+ privileged:
+ description: |-
+ Run container in privileged mode. This can only be set to explicitly to 'false'
+ type: boolean
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: integer
+ format: int64
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: integer
+ format: int64
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: object
+ required:
+ - type
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ startupProbe:
+ description: |-
+ StartupProbe indicates that the Pod has successfully initialized.
+ If specified, no other probes are executed until this completes successfully.
+ If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+ when it might take a long time to load data or warm a cache, than during steady-state operation.
+ This cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: object
+ properties:
+ exec:
+ description: Exec specifies a command to execute in the container.
+ type: object
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ type: array
+ items:
+ type: string
+ x-kubernetes-list-type: atomic
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ type: integer
+ format: int32
+ grpc:
+ description: GRPC specifies a GRPC HealthCheckRequest.
+ type: object
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must be in the range 1 to 65535.
+ type: integer
+ format: int32
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ default: ""
+ httpGet:
+ description: HTTPGet specifies an HTTP GET request to perform.
+ type: object
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ type: array
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ type: object
+ required:
+ - name
+ - value
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ type: integer
+ format: int32
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ type: integer
+ format: int32
+ tcpSocket:
+ description: TCPSocket specifies a connection to a TCP port.
+ type: object
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ type: integer
+ format: int32
+ terminationMessagePath:
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
+ type: string
+ terminationMessagePolicy:
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
+ type: string
+ volumeMounts:
+ description: |-
+ Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ type: array
+ items:
+ description: VolumeMount describes a mounting of a Volume within a container.
+ type: object
+ required:
+ - mountPath
+ - name
+ properties:
+ mountPath:
+ description: |-
+ Path within the container at which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-volumes-mount-propagation
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
+ type: boolean
+ subPath:
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ x-kubernetes-list-map-keys:
+ - mountPath
+ x-kubernetes-list-type: map
+ workingDir:
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
+ type: string
+ dnsConfig:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-dnsconfig
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ dnsPolicy:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-dnspolicy
+ type: string
+ enableServiceLinks:
+ description: |-
+ EnableServiceLinks indicates whether information aboutservices should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.
+ type: boolean
+ hostAliases:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-hostaliases
+ type: array
+ items:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-hostaliases
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ hostIPC:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-hostipc
+ type: boolean
+ hostNetwork:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-hostnetwork
+ type: boolean
+ hostPID:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-hostpid
+ type: boolean
+ idleTimeoutSeconds:
+ description: |-
+ IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed
+ to stay open while not receiving any bytes from the user's application. If
+ unspecified, a system default will be provided.
+ type: integer
+ format: int64
+ imagePullSecrets:
+ description: |-
+ ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
+ If specified, these secrets will be passed to individual puller implementations for them to use.
+ More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
+ type: array
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ type: object
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ x-kubernetes-map-type: atomic
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ initContainers:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-init-containers
+ type: array
+ items:
+ description: This is accessible behind a feature flag - kubernetes.podspec-init-containers
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ nodeSelector:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-nodeselector
+ type: object
+ additionalProperties:
+ type: string
+ x-kubernetes-map-type: atomic
+ priorityClassName:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-priorityclassname
+ type: string
+ responseStartTimeoutSeconds:
+ description: |-
+ ResponseStartTimeoutSeconds is the maximum duration in seconds that the request
+ routing layer will wait for a request delivered to a container to begin
+ sending any network traffic.
+ type: integer
+ format: int64
+ runtimeClassName:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname
+ type: string
+ schedulerName:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-schedulername
+ type: string
+ securityContext:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-securitycontext
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ serviceAccountName:
+ description: |-
+ ServiceAccountName is the name of the ServiceAccount to use to run this pod.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+ type: string
+ shareProcessNamespace:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-shareprocessnamespace
+ type: boolean
+ timeoutSeconds:
+ description: |-
+ TimeoutSeconds is the maximum duration in seconds that the request instance
+ is allowed to respond to a request. If unspecified, a system default will
+ be provided.
+ type: integer
+ format: int64
+ tolerations:
+ description: This is accessible behind a feature flag - kubernetes.podspec-tolerations
+ type: array
+ items:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-tolerations
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ topologySpreadConstraints:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints
+ type: array
+ items:
+ description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ volumes:
+ description: |-
+ List of volumes that can be mounted by containers belonging to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes
+ type: array
+ items:
+ description: Volume represents a named volume in a pod that may be accessed by any container in the pod.
+ type: object
+ required:
+ - name
+ properties:
+ configMap:
+ description: configMap represents a configMap that should populate this volume
+ type: object
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode is optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ type: array
+ items:
+ description: Maps a string key to a path within a volume.
+ type: object
+ required:
+ - key
+ - path
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ x-kubernetes-list-type: atomic
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: optional specify whether the ConfigMap or its keys must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ csi:
+ description: This is accessible behind a feature flag - kubernetes.podspec-volumes-csi
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ emptyDir:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-volumes-emptydir
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ hostPath:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-volumes-hostpath
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ image:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-volumes-image
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ name:
+ description: |-
+ name of the volume.
+ Must be a DNS_LABEL and unique within the pod.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ persistentVolumeClaim:
+ description: |-
+ This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ projected:
+ description: projected items for all in one resources secrets, configmaps, and downward API
+ type: object
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode are the mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ sources:
+ description: |-
+ sources is the list of volume projections. Each entry in this list
+ handles one source.
+ type: array
+ items:
+ description: |-
+ Projection that may be projected along with other supported volume types.
+ Exactly one of these fields must be set.
+ type: object
+ properties:
+ configMap:
+ description: configMap information about the configMap data to project
+ type: object
+ properties:
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ type: array
+ items:
+ description: Maps a string key to a path within a volume.
+ type: object
+ required:
+ - key
+ - path
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ x-kubernetes-list-type: atomic
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: optional specify whether the ConfigMap or its keys must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ downwardAPI:
+ description: downwardAPI information about the downwardAPI data to project
+ type: object
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume file
+ type: array
+ items:
+ description: DownwardAPIVolumeFile represents information to create the file containing the pod field
+ type: object
+ required:
+ - path
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.'
+ type: object
+ required:
+ - fieldPath
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the specified API version.
+ type: string
+ x-kubernetes-map-type: atomic
+ mode:
+ description: |-
+ Optional: mode bits used to set permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ path:
+ description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ type: object
+ required:
+ - resource
+ properties:
+ containerName:
+ description: 'Container name: required for volumes, optional for env vars'
+ type: string
+ divisor:
+ description: Specifies the output format of the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ x-kubernetes-map-type: atomic
+ x-kubernetes-list-type: atomic
+ secret:
+ description: secret information about the secret data to project
+ type: object
+ properties:
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ type: array
+ items:
+ description: Maps a string key to a path within a volume.
+ type: object
+ required:
+ - key
+ - path
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ x-kubernetes-list-type: atomic
+ name:
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ default: ""
+ optional:
+ description: optional field specify whether the Secret or its key must be defined
+ type: boolean
+ x-kubernetes-map-type: atomic
+ serviceAccountToken:
+ description: serviceAccountToken is information about the serviceAccountToken data to project
+ type: object
+ required:
+ - path
+ properties:
+ audience:
+ description: |-
+ audience is the intended audience of the token. A recipient of a token
+ must identify itself with an identifier specified in the audience of the
+ token, and otherwise should reject the token. The audience defaults to the
+ identifier of the apiserver.
+ type: string
+ expirationSeconds:
+ description: |-
+ expirationSeconds is the requested duration of validity of the service
+ account token. As the token approaches expiration, the kubelet volume
+ plugin will proactively rotate the service account token. The kubelet will
+ start trying to rotate the token if the token is older than 80 percent of
+ its time to live or if the token is older than 24 hours.Defaults to 1 hour
+ and must be at least 10 minutes.
+ type: integer
+ format: int64
+ path:
+ description: |-
+ path is the path relative to the mount point of the file to project the
+ token into.
+ type: string
+ x-kubernetes-list-type: atomic
+ secret:
+ description: |-
+ secret represents a secret that should populate this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ type: object
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode is Optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values
+ for mode bits. Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ items:
+ description: |-
+ items If unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ type: array
+ items:
+ description: Maps a string key to a path within a volume.
+ type: object
+ required:
+ - key
+ - path
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ type: integer
+ format: int32
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ x-kubernetes-list-type: atomic
+ optional:
+ description: optional field specify whether the Secret or its keys must be defined
+ type: boolean
+ secretName:
+ description: |-
+ secretName is the name of the secret in the pod's namespace to use.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ type: string
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ traffic:
+ description: |-
+ Traffic specifies how to distribute traffic over a collection of
+ revisions and configurations.
+ type: array
+ items:
+ description: TrafficTarget holds a single entry of the routing table for a Route.
+ type: object
+ properties:
+ configurationName:
+ description: |-
+ ConfigurationName of a configuration to whose latest revision we will send
+ this portion of traffic. When the "status.latestReadyRevisionName" of the
+ referenced configuration changes, we will automatically migrate traffic
+ from the prior "latest ready" revision to the new one. This field is never
+ set in Route's status, only its spec. This is mutually exclusive with
+ RevisionName.
+ type: string
+ latestRevision:
+ description: |-
+ LatestRevision may be optionally provided to indicate that the latest
+ ready Revision of the Configuration should be used for this traffic
+ target. When provided LatestRevision must be true if RevisionName is
+ empty; it must be false when RevisionName is non-empty.
+ type: boolean
+ percent:
+ description: |-
+ Percent indicates that percentage based routing should be used and
+ the value indicates the percent of traffic that is be routed to this
+ Revision or Configuration. `0` (zero) mean no traffic, `100` means all
+ traffic.
+ When percentage based routing is being used the follow rules apply:
+ - the sum of all percent values must equal 100
+ - when not specified, the implied value for `percent` is zero for
+ that particular Revision or Configuration
+ type: integer
+ format: int64
+ revisionName:
+ description: |-
+ RevisionName of a specific revision to which to send this portion of
+ traffic. This is mutually exclusive with ConfigurationName.
+ type: string
+ tag:
+ description: |-
+ Tag is optionally used to expose a dedicated url for referencing
+ this target exclusively.
+ type: string
+ url:
+ description: |-
+ URL displays the URL for accessing named traffic targets. URL is displayed in
+ status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and
+ a hostname, but may not contain anything else (e.g. basic auth, url path, etc.)
+ type: string
+ status:
+ description: ServiceStatus represents the Status stanza of the Service resource.
+ type: object
+ properties:
+ address:
+ description: Address holds the information needed for a Route to be the target of an event.
+ type: object
+ properties:
+ CACerts:
+ description: |-
+ CACerts is the Certification Authority (CA) certificates in PEM format
+ according to https://www.rfc-editor.org/rfc/rfc7468.
+ type: string
+ audience:
+ description: Audience is the OIDC audience for this address.
+ type: string
+ name:
+ description: Name is the name of the address.
+ type: string
+ url:
+ type: string
+ annotations:
+ description: |-
+ Annotations is additional Status fields for the Resource to save some
+ additional State as well as convey more information to the user. This is
+ roughly akin to Annotations on any k8s resource, just the reconciler conveying
+ richer information outwards.
+ type: object
+ additionalProperties:
+ type: string
+ conditions:
+ description: Conditions the latest available observations of a resource's current state.
+ type: array
+ items:
+ description: |-
+ Condition defines a readiness condition for a Knative resource.
+ See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
+ type: object
+ required:
+ - status
+ - type
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time the condition transitioned from one status to another.
+ We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
+ differences (all other things held constant).
+ type: string
+ message:
+ description: A human readable message indicating details about the transition.
+ type: string
+ reason:
+ description: The reason for the condition's last transition.
+ type: string
+ severity:
+ description: |-
+ Severity with which to treat failures of this type of condition.
+ When this is not specified, it defaults to Error.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition.
+ type: string
+ latestCreatedRevisionName:
+ description: |-
+ LatestCreatedRevisionName is the last revision that was created from this
+ Configuration. It might not be ready yet, for that use LatestReadyRevisionName.
+ type: string
+ latestReadyRevisionName:
+ description: |-
+ LatestReadyRevisionName holds the name of the latest Revision stamped out
+ from this Configuration that has had its "Ready" condition become "True".
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the 'Generation' of the Service that
+ was last processed by the controller.
+ type: integer
+ format: int64
+ traffic:
+ description: |-
+ Traffic holds the configured traffic distribution.
+ These entries will always contain RevisionName references.
+ When ConfigurationName appears in the spec, this will hold the
+ LatestReadyRevisionName that we last observed.
+ type: array
+ items:
+ description: TrafficTarget holds a single entry of the routing table for a Route.
+ type: object
+ properties:
+ configurationName:
+ description: |-
+ ConfigurationName of a configuration to whose latest revision we will send
+ this portion of traffic. When the "status.latestReadyRevisionName" of the
+ referenced configuration changes, we will automatically migrate traffic
+ from the prior "latest ready" revision to the new one. This field is never
+ set in Route's status, only its spec. This is mutually exclusive with
+ RevisionName.
+ type: string
+ latestRevision:
+ description: |-
+ LatestRevision may be optionally provided to indicate that the latest
+ ready Revision of the Configuration should be used for this traffic
+ target. When provided LatestRevision must be true if RevisionName is
+ empty; it must be false when RevisionName is non-empty.
+ type: boolean
+ percent:
+ description: |-
+ Percent indicates that percentage based routing should be used and
+ the value indicates the percent of traffic that is be routed to this
+ Revision or Configuration. `0` (zero) mean no traffic, `100` means all
+ traffic.
+ When percentage based routing is being used the follow rules apply:
+ - the sum of all percent values must equal 100
+ - when not specified, the implied value for `percent` is zero for
+ that particular Revision or Configuration
+ type: integer
+ format: int64
+ revisionName:
+ description: |-
+ RevisionName of a specific revision to which to send this portion of
+ traffic. This is mutually exclusive with ConfigurationName.
+ type: string
+ tag:
+ description: |-
+ Tag is optionally used to expose a dedicated url for referencing
+ this target exclusively.
+ type: string
+ url:
+ description: |-
+ URL displays the URL for accessing named traffic targets. URL is displayed in
+ status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and
+ a hostname, but may not contain anything else (e.g. basic auth, url path, etc.)
+ type: string
+ url:
+ description: |-
+ URL holds the url that will distribute traffic over the provided traffic targets.
+ It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix}
+ type: string
+
+---
+# Copyright 2018 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: caching.internal.knative.dev/v1alpha1
+kind: Image
+metadata:
+ name: queue-proxy
+ namespace: knative-serving
+ labels:
+ app.kubernetes.io/component: queue-proxy
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+spec:
+ # This is the Go import path for the binary that is containerized
+ # and substituted here.
+ image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:1310917822086a5d8daa6328f6014001d5ea7ccfb0afc1a4e74b1b6a2eadc5ba
+
+---
+# Copyright 2018 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: config-autoscaler
+ namespace: knative-serving
+ labels:
+ app.kubernetes.io/component: autoscaler
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+ annotations:
+ knative.dev/example-checksum: "47c2487f"
+data:
+ _example: |
+ ################################
+ # #
+ # EXAMPLE CONFIGURATION #
+ # #
+ ################################
+
+ # This block is not actually functional configuration,
+ # but serves to illustrate the available configuration
+ # options and document them in a way that is accessible
+ # to users that `kubectl edit` this config map.
+ #
+ # These sample configuration options may be copied out of
+ # this example block and unindented to be in the data block
+ # to actually change the configuration.
+
+ # The Revision ContainerConcurrency field specifies the maximum number
+ # of requests the Container can handle at once. Container concurrency
+ # target percentage is how much of that maximum to use in a stable
+ # state. E.g. if a Revision specifies ContainerConcurrency of 10, then
+ # the Autoscaler will try to maintain 7 concurrent connections per pod
+ # on average.
+ # Note: this limit will be applied to container concurrency set at every
+ # level (ConfigMap, Revision Spec or Annotation).
+ # For legacy and backwards compatibility reasons, this value also accepts
+ # fractional values in (0, 1] interval (i.e. 0.7 ⇒ 70%).
+ # Thus minimal percentage value must be greater than 1.0, or it will be
+ # treated as a fraction.
+ # NOTE: that this value does not affect actual number of concurrent requests
+ # the user container may receive, but only the average number of requests
+ # that the revision pods will receive.
+ container-concurrency-target-percentage: "70"
+
+ # The container concurrency target default is what the Autoscaler will
+ # try to maintain when concurrency is used as the scaling metric for the
+ # Revision and the Revision specifies unlimited concurrency.
+ # When revision explicitly specifies container concurrency, that value
+ # will be used as a scaling target for autoscaler.
+ # When specifying unlimited concurrency, the autoscaler will
+ # horizontally scale the application based on this target concurrency.
+ # This is what we call "soft limit" in the documentation, i.e. it only
+ # affects number of pods and does not affect the number of requests
+ # individual pod processes.
+ # The value must be a positive number such that the value multiplied
+ # by container-concurrency-target-percentage is greater than 0.01.
+ # NOTE: that this value will be adjusted by application of
+ # container-concurrency-target-percentage, i.e. by default
+ # the system will target on average 70 concurrent requests
+ # per revision pod.
+ # NOTE: Only one metric can be used for autoscaling a Revision.
+ container-concurrency-target-default: "100"
+
+ # The requests per second (RPS) target default is what the Autoscaler will
+ # try to maintain when RPS is used as the scaling metric for a Revision and
+ # the Revision specifies unlimited RPS. Even when specifying unlimited RPS,
+ # the autoscaler will horizontally scale the application based on this
+ # target RPS.
+ # Must be greater than 1.0.
+ # NOTE: Only one metric can be used for autoscaling a Revision.
+ requests-per-second-target-default: "200"
+
+ # The target burst capacity specifies the size of burst in concurrent
+ # requests that the system operator expects the system will receive.
+ # Autoscaler will try to protect the system from queueing by introducing
+ # Activator in the request path if the current spare capacity of the
+ # service is less than this setting.
+ # If this setting is 0, then Activator will be in the request path only
+ # when the revision is scaled to 0.
+ # If this setting is > 0 and container-concurrency-target-percentage is
+ # 100% or 1.0, then activator will always be in the request path.
+ # -1 denotes unlimited target-burst-capacity and activator will always
+ # be in the request path.
+ # Other negative values are invalid.
+ target-burst-capacity: "211"
+
+ # When operating in a stable mode, the autoscaler operates on the
+ # average concurrency over the stable window.
+ # Stable window must be in whole seconds.
+ stable-window: "60s"
+
+ # When observed average concurrency during the panic window reaches
+ # panic-threshold-percentage the target concurrency, the autoscaler
+ # enters panic mode. When operating in panic mode, the autoscaler
+ # scales on the average concurrency over the panic window which is
+ # panic-window-percentage of the stable-window.
+ # Must be in the [1, 100] range.
+ # When computing the panic window it will be rounded to the closest
+ # whole second, at least 1s.
+ panic-window-percentage: "10.0"
+
+ # The percentage of the container concurrency target at which to
+ # enter panic mode when reached within the panic window.
+ panic-threshold-percentage: "200.0"
+
+ # Max scale up rate limits the rate at which the autoscaler will
+ # increase pod count. It is the maximum ratio of desired pods versus
+ # observed pods.
+ # Cannot be less or equal to 1.
+ # I.e with value of 2.0 the number of pods can at most go N to 2N
+ # over single Autoscaler period (2s), but at least N to
+ # N+1, if Autoscaler needs to scale up.
+ max-scale-up-rate: "1000.0"
+
+ # Max scale down rate limits the rate at which the autoscaler will
+ # decrease pod count. It is the maximum ratio of observed pods versus
+ # desired pods.
+ # Cannot be less or equal to 1.
+ # I.e. with value of 2.0 the number of pods can at most go N to N/2
+ # over single Autoscaler evaluation period (2s), but at
+ # least N to N-1, if Autoscaler needs to scale down.
+ max-scale-down-rate: "2.0"
+
+ # Scale to zero feature flag.
+ enable-scale-to-zero: "true"
+
+ # Scale to zero grace period is the time an inactive revision is left
+ # running before it is scaled to zero (must be positive, but recommended
+ # at least a few seconds if running with mesh networking).
+ # This is the upper limit and is provided not to enforce timeout after
+ # the revision stopped receiving requests for stable window, but to
+ # ensure network reprogramming to put activator in the path has completed.
+ # If the system determines that a shorter period is satisfactory,
+ # then the system will only wait that amount of time before scaling to 0.
+ # NOTE: this period might actually be 0, if activator has been
+ # in the request path sufficiently long.
+ # If there is necessity for the last pod to linger longer use
+ # scale-to-zero-pod-retention-period flag.
+ scale-to-zero-grace-period: "30s"
+
+ # Scale to zero pod retention period defines the minimum amount
+ # of time the last pod will remain after Autoscaler has decided to
+ # scale to zero.
+ # This flag is for the situations where the pod startup is very expensive
+ # and the traffic is bursty (requiring smaller windows for fast action),
+ # but patchy.
+ # The larger of this flag and `scale-to-zero-grace-period` will effectively
+ # determine how the last pod will hang around.
+ scale-to-zero-pod-retention-period: "0s"
+
+ # pod-autoscaler-class specifies the default pod autoscaler class
+ # that should be used if none is specified. If omitted,
+ # the Knative Pod Autoscaler (KPA) is used by default.
+ pod-autoscaler-class: "kpa.autoscaling.knative.dev"
+
+ # The capacity of a single activator task.
+ # The `unit` is one concurrent request proxied by the activator.
+ # activator-capacity must be at least 1.
+ # This value is used for computation of the Activator subset size.
+ # See the algorithm here: http://bit.ly/38XiCZ3.
+ # TODO(vagababov): tune after actual benchmarking.
+ activator-capacity: "100.0"
+
+ # initial-scale is the cluster-wide default value for the initial target
+ # scale of a revision after creation, unless overridden by the
+ # "autoscaling.knative.dev/initialScale" annotation.
+ # This value must be greater than 0 unless allow-zero-initial-scale is true.
+ initial-scale: "1"
+
+ # allow-zero-initial-scale controls whether either the cluster-wide initial-scale flag,
+ # or the "autoscaling.knative.dev/initialScale" annotation, can be set to 0.
+ allow-zero-initial-scale: "false"
+
+ # min-scale is the cluster-wide default value for the min scale of a revision,
+ # unless overridden by the "autoscaling.knative.dev/minScale" annotation.
+ min-scale: "0"
+
+ # max-scale is the cluster-wide default value for the max scale of a revision,
+ # unless overridden by the "autoscaling.knative.dev/maxScale" annotation.
+ # If set to 0, the revision has no maximum scale.
+ max-scale: "0"
+
+ # scale-down-delay is the amount of time that must pass at reduced
+ # concurrency before a scale down decision is applied. This can be useful,
+ # for example, to maintain replica count and avoid a cold start penalty if
+ # more requests come in within the scale down delay period.
+ # The default, 0s, imposes no delay at all.
+ scale-down-delay: "0s"
+
+ # max-scale-limit sets the maximum permitted value for the max scale of a revision.
+ # When this is set to a positive value, a revision with a maxScale above that value
+ # (including a maxScale of "0" = unlimited) is disallowed.
+ # A value of zero (the default) allows any limit, including unlimited.
+ max-scale-limit: "0"
+
+---
+# Copyright 2020 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: config-certmanager
+ namespace: knative-serving
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/version: "1.19.0"
+ networking.knative.dev/certificate-provider: cert-manager
+ annotations:
+ knative.dev/example-checksum: "b7a9a602"
+data:
+ _example: |
+ ################################
+ # #
+ # EXAMPLE CONFIGURATION #
+ # #
+ ################################
+
+ # This block is not actually functional configuration,
+ # but serves to illustrate the available configuration
+ # options and document them in a way that is accessible
+ # to users that `kubectl edit` this config map.
+ #
+ # These sample configuration options may be copied out of
+ # this block and unindented to actually change the configuration.
+
+ # issuerRef is a reference to the issuer for external-domain certificates used for ingress.
+ # IssuerRef should be either `ClusterIssuer` or `Issuer`.
+ # Please refer `IssuerRef` in https://cert-manager.io/docs/concepts/issuer/
+ # for more details about IssuerRef configuration.
+ # If the issuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used.
+ issuerRef: |
+ kind: ClusterIssuer
+ name: letsencrypt-issuer
+
+ # clusterLocalIssuerRef is a reference to the issuer for cluster-local-domain certificates used for ingress.
+ # clusterLocalIssuerRef should be either `ClusterIssuer` or `Issuer`.
+ # Please refer `IssuerRef` in https://cert-manager.io/docs/concepts/issuer/
+ # for more details about ClusterInternalIssuerRef configuration.
+ # If the clusterLocalIssuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used.
+ clusterLocalIssuerRef: |
+ kind: ClusterIssuer
+ name: your-company-issuer
+
+ # systemInternalIssuerRef is a reference to the issuer for certificates for system-internal-tls certificates used by Knative internal components.
+ # systemInternalIssuerRef should be either `ClusterIssuer` or `Issuer`.
+ # Please refer `IssuerRef` in https://cert-manager.io/docs/concepts/issuer/
+ # for more details about ClusterInternalIssuerRef configuration.
+ # If the systemInternalIssuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used.
+ systemInternalIssuerRef: |
+ kind: ClusterIssuer
+ name: knative-selfsigned-issuer
+
+---
+# Copyright 2019 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: config-defaults
+ namespace: knative-serving
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/version: "1.19.0"
+ annotations:
+ knative.dev/example-checksum: "5b64ff5c"
+data:
+ _example: |
+ ################################
+ # #
+ # EXAMPLE CONFIGURATION #
+ # #
+ ################################
+
+ # This block is not actually functional configuration,
+ # but serves to illustrate the available configuration
+ # options and document them in a way that is accessible
+ # to users that `kubectl edit` this config map.
+ #
+ # These sample configuration options may be copied out of
+ # this example block and unindented to be in the data block
+ # to actually change the configuration.
+
+ # revision-timeout-seconds contains the default number of
+ # seconds to use for the revision's per-request timeout, if
+ # none is specified.
+ revision-timeout-seconds: "300" # 5 minutes
+
+ # max-revision-timeout-seconds contains the maximum number of
+ # seconds that can be used for revision-timeout-seconds.
+ # This value must be greater than or equal to revision-timeout-seconds.
+ # If omitted, the system default is used (600 seconds).
+ #
+ # If this value is increased, the activator's terminationGracePeriodSeconds
+ # should also be increased to prevent in-flight requests being disrupted.
+ max-revision-timeout-seconds: "600" # 10 minutes
+
+ # revision-response-start-timeout-seconds contains the default number of
+ # seconds a request will be allowed to stay open while waiting to
+ # receive any bytes from the user's application, if none is specified.
+ #
+ # This defaults to 'revision-timeout-seconds'
+ revision-response-start-timeout-seconds: "300"
+
+ # revision-idle-timeout-seconds contains the default number of
+ # seconds a request will be allowed to stay open while not receiving any
+ # bytes from the user's application, if none is specified.
+ revision-idle-timeout-seconds: "0" # infinite
+
+ # revision-cpu-request contains the cpu allocation to assign
+ # to revisions by default. If omitted, no value is specified
+ # and the system default is used.
+ # Below is an example of setting revision-cpu-request.
+ # By default, it is not set by Knative.
+ revision-cpu-request: "400m" # 0.4 of a CPU (aka 400 milli-CPU)
+
+ # revision-memory-request contains the memory allocation to assign
+ # to revisions by default. If omitted, no value is specified
+ # and the system default is used.
+ # Below is an example of setting revision-memory-request.
+ # By default, it is not set by Knative.
+ revision-memory-request: "100M" # 100 megabytes of memory
+
+ # revision-ephemeral-storage-request contains the ephemeral storage
+ # allocation to assign to revisions by default. If omitted, no value is
+ # specified and the system default is used.
+ revision-ephemeral-storage-request: "500M" # 500 megabytes of storage
+
+ # revision-cpu-limit contains the cpu allocation to limit
+ # revisions to by default. If omitted, no value is specified
+ # and the system default is used.
+ # Below is an example of setting revision-cpu-limit.
+ # By default, it is not set by Knative.
+ revision-cpu-limit: "1000m" # 1 CPU (aka 1000 milli-CPU)
+
+ # revision-memory-limit contains the memory allocation to limit
+ # revisions to by default. If omitted, no value is specified
+ # and the system default is used.
+ # Below is an example of setting revision-memory-limit.
+ # By default, it is not set by Knative.
+ revision-memory-limit: "200M" # 200 megabytes of memory
+
+ # revision-ephemeral-storage-limit contains the ephemeral storage
+ # allocation to limit revisions to by default. If omitted, no value is
+ # specified and the system default is used.
+ revision-ephemeral-storage-limit: "750M" # 750 megabytes of storage
+
+ # container-name-template contains a template for the default
+ # container name, if none is specified. This field supports
+ # Go templating and is supplied with the ObjectMeta of the
+ # enclosing Service or Configuration, so values such as
+ # {{.Name}} are also valid.
+ container-name-template: "user-container"
+
+ # init-container-name-template contains a template for the default
+ # init container name, if none is specified. This field supports
+ # Go templating and is supplied with the ObjectMeta of the
+ # enclosing Service or Configuration, so values such as
+ # {{.Name}} are also valid.
+ init-container-name-template: "init-container"
+
+ # container-concurrency specifies the maximum number
+ # of requests the Container can handle at once, and requests
+ # above this threshold are queued. Setting a value of zero
+ # disables this throttling and lets through as many requests as
+ # the pod receives.
+ container-concurrency: "0"
+
+ # The container concurrency max limit is an operator setting ensuring that
+ # the individual revisions cannot have arbitrary large concurrency
+ # values, or autoscaling targets. `container-concurrency` default setting
+ # must be at or below this value.
+ #
+ # Must be greater than 1.
+ #
+ # Note: even with this set, a user can choose a containerConcurrency
+ # of 0 (i.e. unbounded) unless allow-container-concurrency-zero is
+ # set to "false".
+ container-concurrency-max-limit: "1000"
+
+ # allow-container-concurrency-zero controls whether users can
+ # specify 0 (i.e. unbounded) for containerConcurrency.
+ allow-container-concurrency-zero: "true"
+
+ # enable-service-links specifies the default value used for the
+ # enableServiceLinks field of the PodSpec, when it is omitted by the user.
+ # See: https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service
+ #
+ # This is a tri-state flag with possible values of (true|false|default).
+ #
+ # In environments with large number of services it is suggested
+ # to set this value to `false`.
+ # See https://github.com/knative/serving/issues/8498.
+ enable-service-links: "false"
+
+---
+# Copyright 2019 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: config-deployment
+ namespace: knative-serving
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/version: "1.19.0"
+ annotations:
+ knative.dev/example-checksum: "720ddb97"
+data:
+ # This is the Go import path for the binary that is containerized
+ # and substituted here.
+ queue-sidecar-image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:1310917822086a5d8daa6328f6014001d5ea7ccfb0afc1a4e74b1b6a2eadc5ba
+ _example: |-
+ ################################
+ # #
+ # EXAMPLE CONFIGURATION #
+ # #
+ ################################
+
+ # This block is not actually functional configuration,
+ # but serves to illustrate the available configuration
+ # options and document them in a way that is accessible
+ # to users that `kubectl edit` this config map.
+ #
+ # These sample configuration options may be copied out of
+ # this example block and unindented to be in the data block
+ # to actually change the configuration.
+
+ # List of repositories for which tag to digest resolving should be skipped
+ registries-skipping-tag-resolving: "kind.local,ko.local,dev.local"
+
+ # Maximum time allowed for an image's digests to be resolved.
+ digest-resolution-timeout: "10s"
+
+ # Duration we wait for the deployment to be ready before considering it failed.
+ progress-deadline: "600s"
+
+ # Sets the queue proxy's CPU request.
+ # If omitted, a default value (currently "25m"), is used.
+ queue-sidecar-cpu-request: "25m"
+
+ # Sets the queue proxy's CPU limit.
+ # If omitted, a default value (currently "1000m"), is used when
+ # `queueproxy.resource-defaults` is set to `Enabled`.
+ queue-sidecar-cpu-limit: "1000m"
+
+ # Sets the queue proxy's memory request.
+ # If omitted, a default value (currently "400Mi"), is used when
+ # `queueproxy.resource-defaults` is set to `Enabled`.
+ queue-sidecar-memory-request: "400Mi"
+
+ # Sets the queue proxy's memory limit.
+ # If omitted, a default value (currently "800Mi"), is used when
+ # `queueproxy.resource-defaults` is set to `Enabled`.
+ queue-sidecar-memory-limit: "800Mi"
+
+ # Sets the queue proxy's ephemeral storage request.
+ # If omitted, no value is specified and the system default is used.
+ queue-sidecar-ephemeral-storage-request: "512Mi"
+
+ # Sets the queue proxy's ephemeral storage limit.
+ # If omitted, no value is specified and the system default is used.
+ queue-sidecar-ephemeral-storage-limit: "1024Mi"
+
+ # Sets tokens associated with specific audiences for queue proxy - used by QPOptions
+ #
+ # For example, to add the `service-x` audience:
+ # queue-sidecar-token-audiences: "service-x"
+ # Also supports a list of audiences, for example:
+ # queue-sidecar-token-audiences: "service-x,service-y"
+ # If omitted, or empty, no tokens are created
+ queue-sidecar-token-audiences: ""
+
+ # Sets rootCA for the queue proxy - used by QPOptions
+ # If omitted, or empty, no rootCA is added to the golang rootCAs
+ queue-sidecar-rootca: ""
+
+ # If set, it automatically configures pod anti-affinity requirements for all Knative services.
+ # It employs the `preferredDuringSchedulingIgnoredDuringExecution` weighted pod affinity term,
+ # aligning with the Knative revision label. It yields the configuration below in all workloads' deployments:
+ # `
+ # affinity:
+ # podAntiAffinity:
+ # preferredDuringSchedulingIgnoredDuringExecution:
+ # - podAffinityTerm:
+ # topologyKey: kubernetes.io/hostname
+ # labelSelector:
+ # matchLabels:
+ # serving.knative.dev/revision: {{revision-name}}
+ # weight: 100
+ # `
+ # This may be "none" or "prefer-spread-revision-over-nodes" (default)
+ # default-affinity-type: "prefer-spread-revision-over-nodes"
+
+ # runtime-class-name contains the selector for which runtimeClassName
+ # is selected to put in a revision.
+ # By default, it is not set by Knative.
+ #
+ # Example:
+ # runtime-class-name: |
+ # "":
+ # selector:
+ # use-default-runc: "yes"
+ # kata: {}
+ # gvisor:
+ # selector:
+ # use-gvisor: "please"
+ runtime-class-name: ""
+
+---
+# Copyright 2018 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: config-domain
+ namespace: knative-serving
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/version: "1.19.0"
+ annotations:
+ knative.dev/example-checksum: "26c09de5"
+data:
+ _example: |
+ ################################
+ # #
+ # EXAMPLE CONFIGURATION #
+ # #
+ ################################
+
+ # This block is not actually functional configuration,
+ # but serves to illustrate the available configuration
+ # options and document them in a way that is accessible
+ # to users that `kubectl edit` this config map.
+ #
+ # These sample configuration options may be copied out of
+ # this example block and unindented to be in the data block
+ # to actually change the configuration.
+
+ # Default value for domain.
+ # Routes having the cluster domain suffix (by default 'svc.cluster.local')
+ # will not be exposed through Ingress. You can define your own label
+ # selector to assign that domain suffix to your Route here, or you can set
+ # the label
+ # "networking.knative.dev/visibility=cluster-local"
+ # to achieve the same effect. This shows how to make routes having
+ # the label app=secret only exposed to the local cluster.
+ svc.cluster.local: |
+ selector:
+ app: secret
+
+ # These are example settings of domain.
+ # example.com will be used for all routes, but it is the least-specific rule so it
+ # will only be used if no other domain matches.
+ example.com: |
+
+ # example.org will be used for routes having app=nonprofit.
+ example.org: |
+ selector:
+ app: nonprofit
+
+---
+# Copyright 2020 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: config-features
+ namespace: knative-serving
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/version: "1.19.0"
+ annotations:
+ knative.dev/example-checksum: "0f9b4ade"
+data:
+ _example: |-
+ ################################
+ # #
+ # EXAMPLE CONFIGURATION #
+ # #
+ ################################
+
+ # This block is not actually functional configuration,
+ # but serves to illustrate the available configuration
+ # options and document them in a way that is accessible
+ # to users that `kubectl edit` this config map.
+ #
+ # These sample configuration options may be copied out of
+ # this example block and unindented to be in the data block
+ # to actually change the configuration.
+
+ # Default SecurityContext settings to secure-by-default values
+ # if unset.
+ #
+ # This value will default to "enabled" in a future release,
+ # probably Knative 1.10
+ secure-pod-defaults: "disabled"
+
+ # Indicates whether multi container support is enabled
+ #
+ # WARNING: Cannot safely be disabled once enabled.
+ # See: https://knative.dev/docs/serving/configuration/feature-flags/#multiple-containers
+ multi-container: "enabled"
+
+ # Indicates whether multi container probing is enabled
+ #
+ # WARNING: Cannot safely be disabled once enabled.
+ # See: https://knative.dev/docs/serving/configuration/feature-flags/#multiple-container-probing
+ multi-container-probing: "disabled"
+
+ # Indicates whether Kubernetes affinity support is enabled
+ #
+ # WARNING: Cannot safely be disabled once enabled.
+ # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-node-affinity
+ kubernetes.podspec-affinity: "disabled"
+
+ # Indicates whether Kubernetes topologySpreadConstraints support is enabled
+ #
+ # WARNING: Cannot safely be disabled once enabled.
+ # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-topology-spread-constraints
+ kubernetes.podspec-topologyspreadconstraints: "disabled"
+
+ # Indicates whether Kubernetes hostAliases support is enabled
+ #
+ # WARNING: Cannot safely be disabled once enabled.
+ # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-host-aliases
+ kubernetes.podspec-hostaliases: "disabled"
+
+ # Indicates whether Kubernetes nodeSelector support is enabled
+ #
+ # WARNING: Cannot safely be disabled once enabled.
+ # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-node-selector
+ kubernetes.podspec-nodeselector: "disabled"
+
+ # Indicates whether Kubernetes tolerations support is enabled
+ #
+ # WARNING: Cannot safely be disabled once enabled
+ # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-toleration
+ kubernetes.podspec-tolerations: "disabled"
+
+ # Indicates whether Kubernetes FieldRef support is enabled
+ #
+ # WARNING: Cannot safely be disabled once enabled.
+ # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-fieldref
+ kubernetes.podspec-fieldref: "disabled"
+
+ # Indicates whether Kubernetes RuntimeClassName support is enabled
+ #
+ # WARNING: Cannot safely be disabled once enabled.
+ # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-runtime-class
+ kubernetes.podspec-runtimeclassname: "disabled"
+
+ # Indicates whether Kubernetes DNSPolicy support is enabled
+ #
+ # WARNING: Cannot safely be disabled once enabled.
+ # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-dnspolicy
+ kubernetes.podspec-dnspolicy: "disabled"
+
+ # Indicates whether Kubernetes DNSConfig support is enabled
+ #
+ # WARNING: Cannot safely be disabled once enabled.
+ # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-dnsconfig
+ kubernetes.podspec-dnsconfig: "disabled"
+
+ # This feature allows end-users to set a subset of fields on the Pod's SecurityContext
+ #
+ # When set to "enabled" or "allowed" it allows the following
+ # PodSecurityContext properties:
+ # - FSGroup
+ # - RunAsGroup
+ # - RunAsNonRoot
+ # - SupplementalGroups
+ # - RunAsUser
+ # - SeccompProfile
+ #
+ # This feature flag should be used with caution as the PodSecurityContext
+ # properties may have a side-effect on non-user sidecar containers that come
+ # from Knative or your service mesh
+ #
+ # WARNING: Cannot safely be disabled once enabled.
+ # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-security-context
+ kubernetes.podspec-securitycontext: "disabled"
+
+ # Indicated whether sharing the process namespace via ShareProcessNamespace pod spec is allowed.
+ # This can be especially useful for sharing data from images directly between sidecars
+ #
+ # See: https://knative.dev/docs/serving/configuration/feature-flags/#kubernetes-share-process-namespace
+ kubernetes.podspec-shareprocessnamespace: "disabled"
+
+ # Indicates whether hostIPC support is enabled
+ #
+ # WARNING: Cannot safely be disabled once enabled.
+ # See https://knative.dev/docs/serving/configuration/feature-flags/#kubernetes-host-ipc
+ kubernetes.podspec-hostipc: "disabled"
+
+ # Indicates whether hostPID support is enabled
+ #
+ # WARNING: Cannot safely be disabled once enabled.
+ # See https://knative.dev/docs/serving/configuration/feature-flags/#kubernetes-host-pid
+ kubernetes.podspec-hostpid: "disabled"
+
+ # Indicates whether hostNetwork support is enabled
+ #
+ # WARNING: Cannot safely be disabled once enabled.
+ # See See https://knative.dev/docs/serving/configuration/feature-flags/#kubernetes-host-network
+ kubernetes.podspec-hostnetwork: "disabled"
+
+ # Indicates whether Kubernetes PriorityClassName support is enabled
+ #
+ # WARNING: Cannot safely be disabled once enabled.
+ # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-priority-class-name
+ kubernetes.podspec-priorityclassname: "disabled"
+
+ # Indicates whether Kubernetes SchedulerName support is enabled
+ #
+ # WARNING: Cannot safely be disabled once enabled.
+ # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-scheduler-name
+ kubernetes.podspec-schedulername: "disabled"
+
+ # This feature flag allows end-users to add a subset of capabilities on the Pod's SecurityContext.
+ #
+ # When set to "enabled" or "allowed" it allows capabilities to be added to the container.
+ # For a list of possible capabilities, see https://man7.org/linux/man-pages/man7/capabilities.7.html
+ kubernetes.containerspec-addcapabilities: "disabled"
+
+ # This feature validates PodSpecs from the validating webhook
+ # against the K8s API Server.
+ #
+ # When "enabled", the server will always run the extra validation.
+ # When "allowed", the server will not run the dry-run validation by default.
+ # However, clients may enable the behavior on an individual Service by
+ # attaching the following metadata annotation: "features.knative.dev/podspec-dryrun":"enabled".
+ # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-dry-run
+ kubernetes.podspec-dryrun: "allowed"
+
+ # Controls whether tag header based routing feature are enabled or not.
+ # 1. Enabled: enabling tag header based routing
+ # 2. Disabled: disabling tag header based routing
+ # See: https://knative.dev/docs/serving/feature-flags/#tag-header-based-routing
+ tag-header-based-routing: "disabled"
+
+ # Controls whether http2 auto-detection should be enabled or not.
+ # 1. Enabled: http2 connection will be attempted via upgrade.
+ # 2. Disabled: http2 connection will only be attempted when port name is set to "h2c".
+ autodetect-http2: "disabled"
+
+ # Controls whether volume support for EmptyDir is enabled or not.
+ # 1. Enabled: enabling EmptyDir volume support
+ # 2. Disabled: disabling EmptyDir volume support
+ kubernetes.podspec-volumes-emptydir: "enabled"
+
+ # Controls whether volume support for image is enabled or not.
+ # 1. Enabled: enabling image volume support
+ # 2. Disabled: disabling image volume support
+ kubernetes.podspec-volumes-image: "disabled"
+
+ # Controls whether volume support for HostPath is enabled or not.
+ # WARNING: Cannot safely be disabled once enabled.
+ # WARNING: If you can avoid using a hostPath volume, you should.
+ # Please read https://kubernetes.io/docs/concepts/storage/volumes/#hostpath before enabling this feature.
+ # 1. Enabled: enabling HostPath volume support
+ # 2. Disabled: disabling HostPath volume support
+ kubernetes.podspec-volumes-hostpath: "disabled"
+
+ # Controls whether volume support for CSI is enabled or not.
+ # 1. Enabled: enabling CSI volume support
+ # 2. Disabled: disabling CSI volume support
+ kubernetes.podspec-volumes-csi: "disabled"
+
+ # Controls whether init containers support is enabled or not.
+ # 1. Enabled: enabling init containers support
+ # 2. Disabled: disabling init containers support
+ kubernetes.podspec-init-containers: "disabled"
+
+ # Controls whether persistent volume claim support is enabled or not.
+ # 1. Enabled: enabling persistent volume claim support
+ # 2. Disabled: disabling persistent volume claim support
+ kubernetes.podspec-persistent-volume-claim: "disabled"
+
+ # Controls whether write access for persistent volumes is enabled or not.
+ # 1. Enabled: enabling write access for persistent volumes
+ # 2. Disabled: disabling write access for persistent volumes
+ kubernetes.podspec-persistent-volume-write: "disabled"
+
+ # Controls whether volume mount propagation support is enabled or not.
+ # 1. Enabled: enabling volume mount propagation support
+ # 2. Disabled: disabling volume mount propagation support
+ kubernetes.podspec-volumes-mount-propagation: "disabled"
+
+ # Controls if the queue proxy podInfo feature is enabled, allowed or disabled
+ #
+ # This feature should be enabled/allowed when using queue proxy Options (Extensions)
+ # Enabling will mount a podInfo volume to the queue proxy container.
+ # The volume will contains an 'annotations' file (from the pod's annotation field).
+ # The annotations in this file include the Service annotations set by the client creating the service.
+ # If mounted, the annotations can be accessed by queue proxy extensions at /etc/podinfo/annnotations
+ #
+ # 1. "enabled": always mount a podInfo volume
+ # 2. "disabled": never mount a podInfo volume
+ # 3. "allowed": by default, do not mount a podInfo volume
+ # However, a client may mount the podInfo volume on an individual Service by attaching
+ # the following metadata annotation to the Service: "features.knative.dev/queueproxy-podinfo":"enabled".
+ #
+ # NOTE THAT THIS IS AN EXPERIMENTAL / ALPHA FEATURE
+ queueproxy.mount-podinfo: "disabled"
+
+ # Default queue proxy resource requests and limits to good values for most cases if set.
+ queueproxy.resource-defaults: "disabled"
+
+---
+# Copyright 2018 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: config-gc
+ namespace: knative-serving
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/version: "1.19.0"
+ annotations:
+ knative.dev/example-checksum: "aa3813a8"
+data:
+ _example: |
+ ################################
+ # #
+ # EXAMPLE CONFIGURATION #
+ # #
+ ################################
+
+ # This block is not actually functional configuration,
+ # but serves to illustrate the available configuration
+ # options and document them in a way that is accessible
+ # to users that `kubectl edit` this config map.
+ #
+ # These sample configuration options may be copied out of
+ # this example block and unindented to be in the data block
+ # to actually change the configuration.
+
+ # ---------------------------------------
+ # Garbage Collector Settings
+ # ---------------------------------------
+ #
+ # Active
+ # * Revisions which are referenced by a Route are considered active.
+ # * Individual revisions may be marked with the annotation
+ # "serving.knative.dev/no-gc":"true" to be permanently considered active.
+ # * Active revisions are not considered for GC.
+ # Retention
+ # * Revisions are retained if they are any of the following:
+ # 1. Active
+ # 2. Were created within "retain-since-create-time"
+ # 3. Were last referenced by a route within
+ # "retain-since-last-active-time"
+ # 4. There are fewer than "min-non-active-revisions"
+ # If none of these conditions are met, or if the count of revisions exceed
+ # "max-non-active-revisions", they will be deleted by GC.
+ # The special value "disabled" may be used to turn off these limits.
+ #
+ # Example config to immediately collect any inactive revision:
+ # min-non-active-revisions: "0"
+ # max-non-active-revisions: "0"
+ # retain-since-create-time: "disabled"
+ # retain-since-last-active-time: "disabled"
+ #
+ # Example config to always keep around the last ten non-active revisions:
+ # retain-since-create-time: "disabled"
+ # retain-since-last-active-time: "disabled"
+ # max-non-active-revisions: "10"
+ #
+ # Example config to disable all garbage collection:
+ # retain-since-create-time: "disabled"
+ # retain-since-last-active-time: "disabled"
+ # max-non-active-revisions: "disabled"
+ #
+ # Example config to keep recently deployed or active revisions,
+ # always maintain the last two in case of rollback, and prevent
+ # burst activity from exploding the count of old revisions:
+ # retain-since-create-time: "48h"
+ # retain-since-last-active-time: "15h"
+ # min-non-active-revisions: "2"
+ # max-non-active-revisions: "1000"
+
+ # Duration since creation before considering a revision for GC or "disabled".
+ retain-since-create-time: "48h"
+
+ # Duration since active before considering a revision for GC or "disabled".
+ retain-since-last-active-time: "15h"
+
+ # Minimum number of non-active revisions to retain.
+ min-non-active-revisions: "20"
+
+ # Maximum number of non-active revisions to retain
+ # or "disabled" to disable any maximum limit.
+ max-non-active-revisions: "1000"
+
+---
+# Copyright 2020 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: config-leader-election
+ namespace: knative-serving
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/version: "1.19.0"
+ annotations:
+ knative.dev/example-checksum: "f4b71f57"
+data:
+ _example: |
+ ################################
+ # #
+ # EXAMPLE CONFIGURATION #
+ # #
+ ################################
+
+ # This block is not actually functional configuration,
+ # but serves to illustrate the available configuration
+ # options and document them in a way that is accessible
+ # to users that `kubectl edit` this config map.
+ #
+ # These sample configuration options may be copied out of
+ # this example block and unindented to be in the data block
+ # to actually change the configuration.
+
+ # lease-duration is how long non-leaders will wait to try to acquire the
+ # lock; 15 seconds is the value used by core kubernetes controllers.
+ lease-duration: "60s"
+
+ # renew-deadline is how long a leader will try to renew the lease before
+ # giving up; 10 seconds is the value used by core kubernetes controllers.
+ renew-deadline: "40s"
+
+ # retry-period is how long the leader election client waits between tries of
+ # actions; 2 seconds is the value used by core kubernetes controllers.
+ retry-period: "10s"
+
+ # buckets is the number of buckets used to partition key space of each
+ # Reconciler. If this number is M and the replica number of the controller
+ # is N, the N replicas will compete for the M buckets. The owner of a
+ # bucket will take care of the reconciling for the keys partitioned into
+ # that bucket.
+ buckets: "1"
+
+---
+# Copyright 2018 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: config-logging
+ namespace: knative-serving
+ labels:
+ app.kubernetes.io/version: "1.19.0"
+ app.kubernetes.io/component: logging
+ app.kubernetes.io/name: knative-serving
+ annotations:
+ knative.dev/example-checksum: "9f25d429"
+data:
+ _example: |
+ ################################
+ # #
+ # EXAMPLE CONFIGURATION #
+ # #
+ ################################
+
+ # This block is not actually functional configuration,
+ # but serves to illustrate the available configuration
+ # options and document them in a way that is accessible
+ # to users that `kubectl edit` this config map.
+ #
+ # These sample configuration options may be copied out of
+ # this example block and unindented to be in the data block
+ # to actually change the configuration.
+
+ # Common configuration for all Knative codebase
+ zap-logger-config: |
+ {
+ "level": "info",
+ "development": false,
+ "outputPaths": ["stdout"],
+ "errorOutputPaths": ["stderr"],
+ "encoding": "json",
+ "encoderConfig": {
+ "timeKey": "timestamp",
+ "levelKey": "severity",
+ "nameKey": "logger",
+ "callerKey": "caller",
+ "messageKey": "message",
+ "stacktraceKey": "stacktrace",
+ "lineEnding": "",
+ "levelEncoder": "",
+ "timeEncoder": "iso8601",
+ "durationEncoder": "",
+ "callerEncoder": ""
+ }
+ }
+
+ # Log level overrides
+ # For all components except the queue proxy,
+ # changes are picked up immediately.
+ # For queue proxy, changes require recreation of the pods.
+ loglevel.controller: "info"
+ loglevel.autoscaler: "info"
+ loglevel.queueproxy: "info"
+ loglevel.webhook: "info"
+ loglevel.activator: "info"
+ loglevel.hpaautoscaler: "info"
+ loglevel.net-istio-controller: "info"
+ loglevel.net-contour-controller: "info"
+ loglevel.net-kourier-controller: "info"
+ loglevel.net-gateway-api-controller: "info"
+
+---
+# Copyright 2018 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: config-network
+ namespace: knative-serving
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/component: networking
+ app.kubernetes.io/version: "1.19.0"
+ annotations:
+ knative.dev/example-checksum: "0573e07d"
+data:
+ _example: |
+ ################################
+ # #
+ # EXAMPLE CONFIGURATION #
+ # #
+ ################################
+
+ # This block is not actually functional configuration,
+ # but serves to illustrate the available configuration
+ # options and document them in a way that is accessible
+ # to users that `kubectl edit` this config map.
+ #
+ # These sample configuration options may be copied out of
+ # this example block and unindented to be in the data block
+ # to actually change the configuration.
+
+ # ingress-class specifies the default ingress class
+ # to use when not dictated by Route annotation.
+ #
+ # If not specified, will use the Istio ingress.
+ #
+ # Note that changing the Ingress class of an existing Route
+ # will result in undefined behavior. Therefore it is best to only
+ # update this value during the setup of Knative, to avoid getting
+ # undefined behavior.
+ ingress-class: "istio.ingress.networking.knative.dev"
+
+ # certificate-class specifies the default Certificate class
+ # to use when not dictated by Route annotation.
+ #
+ # If not specified, will use the Cert-Manager Certificate.
+ #
+ # Note that changing the Certificate class of an existing Route
+ # will result in undefined behavior. Therefore it is best to only
+ # update this value during the setup of Knative, to avoid getting
+ # undefined behavior.
+ certificate-class: "cert-manager.certificate.networking.knative.dev"
+
+ # namespace-wildcard-cert-selector specifies a LabelSelector which
+ # determines which namespaces should have a wildcard certificate
+ # provisioned.
+ #
+ # Use an empty value to disable the feature (this is the default):
+ # namespace-wildcard-cert-selector: ""
+ #
+ # Use an empty object to enable for all namespaces
+ # namespace-wildcard-cert-selector: {}
+ #
+ # Useful labels include the "kubernetes.io/metadata.name" label to
+ # avoid provisioning a certificate for the "kube-system" namespaces.
+ # Use the following selector to match pre-1.0 behavior of using
+ # "networking.knative.dev/disableWildcardCert" to exclude namespaces:
+ #
+ # matchExpressions:
+ # - key: "networking.knative.dev/disableWildcardCert"
+ # operator: "NotIn"
+ # values: ["true"]
+ namespace-wildcard-cert-selector: ""
+
+ # domain-template specifies the golang text template string to use
+ # when constructing the Knative service's DNS name. The default
+ # value is "{{.Name}}.{{.Namespace}}.{{.Domain}}".
+ #
+ # Valid variables defined in the template include Name, Namespace, Domain,
+ # Labels, and Annotations. Name will be the result of the tag-template
+ # below, if a tag is specified for the route.
+ #
+ # Changing this value might be necessary when the extra levels in
+ # the domain name generated is problematic for wildcard certificates
+ # that only support a single level of domain name added to the
+ # certificate's domain. In those cases you might consider using a value
+ # of "{{.Name}}-{{.Namespace}}.{{.Domain}}", or removing the Namespace
+ # entirely from the template. When choosing a new value be thoughtful
+ # of the potential for conflicts - for example, when users choose to use
+ # characters such as `-` in their service, or namespace, names.
+ # {{.Annotations}} or {{.Labels}} can be used for any customization in the
+ # go template if needed.
+ # We strongly recommend keeping namespace part of the template to avoid
+ # domain name clashes:
+ # eg. '{{.Name}}-{{.Namespace}}.{{ index .Annotations "sub"}}.{{.Domain}}'
+ # and you have an annotation {"sub":"foo"}, then the generated template
+ # would be {Name}-{Namespace}.foo.{Domain}
+ domain-template: "{{.Name}}.{{.Namespace}}.{{.Domain}}"
+
+ # tag-template specifies the golang text template string to use
+ # when constructing the DNS name for "tags" within the traffic blocks
+ # of Routes and Configuration. This is used in conjunction with the
+ # domain-template above to determine the full URL for the tag.
+ tag-template: "{{.Tag}}-{{.Name}}"
+
+ # auto-tls is deprecated and replaced by external-domain-tls
+ auto-tls: "Disabled"
+
+ # Controls whether TLS certificates are automatically provisioned and
+ # installed in the Knative ingress to terminate TLS connections
+ # for cluster external domains (like: app.example.com)
+ # - Enabled: enables the TLS certificate provisioning feature for cluster external domains.
+ # - Disabled: disables the TLS certificate provisioning feature for cluster external domains.
+ external-domain-tls: "Disabled"
+
+ # Controls weather TLS certificates are automatically provisioned and
+ # installed in the Knative ingress to terminate TLS connections
+ # for cluster local domains (like: app.namespace.svc.)
+ # - Enabled: enables the TLS certificate provisioning feature for cluster cluster-local domains.
+ # - Disabled: disables the TLS certificate provisioning feature for cluster cluster local domains.
+ # NOTE: This flag is in an alpha state and is mostly here to enable internal testing
+ # for now. Use with caution.
+ cluster-local-domain-tls: "Disabled"
+
+ # internal-encryption is deprecated and replaced by system-internal-tls
+ internal-encryption: "false"
+
+ # system-internal-tls controls weather TLS encryption is used for connections between
+ # the internal components of Knative:
+ # - ingress to activator
+ # - ingress to queue-proxy
+ # - activator to queue-proxy
+ #
+ # Possible values for this flag are:
+ # - Enabled: enables the TLS certificate provisioning feature for cluster cluster-local domains.
+ # - Disabled: disables the TLS certificate provisioning feature for cluster cluster local domains.
+ # NOTE: This flag is in an alpha state and is mostly here to enable internal testing
+ # for now. Use with caution.
+ system-internal-tls: "Disabled"
+
+ # Controls the behavior of the HTTP endpoint for the Knative ingress.
+ # It requires auto-tls to be enabled.
+ # - Enabled: The Knative ingress will be able to serve HTTP connection.
+ # - Redirected: The Knative ingress will send a 301 redirect for all
+ # http connections, asking the clients to use HTTPS.
+ #
+ # "Disabled" option is deprecated.
+ http-protocol: "Enabled"
+
+ # rollout-duration contains the minimal duration in seconds over which the
+ # Configuration traffic targets are rolled out to the newest revision.
+ rollout-duration: "0"
+
+ # autocreate-cluster-domain-claims controls whether ClusterDomainClaims should
+ # be automatically created (and deleted) as needed when DomainMappings are
+ # reconciled.
+ #
+ # If this is "false" (the default), the cluster administrator is
+ # responsible for creating ClusterDomainClaims and delegating them to
+ # namespaces via their spec.Namespace field. This setting should be used in
+ # multitenant environments which need to control which namespace can use a
+ # particular domain name in a domain mapping.
+ #
+ # If this is "true", users are able to associate arbitrary names with their
+ # services via the DomainMapping feature.
+ autocreate-cluster-domain-claims: "false"
+
+ # If true, networking plugins can add additional information to deployed
+ # applications to make their pods directly accessible via their IPs even if mesh is
+ # enabled and thus direct-addressability is usually not possible.
+ # Consumers like Knative Serving can use this setting to adjust their behavior
+ # accordingly, i.e. to drop fallback solutions for non-pod-addressable systems.
+ #
+ # NOTE: This flag is in an alpha state and is mostly here to enable internal testing
+ # for now. Use with caution.
+ enable-mesh-pod-addressability: "false"
+
+ # mesh-compatibility-mode indicates whether consumers of network plugins
+ # should directly contact Pod IPs (most efficient), or should use the
+ # Cluster IP (less efficient, needed when mesh is enabled unless
+ # `enable-mesh-pod-addressability`, above, is set).
+ # Permitted values are:
+ # - "auto" (default): automatically determine which mesh mode to use by trying Pod IP and falling back to Cluster IP as needed.
+ # - "enabled": always use Cluster IP and do not attempt to use Pod IPs.
+ # - "disabled": always use Pod IPs and do not fall back to Cluster IP on failure.
+ mesh-compatibility-mode: "auto"
+
+ # Defines the scheme used for external URLs if auto-tls is not enabled.
+ # This can be used for making Knative report all URLs as "HTTPS" for example, if you're
+ # fronting Knative with an external loadbalancer that deals with TLS termination and
+ # Knative doesn't know about that otherwise.
+ default-external-scheme: "http"
+
+---
+# Copyright 2018 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: config-observability
+ namespace: knative-serving
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/component: observability
+ app.kubernetes.io/version: "1.19.0"
+ annotations:
+ knative.dev/example-checksum: "6bc8b73d"
+data:
+ _example: |
+ ################################
+ # #
+ # EXAMPLE CONFIGURATION #
+ # #
+ ################################
+
+ # This block is not actually functional configuration,
+ # but serves to illustrate the available configuration
+ # options and document them in a way that is accessible
+ # to users that `kubectl edit` this config map.
+ #
+ # These sample configuration options may be copied out of
+ # this example block and unindented to be in the data block
+ # to actually change the configuration.
+
+ # logging.enable-var-log-collection defaults to false.
+ # The fluentd daemon set will be set up to collect /var/log if
+ # this flag is true.
+ logging.enable-var-log-collection: "false"
+
+ # logging.revision-url-template provides a template to use for producing the
+ # logging URL that is injected into the status of each Revision.
+ logging.revision-url-template: "http://logging.example.com/?revisionUID=${REVISION_UID}"
+
+ # If non-empty, this enables queue proxy writing user request logs to stdout, excluding probe
+ # requests.
+ # NB: after 0.18 release logging.enable-request-log must be explicitly set to true
+ # in order for request logging to be enabled.
+ #
+ # The value determines the shape of the request logs and it must be a valid go text/template.
+ # It is important to keep this as a single line. Multiple lines are parsed as separate entities
+ # by most collection agents and will split the request logs into multiple records.
+ #
+ # The following fields and functions are available to the template:
+ #
+ # Request: An http.Request (see https://golang.org/pkg/net/http/#Request)
+ # representing an HTTP request received by the server.
+ #
+ # Response:
+ # struct {
+ # Code int // HTTP status code (see https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml)
+ # Size int // An int representing the size of the response.
+ # Latency float64 // A float64 representing the latency of the response in seconds.
+ # }
+ #
+ # Revision:
+ # struct {
+ # Name string // Knative revision name
+ # Namespace string // Knative revision namespace
+ # Service string // Knative service name
+ # Configuration string // Knative configuration name
+ # PodName string // Name of the pod hosting the revision
+ # PodIP string // IP of the pod hosting the revision
+ # }
+ #
+ logging.request-log-template: '{"httpRequest": {"requestMethod": "{{.Request.Method}}", "requestUrl": "{{js .Request.RequestURI}}", "requestSize": "{{.Request.ContentLength}}", "status": {{.Response.Code}}, "responseSize": "{{.Response.Size}}", "userAgent": "{{js .Request.UserAgent}}", "remoteIp": "{{js .Request.RemoteAddr}}", "serverIp": "{{.Revision.PodIP}}", "referer": "{{js .Request.Referer}}", "latency": "{{.Response.Latency}}s", "protocol": "{{.Request.Proto}}"}, "traceId": "{{index .Request.Header "X-B3-Traceid"}}"}'
+
+ # If true, the request logging will be enabled.
+ logging.enable-request-log: "false"
+
+ # If true, this enables queue proxy writing request logs for probe requests to stdout.
+ # It uses the same template for user requests, i.e. logging.request-log-template.
+ logging.enable-probe-request-log: "false"
+
+ # metrics-protocol field specifies the protocol used when exporting metrics
+ # It supports either 'none' (the default), 'prometheus', 'http/protobuf' (OTLP HTTP), 'grpc' (OTLP gRPC)
+ metrics-protocol: http/protobuf
+
+ # metrics-endpoint field specifies the destination metrics should be exporter to.
+ #
+ # The endpoint MUST be set when the protocol is http/protobuf or grpc.
+ # The endpoint MUST NOT be set when the protocol is none.
+ #
+ # When the protocol is prometheus the endpoint can accept a 'host:port' string to customize the
+ # listening host interface and port.
+ metrics-endpoint: http://example.com/v1/traces
+
+ # metrics-export-interval specifies the global metrics reporting period for control and data plane components.
+ # If a zero or negative value is passed the default reporting OTel period is used (60 secs).
+ metrics-export-interval: 60s
+
+ # request-metrics-protocol field specifies the protocol used when exporting queue-proxy metrics
+ # It supports either 'none' (the default), 'prometheus', 'http/protobuf' (OTLP HTTP), 'grpc' (OTLP gRPC)
+ request-metrics-protocol: http/protobuf
+
+ # request-metrics-endpoint field specifies the destination metrics from the queue proxy should be exporter to.
+ #
+ # The endpoint MUST be set when the protocol is http/protobuf or grpc.
+ # The endpoint MUST NOT be set when the protocol is none.
+ #
+ # When the protocol is prometheus the endpoint can accept a 'host:port' string to customize the
+ # listening host interface and port.
+ request-metrics-endpoint: http://promstack-kube-prometheus-prometheus.observability:9090/api/v1/otlp/v1/metrics
+
+ # request-metrics-export-interval specifies the global metrics reporting period for the queue-proxy.
+ #
+ # If a zero or negative value is passed the default reporting OTel period is used (60 secs).
+ request-metrics-export-interval: 60s
+
+ # runtime-profiling indicates whether it is allowed to retrieve runtime profiling data from
+ # the pods via an HTTP server in the format expected by the pprof visualization tool. When
+ # enabled, the Knative Serving pods expose the profiling data on an alternate HTTP port 8008.
+ # The HTTP context root for profiling is then /debug/pprof/.
+ runtime-profiling: enabled
+
+
+ # tracing-protocol field specifies the protocol used when exporting metrics
+ # It supports either 'none' (the default), 'prometheus', 'http/protobuf' (OTLP HTTP), 'grpc' (OTLP gRPC)
+ # or `stdout` for debugging purposes
+ tracing-protocol: http/protobuf
+
+ # tracing-endpoint field specifies the destination traces should be exporter to.
+ #
+ # The endpoint MUST be set when the protocol is http/protobuf or grpc.
+ # The endpoint MUST NOT be set when the protocol is none.
+ tracing-endpoint: http://jaeger-collector.observability:4318/v1/traces
+
+ # tracing-sampling-rate allows the user to specify what percentage of all traces should be exported
+ # The value should be between 0 (never sample) to 1 (always sample)
+ tracing-sampling-rate: "1"
+
+---
+# Copyright 2019 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: config-tracing
+ namespace: knative-serving
+ labels:
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/component: tracing
+ app.kubernetes.io/version: "1.19.0"
+ annotations:
+ knative.dev/example-checksum: "04c7e9a3"
+data:
+ _example: |
+ ###########################################################
+ # #
+ # This config is deprecated - use config-observability #
+ # #
+ ###########################################################
+
+---
+# Copyright 2020 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+ name: activator
+ namespace: knative-serving
+ labels:
+ app.kubernetes.io/component: activator
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+spec:
+ minReplicas: 1
+ maxReplicas: 20
+ scaleTargetRef:
+ apiVersion: apps/v1
+ kind: Deployment
+ name: activator
+ metrics:
+ - type: Resource
+ resource:
+ name: cpu
+ target:
+ type: Utilization
+ # Percentage of the requested CPU
+ averageUtilization: 100
+---
+# Activator PDB. Currently we permit unavailability of 20% of tasks at the same time.
+# Given the subsetting and that the activators are partially stateful systems, we want
+# a slow rollout of the new versions and slow migration during node upgrades.
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: activator-pdb
+ namespace: knative-serving
+ labels:
+ app.kubernetes.io/component: activator
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+spec:
+ minAvailable: 80%
+ selector:
+ matchLabels:
+ app: activator
+
+---
+# Copyright 2018 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: activator
+ namespace: knative-serving
+ labels:
+ app.kubernetes.io/component: activator
+ app.kubernetes.io/version: "1.19.0"
+ app.kubernetes.io/name: knative-serving
+spec:
+ selector:
+ matchLabels:
+ app: activator
+ role: activator
+ template:
+ metadata:
+ labels:
+ app: activator
+ role: activator
+ app.kubernetes.io/component: activator
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+ spec:
+ # To avoid node becoming SPOF, spread our replicas to different nodes.
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - podAffinityTerm:
+ labelSelector:
+ matchLabels:
+ app: activator
+ topologyKey: kubernetes.io/hostname
+ weight: 100
+ serviceAccountName: activator
+ containers:
+ - name: activator
+ # This is the Go import path for the binary that is containerized
+ # and substituted here.
+ image: gcr.io/knative-releases/knative.dev/serving/cmd/activator@sha256:3e81e0b0e2ead666c131a17b437b1759e59ec2b066db49c493e4663e42fa4452
+ # The numbers are based on performance test results from
+ # https://github.com/knative/serving/issues/1625#issuecomment-511930023
+ resources:
+ requests:
+ cpu: 300m
+ memory: 60Mi
+ limits:
+ cpu: 1000m
+ memory: 600Mi
+ env:
+ # Run Activator with GC collection when newly generated memory is 500%.
+ - name: GOGC
+ value: "500"
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ - name: SYSTEM_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: CONFIG_LOGGING_NAME
+ value: config-logging
+ - name: CONFIG_OBSERVABILITY_NAME
+ value: config-observability
+ # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config
+ - name: METRICS_DOMAIN
+ value: knative.dev/internal/serving
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ capabilities:
+ drop:
+ - ALL
+ seccompProfile:
+ type: RuntimeDefault
+ ports:
+ - name: metrics
+ containerPort: 9090
+ - name: profiling
+ containerPort: 8008
+ - name: http1
+ containerPort: 8012
+ - name: h2c
+ containerPort: 8013
+ readinessProbe:
+ httpGet:
+ port: 8012
+ periodSeconds: 5
+ failureThreshold: 5
+ livenessProbe:
+ httpGet:
+ port: 8012
+ periodSeconds: 10
+ failureThreshold: 12
+ initialDelaySeconds: 15
+ # The activator (often) sits on the dataplane, and may proxy long (e.g.
+ # streaming, websockets) requests. We give a long grace period for the
+ # activator to "lame duck" and drain outstanding requests before we
+ # forcibly terminate the pod (and outstanding connections). This value
+ # should be at least as large as the upper bound on the Revision's
+ # timeoutSeconds property to avoid servicing events disrupting
+ # connections.
+ terminationGracePeriodSeconds: 600
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: activator-service
+ namespace: knative-serving
+ labels:
+ app: activator
+ app.kubernetes.io/component: activator
+ app.kubernetes.io/version: "1.19.0"
+ app.kubernetes.io/name: knative-serving
+spec:
+ selector:
+ app: activator
+ ports:
+ # Define metrics and profiling for them to be accessible within service meshes.
+ - name: http-metrics
+ port: 9090
+ targetPort: 9090
+ - name: http-profiling
+ port: 8008
+ targetPort: 8008
+ - name: http
+ port: 80
+ targetPort: 8012
+ - name: http2
+ port: 81
+ targetPort: 8013
+ - name: https
+ port: 443
+ targetPort: 8112
+ type: ClusterIP
+
+---
+# Copyright 2018 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: autoscaler
+ namespace: knative-serving
+ labels:
+ app.kubernetes.io/component: autoscaler
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: autoscaler
+ strategy:
+ type: RollingUpdate
+ rollingUpdate:
+ maxUnavailable: 0
+ template:
+ metadata:
+ labels:
+ app: autoscaler
+ app.kubernetes.io/component: autoscaler
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+ spec:
+ # To avoid node becoming SPOF, spread our replicas to different nodes.
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - podAffinityTerm:
+ labelSelector:
+ matchLabels:
+ app: autoscaler
+ topologyKey: kubernetes.io/hostname
+ weight: 100
+ serviceAccountName: controller
+ containers:
+ - name: autoscaler
+ # This is the Go import path for the binary that is containerized
+ # and substituted here.
+ image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler@sha256:998a790f7f74caec6e7fc9084d7b85f25b6c011e753b26076c7db766587b3e08
+ resources:
+ requests:
+ cpu: 100m
+ memory: 100Mi
+ limits:
+ cpu: 1000m
+ memory: 1000Mi
+ env:
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ - name: SYSTEM_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: CONFIG_LOGGING_NAME
+ value: config-logging
+ - name: CONFIG_OBSERVABILITY_NAME
+ value: config-observability
+ # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config
+ - name: METRICS_DOMAIN
+ value: knative.dev/serving
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ capabilities:
+ drop:
+ - ALL
+ seccompProfile:
+ type: RuntimeDefault
+ ports:
+ - name: metrics
+ containerPort: 9090
+ - name: profiling
+ containerPort: 8008
+ - name: websocket
+ containerPort: 8080
+ readinessProbe:
+ httpGet:
+ port: 8080
+ livenessProbe:
+ httpGet:
+ port: 8080
+ failureThreshold: 6
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app: autoscaler
+ app.kubernetes.io/component: autoscaler
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+ name: autoscaler
+ namespace: knative-serving
+spec:
+ ports:
+ # Define metrics and profiling for them to be accessible within service meshes.
+ - name: http-metrics
+ port: 9090
+ targetPort: 9090
+ - name: http-profiling
+ port: 8008
+ targetPort: 8008
+ - name: http
+ port: 8080
+ targetPort: 8080
+ selector:
+ app: autoscaler
+
+---
+# Copyright 2018 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: controller
+ namespace: knative-serving
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+spec:
+ selector:
+ matchLabels:
+ app: controller
+ template:
+ metadata:
+ labels:
+ app: controller
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+ spec:
+ # To avoid node becoming SPOF, spread our replicas to different nodes.
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - podAffinityTerm:
+ labelSelector:
+ matchLabels:
+ app: controller
+ topologyKey: kubernetes.io/hostname
+ weight: 100
+ serviceAccountName: controller
+ containers:
+ - name: controller
+ # This is the Go import path for the binary that is containerized
+ # and substituted here.
+ image: gcr.io/knative-releases/knative.dev/serving/cmd/controller@sha256:d9f40097903d1d9f4108723d2e41dfc21039ff380671ab80723fc861d81b8071
+ resources:
+ requests:
+ cpu: 100m
+ memory: 100Mi
+ limits:
+ cpu: 1000m
+ memory: 1000Mi
+ env:
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: SYSTEM_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: CONFIG_LOGGING_NAME
+ value: config-logging
+ - name: CONFIG_OBSERVABILITY_NAME
+ value: config-observability
+ # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config
+ - name: METRICS_DOMAIN
+ value: knative.dev/internal/serving
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ capabilities:
+ drop:
+ - ALL
+ seccompProfile:
+ type: RuntimeDefault
+ livenessProbe:
+ httpGet:
+ path: /health
+ port: probes
+ scheme: HTTP
+ periodSeconds: 5
+ failureThreshold: 6
+ readinessProbe:
+ httpGet:
+ path: /readiness
+ port: probes
+ scheme: HTTP
+ periodSeconds: 5
+ failureThreshold: 3
+ ports:
+ - name: metrics
+ containerPort: 9090
+ - name: profiling
+ containerPort: 8008
+ - name: probes
+ containerPort: 8080
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app: controller
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+ name: controller
+ namespace: knative-serving
+spec:
+ ports:
+ # Define metrics and profiling for them to be accessible within service meshes.
+ - name: http-metrics
+ port: 9090
+ targetPort: 9090
+ - name: http-profiling
+ port: 8008
+ targetPort: 8008
+ selector:
+ app: controller
+
+---
+# Copyright 2020 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+ name: webhook
+ namespace: knative-serving
+ labels:
+ app.kubernetes.io/component: webhook
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+spec:
+ minReplicas: 1
+ maxReplicas: 5
+ scaleTargetRef:
+ apiVersion: apps/v1
+ kind: Deployment
+ name: webhook
+ metrics:
+ - type: Resource
+ resource:
+ name: cpu
+ target:
+ type: Utilization
+ # Percentage of the requested CPU
+ averageUtilization: 100
+---
+# Webhook PDB.
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: webhook-pdb
+ namespace: knative-serving
+ labels:
+ app.kubernetes.io/component: webhook
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+spec:
+ minAvailable: 80%
+ selector:
+ matchLabels:
+ app: webhook
+
+---
+# Copyright 2018 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: webhook
+ namespace: knative-serving
+ labels:
+ app.kubernetes.io/component: webhook
+ app.kubernetes.io/version: "1.19.0"
+ app.kubernetes.io/name: knative-serving
+spec:
+ selector:
+ matchLabels:
+ app: webhook
+ role: webhook
+ template:
+ metadata:
+ labels:
+ app: webhook
+ role: webhook
+ app.kubernetes.io/component: webhook
+ app.kubernetes.io/version: "1.19.0"
+ app.kubernetes.io/name: knative-serving
+ spec:
+ # To avoid node becoming SPOF, spread our replicas to different nodes.
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - podAffinityTerm:
+ labelSelector:
+ matchLabels:
+ app: webhook
+ topologyKey: kubernetes.io/hostname
+ weight: 100
+ serviceAccountName: controller
+ containers:
+ - name: webhook
+ # This is the Go import path for the binary that is containerized
+ # and substituted here.
+ image: gcr.io/knative-releases/knative.dev/serving/cmd/webhook@sha256:deb7f4ff25b854c6a1f58c2435fe0799731eba974d50dd012b534b6daf8eebf3
+ resources:
+ requests:
+ cpu: 100m
+ memory: 100Mi
+ limits:
+ cpu: 500m
+ memory: 500Mi
+ env:
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: SYSTEM_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: CONFIG_LOGGING_NAME
+ value: config-logging
+ - name: CONFIG_OBSERVABILITY_NAME
+ value: config-observability
+ - name: WEBHOOK_NAME
+ value: webhook
+ - name: WEBHOOK_PORT
+ value: "8443"
+ # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config
+ - name: METRICS_DOMAIN
+ value: knative.dev/internal/serving
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ capabilities:
+ drop:
+ - ALL
+ seccompProfile:
+ type: RuntimeDefault
+ ports:
+ - name: metrics
+ containerPort: 9090
+ - name: profiling
+ containerPort: 8008
+ - name: https-webhook
+ containerPort: 8443
+ readinessProbe:
+ periodSeconds: 1
+ httpGet:
+ scheme: HTTPS
+ port: 8443
+ livenessProbe:
+ periodSeconds: 10
+ httpGet:
+ scheme: HTTPS
+ port: 8443
+ failureThreshold: 6
+ initialDelaySeconds: 20
+ # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently
+ # high value that we respect whatever value it has configured for the lame duck grace period.
+ terminationGracePeriodSeconds: 300
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app: webhook
+ role: webhook
+ app.kubernetes.io/component: webhook
+ app.kubernetes.io/version: "1.19.0"
+ app.kubernetes.io/name: knative-serving
+ name: webhook
+ namespace: knative-serving
+spec:
+ ports:
+ # Define metrics and profiling for them to be accessible within service meshes.
+ - name: http-metrics
+ port: 9090
+ targetPort: 9090
+ - name: http-profiling
+ port: 8008
+ targetPort: 8008
+ - name: https-webhook
+ port: 443
+ targetPort: 8443
+ selector:
+ app: webhook
+ role: webhook
+
+---
+# Copyright 2020 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+ name: config.webhook.serving.knative.dev
+ labels:
+ app.kubernetes.io/component: webhook
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+webhooks:
+ - admissionReviewVersions: ["v1", "v1beta1"]
+ clientConfig:
+ service:
+ name: webhook
+ namespace: knative-serving
+ failurePolicy: Fail
+ sideEffects: None
+ name: config.webhook.serving.knative.dev
+ objectSelector:
+ matchExpressions:
+ - key: app.kubernetes.io/name
+ operator: In
+ values: ["knative-serving"]
+ - key: app.kubernetes.io/component
+ operator: In
+ values: ["autoscaler", "controller", "logging", "networking", "observability", "tracing", "net-certmanager"]
+ timeoutSeconds: 10
+
+---
+# Copyright 2020 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+ name: webhook.serving.knative.dev
+ labels:
+ app.kubernetes.io/component: webhook
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+webhooks:
+ - admissionReviewVersions: ["v1", "v1beta1"]
+ clientConfig:
+ service:
+ name: webhook
+ namespace: knative-serving
+ failurePolicy: Fail
+ sideEffects: None
+ name: webhook.serving.knative.dev
+ timeoutSeconds: 10
+ rules:
+ - apiGroups:
+ - autoscaling.internal.knative.dev
+ - networking.internal.knative.dev
+ - serving.knative.dev
+ apiVersions:
+ - "*"
+ operations:
+ - CREATE
+ - UPDATE
+ scope: "*"
+ resources:
+ - metrics
+ - podautoscalers
+ - certificates
+ - ingresses
+ - serverlessservices
+ - configurations
+ - revisions
+ - routes
+ - services
+ - domainmappings
+ - domainmappings/status
+
+---
+# Copyright 2020 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+ name: validation.webhook.serving.knative.dev
+ labels:
+ app.kubernetes.io/component: webhook
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+webhooks:
+ - admissionReviewVersions: ["v1", "v1beta1"]
+ clientConfig:
+ service:
+ name: webhook
+ namespace: knative-serving
+ failurePolicy: Fail
+ sideEffects: None
+ name: validation.webhook.serving.knative.dev
+ timeoutSeconds: 10
+ rules:
+ - apiGroups:
+ - autoscaling.internal.knative.dev
+ - networking.internal.knative.dev
+ - serving.knative.dev
+ apiVersions:
+ - "*"
+ operations:
+ - CREATE
+ - UPDATE
+ - DELETE
+ scope: "*"
+ resources:
+ - metrics
+ - podautoscalers
+ - certificates
+ - ingresses
+ - serverlessservices
+ - configurations
+ - revisions
+ - routes
+ - services
+ - domainmappings
+ - domainmappings/status
+
+---
+# Copyright 2020 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: webhook-certs
+ namespace: knative-serving
+ labels:
+ app.kubernetes.io/component: webhook
+ app.kubernetes.io/name: knative-serving
+ app.kubernetes.io/version: "1.19.0"
+# The data is populated at install time.
+
+---
diff --git a/integration/fixtures/knative/04-serving-tests-namespace.yaml b/integration/fixtures/knative/04-serving-tests-namespace.yaml
new file mode 100644
index 000000000..0a6d3c67d
--- /dev/null
+++ b/integration/fixtures/knative/04-serving-tests-namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: serving-tests
diff --git a/integration/fixtures/knative/tools.go b/integration/fixtures/knative/tools.go
new file mode 100644
index 000000000..02790a0e8
--- /dev/null
+++ b/integration/fixtures/knative/tools.go
@@ -0,0 +1,14 @@
+//go:build tools
+
+package tools
+
+// The following dependencies are required by the Knative conformance tests.
+// They allow to download the test_images when calling "go mod vendor".
+import (
+ _ "knative.dev/networking/test/test_images/grpc-ping"
+ _ "knative.dev/networking/test/test_images/httpproxy"
+ _ "knative.dev/networking/test/test_images/retry"
+ _ "knative.dev/networking/test/test_images/runtime"
+ _ "knative.dev/networking/test/test_images/timeout"
+ _ "knative.dev/networking/test/test_images/wsserver"
+)
diff --git a/integration/fixtures/knative/upload-test-images.sh b/integration/fixtures/knative/upload-test-images.sh
new file mode 100755
index 000000000..cbbacb9b8
--- /dev/null
+++ b/integration/fixtures/knative/upload-test-images.sh
@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+
+# Copyright 2020 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+
+function upload_test_images() {
+ echo ">> Publishing test images"
+ (
+ # Script needs to be executed from repo root
+ cd "$( dirname "$0")/../../../"
+ echo "Current working directory: $(pwd)"
+ local image_dir="vendor/knative.dev/networking/test/test_images"
+ local docker_tag=$1
+ local tag_option=""
+ if [ -n "${docker_tag}" ]; then
+ tag_option="--tags $docker_tag,latest"
+ fi
+
+ # ko resolve is being used for the side-effect of publishing images,
+ # so the resulting yaml produced is ignored.
+ # shellcheck disable=SC2086
+ ko resolve --jobs=4 ${tag_option} -RBf "${image_dir}" > /dev/null
+ )
+}
+
+: "${KO_DOCKER_REPO:?"You must set 'KO_DOCKER_REPO', see DEVELOPMENT.md"}"
+
+upload_test_images "$@"
diff --git a/integration/integration_test.go b/integration/integration_test.go
index bb0fc2bfd..e1b967c1a 100644
--- a/integration/integration_test.go
+++ b/integration/integration_test.go
@@ -42,7 +42,13 @@ var (
k8sConformanceTraefikVersion = flag.String("k8sConformanceTraefikVersion", "dev", "specify the Traefik version for the K8s Gateway API conformance report")
)
-const tailscaleSecretFilePath = "tailscale.secret"
+const (
+ k3sImage = "docker.io/rancher/k3s:v1.32.9-k3s1"
+ traefikImage = "traefik/traefik:latest"
+ traefikDeployment = "deployments/traefik"
+ traefikNamespace = "traefik"
+ tailscaleSecretFilePath = "tailscale.secret"
+)
type composeConfig struct {
Services map[string]composeService `yaml:"services"`
diff --git a/integration/k8s_conformance_test.go b/integration/k8s_conformance_test.go
index 1e03f223b..22aae5b15 100644
--- a/integration/k8s_conformance_test.go
+++ b/integration/k8s_conformance_test.go
@@ -37,13 +37,6 @@ import (
"sigs.k8s.io/yaml"
)
-const (
- k3sImage = "docker.io/rancher/k3s:v1.29.3-k3s1"
- traefikImage = "traefik/traefik:latest"
- traefikDeployment = "deployments/traefik"
- traefikNamespace = "traefik"
-)
-
// K8sConformanceSuite tests suite.
type K8sConformanceSuite struct {
BaseSuite
diff --git a/integration/knative_conformance_test.go b/integration/knative_conformance_test.go
new file mode 100644
index 000000000..89ffa323a
--- /dev/null
+++ b/integration/knative_conformance_test.go
@@ -0,0 +1,178 @@
+// Use a build tag to include and run Knative conformance tests.
+// The Knative conformance toolkit redefines the skip-tests flag,
+// which conflicts with the testing library and causes a panic.
+//go:build knativeConformance
+
+package integration
+
+import (
+ "flag"
+ "io"
+ "os"
+ "slices"
+ "testing"
+ "time"
+
+ "github.com/stretchr/testify/require"
+ "github.com/stretchr/testify/suite"
+ "github.com/testcontainers/testcontainers-go"
+ "github.com/testcontainers/testcontainers-go/modules/k3s"
+ "github.com/testcontainers/testcontainers-go/network"
+ "github.com/traefik/traefik/v3/integration/try"
+ "knative.dev/networking/test/conformance/ingress"
+ klog "sigs.k8s.io/controller-runtime/pkg/log"
+ "sigs.k8s.io/controller-runtime/pkg/log/zap"
+)
+
+const knativeNamespace = "knative-serving"
+
+var imageNames = []string{
+ traefikImage,
+ "ko.local/grpc-ping:latest",
+ "ko.local/httpproxy:latest",
+ "ko.local/retry:latest",
+ "ko.local/runtime:latest",
+ "ko.local/wsserver:latest",
+ "ko.local/timeout:latest",
+}
+
+type KnativeConformanceSuite struct {
+ BaseSuite
+
+ k3sContainer *k3s.K3sContainer
+}
+
+func TestKnativeConformanceSuite(t *testing.T) {
+ suite.Run(t, new(KnativeConformanceSuite))
+}
+
+func (s *KnativeConformanceSuite) SetupSuite() {
+ s.BaseSuite.SetupSuite()
+
+ // Avoid panic.
+ klog.SetLogger(zap.New())
+
+ provider, err := testcontainers.ProviderDocker.GetProvider()
+ if err != nil {
+ s.T().Fatal(err)
+ }
+
+ ctx := s.T().Context()
+
+ // Ensure image is available locally.
+ images, err := provider.ListImages(ctx)
+ if err != nil {
+ s.T().Fatal(err)
+ }
+
+ if !slices.ContainsFunc(images, func(img testcontainers.ImageInfo) bool {
+ return img.Name == traefikImage
+ }) {
+ s.T().Fatal("Traefik image is not present")
+ }
+
+ s.k3sContainer, err = k3s.Run(ctx,
+ k3sImage,
+ k3s.WithManifest("./fixtures/knative/00-knative-crd-v1.19.0.yml"),
+ k3s.WithManifest("./fixtures/knative/01-rbac.yml"),
+ k3s.WithManifest("./fixtures/knative/02-traefik.yml"),
+ k3s.WithManifest("./fixtures/knative/03-knative-serving-v1.19.0.yaml"),
+ k3s.WithManifest("./fixtures/knative/04-serving-tests-namespace.yaml"),
+ network.WithNetwork(nil, s.network),
+ )
+ if err != nil {
+ s.T().Fatal(err)
+ }
+
+ for _, imageName := range imageNames {
+ if err = s.k3sContainer.LoadImages(ctx, imageName); err != nil {
+ s.T().Fatal(err)
+ }
+ }
+
+ exitCode, _, err := s.k3sContainer.Exec(ctx, []string{"kubectl", "wait", "-n", traefikNamespace, traefikDeployment, "--for=condition=Available", "--timeout=10s"})
+ if err != nil || exitCode > 0 {
+ s.T().Fatalf("Traefik pod is not ready: %v", err)
+ }
+
+ exitCode, _, err = s.k3sContainer.Exec(ctx, []string{"kubectl", "wait", "-n", knativeNamespace, "deployment/activator", "--for=condition=Available", "--timeout=10s"})
+ if err != nil || exitCode > 0 {
+ s.T().Fatalf("Activator pod is not ready: %v", err)
+ }
+
+ exitCode, _, err = s.k3sContainer.Exec(ctx, []string{"kubectl", "wait", "-n", knativeNamespace, "deployment/controller", "--for=condition=Available", "--timeout=10s"})
+ if err != nil || exitCode > 0 {
+ s.T().Fatalf("Controller pod is not ready: %v", err)
+ }
+
+ exitCode, _, err = s.k3sContainer.Exec(ctx, []string{"kubectl", "wait", "-n", knativeNamespace, "deployment/autoscaler", "--for=condition=Available", "--timeout=10s"})
+ if err != nil || exitCode > 0 {
+ s.T().Fatalf("Autoscaler pod is not ready: %v", err)
+ }
+
+ exitCode, _, err = s.k3sContainer.Exec(ctx, []string{"kubectl", "wait", "-n", knativeNamespace, "deployment/webhook", "--for=condition=Available", "--timeout=10s"})
+ if err != nil || exitCode > 0 {
+ s.T().Fatalf("Webhook pod is not ready: %v", err)
+ }
+}
+
+func (s *KnativeConformanceSuite) TearDownSuite() {
+ ctx := s.T().Context()
+
+ if s.T().Failed() || *showLog {
+ k3sLogs, err := s.k3sContainer.Logs(ctx)
+ if err == nil {
+ if res, err := io.ReadAll(k3sLogs); err == nil {
+ s.T().Log(string(res))
+ }
+ }
+
+ exitCode, result, err := s.k3sContainer.Exec(ctx, []string{"kubectl", "logs", "-n", traefikNamespace, traefikDeployment})
+ if err == nil || exitCode == 0 {
+ if res, err := io.ReadAll(result); err == nil {
+ s.T().Log(string(res))
+ }
+ }
+ }
+
+ if err := s.k3sContainer.Terminate(ctx); err != nil {
+ s.T().Fatal(err)
+ }
+
+ s.BaseSuite.TearDownSuite()
+}
+
+func (s *KnativeConformanceSuite) TestKnativeConformance() {
+ // Wait for traefik to start
+ k3sContainerIP, err := s.k3sContainer.ContainerIP(s.T().Context())
+ require.NoError(s.T(), err)
+
+ err = try.GetRequest("http://"+k3sContainerIP+":9000/api/entrypoints", 10*time.Second, try.BodyContains(`"name":"pweb"`))
+ require.NoError(s.T(), err)
+
+ kubeconfig, err := s.k3sContainer.GetKubeConfig(s.T().Context())
+ if err != nil {
+ s.T().Fatal(err)
+ }
+
+ // Write the kubeconfig.yaml in a temp file.
+ kubeconfigFile := s.T().TempDir() + "/kubeconfig.yaml"
+
+ if err = os.WriteFile(kubeconfigFile, kubeconfig, 0o644); err != nil {
+ s.T().Fatal(err)
+ }
+
+ if err = flag.CommandLine.Set("kubeconfig", kubeconfigFile); err != nil {
+ s.T().Fatal(err)
+ }
+
+ if err = flag.CommandLine.Set("ingressClass", "traefik.ingress.networking.knative.dev"); err != nil {
+ s.T().Fatal(err)
+ }
+
+ if err = flag.CommandLine.Set("skip-tests", "headers/probe"); err != nil {
+ s.T().Fatal(err)
+ }
+
+ ingress.RunConformance(s.T())
+}
diff --git a/pkg/config/dynamic/http_config.go b/pkg/config/dynamic/http_config.go
index 1cb0c67c7..5d07f96aa 100644
--- a/pkg/config/dynamic/http_config.go
+++ b/pkg/config/dynamic/http_config.go
@@ -177,6 +177,10 @@ type WRRService struct {
Name string `json:"name,omitempty" toml:"name,omitempty" yaml:"name,omitempty" export:"true"`
Weight *int `json:"weight,omitempty" toml:"weight,omitempty" yaml:"weight,omitempty" export:"true"`
+ // Headers defines the HTTP headers that should be added to the request when calling the service.
+ // This is required by the Knative implementation which expects specific headers to be sent.
+ Headers map[string]string `json:"-" toml:"-" yaml:"-" label:"-" file:"-"`
+
// Status defines an HTTP status code that should be returned when calling the service.
// This is required by the Gateway API implementation which expects specific HTTP status to be returned.
Status *int `json:"-" toml:"-" yaml:"-" label:"-" file:"-"`
diff --git a/pkg/config/dynamic/zz_generated.deepcopy.go b/pkg/config/dynamic/zz_generated.deepcopy.go
index c7df112e5..0d4dbca75 100644
--- a/pkg/config/dynamic/zz_generated.deepcopy.go
+++ b/pkg/config/dynamic/zz_generated.deepcopy.go
@@ -2491,6 +2491,13 @@ func (in *WRRService) DeepCopyInto(out *WRRService) {
*out = new(int)
**out = **in
}
+ if in.Headers != nil {
+ in, out := &in.Headers, &out.Headers
+ *out = make(map[string]string, len(*in))
+ for key, val := range *in {
+ (*out)[key] = val
+ }
+ }
if in.Status != nil {
in, out := &in.Status, &out.Status
*out = new(int)
diff --git a/pkg/config/static/experimental.go b/pkg/config/static/experimental.go
index dba89fec8..e0db0589c 100644
--- a/pkg/config/static/experimental.go
+++ b/pkg/config/static/experimental.go
@@ -9,6 +9,7 @@ type Experimental struct {
AbortOnPluginFailure bool `description:"Defines whether all plugins must be loaded successfully for Traefik to start." json:"abortOnPluginFailure,omitempty" toml:"abortOnPluginFailure,omitempty" yaml:"abortOnPluginFailure,omitempty" export:"true"`
FastProxy *FastProxyConfig `description:"Enables the FastProxy implementation." json:"fastProxy,omitempty" toml:"fastProxy,omitempty" yaml:"fastProxy,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
OTLPLogs bool `description:"Enables the OpenTelemetry logs integration." json:"otlplogs,omitempty" toml:"otlplogs,omitempty" yaml:"otlplogs,omitempty" export:"true"`
+ Knative bool `description:"Allow the Knative provider usage." json:"knative,omitempty" toml:"knative,omitempty" yaml:"knative,omitempty" export:"true"`
KubernetesIngressNGINX bool `description:"Allow the Kubernetes Ingress NGINX provider usage." json:"kubernetesIngressNGINX,omitempty" toml:"kubernetesIngressNGINX,omitempty" yaml:"kubernetesIngressNGINX,omitempty" export:"true"`
// Deprecated: KubernetesGateway provider is not an experimental feature starting with v3.1. Please remove its usage from the static configuration.
diff --git a/pkg/config/static/static_config.go b/pkg/config/static/static_config.go
index fb15a0b18..bdbefdbe9 100644
--- a/pkg/config/static/static_config.go
+++ b/pkg/config/static/static_config.go
@@ -24,6 +24,7 @@ import (
"github.com/traefik/traefik/v3/pkg/provider/kubernetes/gateway"
"github.com/traefik/traefik/v3/pkg/provider/kubernetes/ingress"
ingressnginx "github.com/traefik/traefik/v3/pkg/provider/kubernetes/ingress-nginx"
+ "github.com/traefik/traefik/v3/pkg/provider/kubernetes/knative"
"github.com/traefik/traefik/v3/pkg/provider/kv/consul"
"github.com/traefik/traefik/v3/pkg/provider/kv/etcd"
"github.com/traefik/traefik/v3/pkg/provider/kv/redis"
@@ -239,6 +240,7 @@ type Providers struct {
KubernetesIngressNGINX *ingressnginx.Provider `description:"Enables Kubernetes Ingress NGINX provider." json:"kubernetesIngressNGINX,omitempty" toml:"kubernetesIngressNGINX,omitempty" yaml:"kubernetesIngressNGINX,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
KubernetesCRD *crd.Provider `description:"Enables Kubernetes CRD provider." json:"kubernetesCRD,omitempty" toml:"kubernetesCRD,omitempty" yaml:"kubernetesCRD,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
KubernetesGateway *gateway.Provider `description:"Enables Kubernetes Gateway API provider." json:"kubernetesGateway,omitempty" toml:"kubernetesGateway,omitempty" yaml:"kubernetesGateway,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
+ Knative *knative.Provider `description:"Enables Knative provider." json:"knative,omitempty" toml:"knative,omitempty" yaml:"knative,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
Rest *rest.Provider `description:"Enables Rest provider." json:"rest,omitempty" toml:"rest,omitempty" yaml:"rest,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
ConsulCatalog *consulcatalog.ProviderBuilder `description:"Enables Consul Catalog provider." json:"consulCatalog,omitempty" toml:"consulCatalog,omitempty" yaml:"consulCatalog,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
Nomad *nomad.ProviderBuilder `description:"Enables Nomad provider." json:"nomad,omitempty" toml:"nomad,omitempty" yaml:"nomad,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
@@ -431,6 +433,12 @@ func (c *Configuration) ValidateConfiguration() error {
}
}
+ if c.Providers != nil && c.Providers.Knative != nil {
+ if c.Experimental == nil || !c.Experimental.Knative {
+ return errors.New("the experimental Knative feature must be enabled to use the Knative provider")
+ }
+ }
+
if c.AccessLog != nil && c.AccessLog.OTLP != nil {
if c.Experimental == nil || !c.Experimental.OTLPLogs {
return errors.New("the experimental OTLPLogs feature must be enabled to use OTLP access logging")
diff --git a/pkg/provider/aggregator/aggregator.go b/pkg/provider/aggregator/aggregator.go
index 3e45c2119..95bb0b220 100644
--- a/pkg/provider/aggregator/aggregator.go
+++ b/pkg/provider/aggregator/aggregator.go
@@ -101,6 +101,10 @@ func NewProviderAggregator(conf static.Providers) *ProviderAggregator {
p.quietAddProvider(conf.KubernetesCRD)
}
+ if conf.Knative != nil {
+ p.quietAddProvider(conf.Knative)
+ }
+
if conf.KubernetesGateway != nil {
p.quietAddProvider(conf.KubernetesGateway)
}
diff --git a/pkg/provider/kubernetes/knative/client.go b/pkg/provider/kubernetes/knative/client.go
new file mode 100644
index 000000000..bfb87c332
--- /dev/null
+++ b/pkg/provider/kubernetes/knative/client.go
@@ -0,0 +1,232 @@
+package knative
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "os"
+ "time"
+
+ "github.com/rs/zerolog/log"
+ "github.com/traefik/traefik/v3/pkg/provider/kubernetes/k8s"
+ corev1 "k8s.io/api/core/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apimachinery/pkg/labels"
+ kinformers "k8s.io/client-go/informers"
+ kclientset "k8s.io/client-go/kubernetes"
+ "k8s.io/client-go/rest"
+ "k8s.io/client-go/tools/clientcmd"
+ knativenetworkingv1alpha1 "knative.dev/networking/pkg/apis/networking/v1alpha1"
+ knativenetworkingclientset "knative.dev/networking/pkg/client/clientset/versioned"
+ knativenetworkinginformers "knative.dev/networking/pkg/client/informers/externalversions"
+)
+
+const resyncPeriod = 10 * time.Minute
+
+type clientWrapper struct {
+ csKnativeNetworking knativenetworkingclientset.Interface
+ csKube kclientset.Interface
+
+ factoriesKnativeNetworking map[string]knativenetworkinginformers.SharedInformerFactory
+ factoriesKube map[string]kinformers.SharedInformerFactory
+
+ labelSelector string
+
+ isNamespaceAll bool
+ watchedNamespaces []string
+}
+
+func createClientFromConfig(c *rest.Config) (*clientWrapper, error) {
+ csKnativeNetworking, err := knativenetworkingclientset.NewForConfig(c)
+ if err != nil {
+ return nil, err
+ }
+
+ csKube, err := kclientset.NewForConfig(c)
+ if err != nil {
+ return nil, err
+ }
+
+ return newClientImpl(csKnativeNetworking, csKube), nil
+}
+
+func newClientImpl(csKnativeNetworking knativenetworkingclientset.Interface, csKube kclientset.Interface) *clientWrapper {
+ return &clientWrapper{
+ csKnativeNetworking: csKnativeNetworking,
+ csKube: csKube,
+ factoriesKnativeNetworking: make(map[string]knativenetworkinginformers.SharedInformerFactory),
+ factoriesKube: make(map[string]kinformers.SharedInformerFactory),
+ }
+}
+
+// newInClusterClient returns a new Provider client that is expected to run
+// inside the cluster.
+func newInClusterClient(endpoint string) (*clientWrapper, error) {
+ config, err := rest.InClusterConfig()
+ if err != nil {
+ return nil, fmt.Errorf("creating in-cluster configuration: %w", err)
+ }
+
+ if endpoint != "" {
+ config.Host = endpoint
+ }
+
+ return createClientFromConfig(config)
+}
+
+func newExternalClusterClientFromFile(file string) (*clientWrapper, error) {
+ configFromFlags, err := clientcmd.BuildConfigFromFlags("", file)
+ if err != nil {
+ return nil, err
+ }
+ return createClientFromConfig(configFromFlags)
+}
+
+// newExternalClusterClient returns a new Provider client that may run outside
+// of the cluster.
+// The endpoint parameter must not be empty.
+func newExternalClusterClient(endpoint, token, caFilePath string) (*clientWrapper, error) {
+ if endpoint == "" {
+ return nil, errors.New("endpoint missing for external cluster client")
+ }
+
+ config := &rest.Config{
+ Host: endpoint,
+ BearerToken: token,
+ }
+
+ if caFilePath != "" {
+ caData, err := os.ReadFile(caFilePath)
+ if err != nil {
+ return nil, fmt.Errorf("reading CA file %s: %w", caFilePath, err)
+ }
+
+ config.TLSClientConfig = rest.TLSClientConfig{CAData: caData}
+ }
+
+ return createClientFromConfig(config)
+}
+
+// WatchAll starts namespace-specific controllers for all relevant kinds.
+func (c *clientWrapper) WatchAll(namespaces []string, stopCh <-chan struct{}) (<-chan interface{}, error) {
+ eventCh := make(chan interface{}, 1)
+ eventHandler := &k8s.ResourceEventHandler{Ev: eventCh}
+
+ if len(namespaces) == 0 {
+ namespaces = []string{metav1.NamespaceAll}
+ c.isNamespaceAll = true
+ }
+ c.watchedNamespaces = namespaces
+
+ for _, ns := range namespaces {
+ factory := knativenetworkinginformers.NewSharedInformerFactoryWithOptions(c.csKnativeNetworking, resyncPeriod, knativenetworkinginformers.WithNamespace(ns), knativenetworkinginformers.WithTweakListOptions(func(opts *metav1.ListOptions) {
+ opts.LabelSelector = c.labelSelector
+ }))
+ _, err := factory.Networking().V1alpha1().Ingresses().Informer().AddEventHandler(eventHandler)
+ if err != nil {
+ return nil, err
+ }
+
+ factoryKube := kinformers.NewSharedInformerFactoryWithOptions(c.csKube, resyncPeriod, kinformers.WithNamespace(ns))
+ _, err = factoryKube.Core().V1().Services().Informer().AddEventHandler(eventHandler)
+ if err != nil {
+ return nil, err
+ }
+ _, err = factoryKube.Core().V1().Secrets().Informer().AddEventHandler(eventHandler)
+ if err != nil {
+ return nil, err
+ }
+
+ c.factoriesKube[ns] = factoryKube
+ c.factoriesKnativeNetworking[ns] = factory
+ }
+
+ for _, ns := range namespaces {
+ c.factoriesKnativeNetworking[ns].Start(stopCh)
+ c.factoriesKube[ns].Start(stopCh)
+ }
+
+ for _, ns := range namespaces {
+ for t, ok := range c.factoriesKnativeNetworking[ns].WaitForCacheSync(stopCh) {
+ if !ok {
+ return nil, fmt.Errorf("timed out waiting for controller caches to sync %s in namespace %q", t.String(), ns)
+ }
+ }
+ for t, ok := range c.factoriesKube[ns].WaitForCacheSync(stopCh) {
+ if !ok {
+ return nil, fmt.Errorf("timed out waiting for controller caches to sync %s in namespace %q", t.String(), ns)
+ }
+ }
+ }
+
+ return eventCh, nil
+}
+
+func (c *clientWrapper) ListIngresses() []*knativenetworkingv1alpha1.Ingress {
+ var result []*knativenetworkingv1alpha1.Ingress
+
+ for ns, factory := range c.factoriesKnativeNetworking {
+ ings, err := factory.Networking().V1alpha1().Ingresses().Lister().List(labels.Everything()) // todo: label selector
+ if err != nil {
+ log.Error().Msgf("Failed to list ingresses in namespace %s: %s", ns, err)
+ }
+ result = append(result, ings...)
+ }
+
+ return result
+}
+
+func (c *clientWrapper) UpdateIngressStatus(ingress *knativenetworkingv1alpha1.Ingress) error {
+ _, err := c.csKnativeNetworking.NetworkingV1alpha1().Ingresses(ingress.Namespace).UpdateStatus(context.TODO(), ingress, metav1.UpdateOptions{})
+ if err != nil {
+ return fmt.Errorf("updating knative ingress status %s/%s: %w", ingress.Namespace, ingress.Name, err)
+ }
+
+ log.Info().Msgf("Updated status on knative ingress %s/%s", ingress.Namespace, ingress.Name)
+ return nil
+}
+
+// GetService returns the named service from the given namespace.
+func (c *clientWrapper) GetService(namespace, name string) (*corev1.Service, error) {
+ if !c.isWatchedNamespace(namespace) {
+ return nil, fmt.Errorf("getting service %s/%s: namespace is not within watched namespaces", namespace, name)
+ }
+
+ return c.factoriesKube[c.lookupNamespace(namespace)].Core().V1().Services().Lister().Services(namespace).Get(name)
+}
+
+// GetSecret returns the named secret from the given namespace.
+func (c *clientWrapper) GetSecret(namespace, name string) (*corev1.Secret, error) {
+ if !c.isWatchedNamespace(namespace) {
+ return nil, fmt.Errorf("getting secret %s/%s: namespace is not within watched namespaces", namespace, name)
+ }
+
+ return c.factoriesKube[c.lookupNamespace(namespace)].Core().V1().Secrets().Lister().Secrets(namespace).Get(name)
+}
+
+// isWatchedNamespace checks to ensure that the namespace is being watched before we request
+// it to ensure we don't panic by requesting an out-of-watch object.
+func (c *clientWrapper) isWatchedNamespace(ns string) bool {
+ if c.isNamespaceAll {
+ return true
+ }
+ for _, watchedNamespace := range c.watchedNamespaces {
+ if watchedNamespace == ns {
+ return true
+ }
+ }
+ return false
+}
+
+// lookupNamespace returns the lookup namespace key for the given namespace.
+// When listening on all namespaces, it returns the client-go identifier ("")
+// for all-namespaces. Otherwise, it returns the given namespace.
+// The distinction is necessary because we index all informers on the special
+// identifier iff all-namespaces are requested but receive specific namespace
+// identifiers from the Kubernetes API, so we have to bridge this gap.
+func (c *clientWrapper) lookupNamespace(ns string) string {
+ if c.isNamespaceAll {
+ return metav1.NamespaceAll
+ }
+ return ns
+}
diff --git a/pkg/provider/kubernetes/knative/fixtures/cluster_local.yaml b/pkg/provider/kubernetes/knative/fixtures/cluster_local.yaml
new file mode 100644
index 000000000..0d9c0fcea
--- /dev/null
+++ b/pkg/provider/kubernetes/knative/fixtures/cluster_local.yaml
@@ -0,0 +1,33 @@
+---
+apiVersion: networking.internal.knative.dev/v1alpha1
+kind: Ingress
+metadata:
+ annotations:
+ networking.knative.dev/ingress.class: traefik.ingress.networking.knative.dev
+ name: helloworld-go
+ namespace: default
+spec:
+ httpOption: Enabled
+ rules:
+ - hosts:
+ - helloworld-go.default
+ - helloworld-go.default.svc
+ - helloworld-go.default.svc.cluster.local
+ http:
+ paths:
+ - splits:
+ - appendHeaders:
+ Knative-Serving-Namespace: default
+ Knative-Serving-Revision: helloworld-go-00001
+ percent: 50
+ serviceName: helloworld-go-00001
+ serviceNamespace: default
+ servicePort: 80
+ - appendHeaders:
+ Knative-Serving-Namespace: default
+ Knative-Serving-Revision: helloworld-go-00002
+ percent: 50
+ serviceName: helloworld-go-00002
+ serviceNamespace: default
+ servicePort: 80
+ visibility: ClusterLocal
diff --git a/pkg/provider/kubernetes/knative/fixtures/external_ip.yaml b/pkg/provider/kubernetes/knative/fixtures/external_ip.yaml
new file mode 100644
index 000000000..0ddd4fe06
--- /dev/null
+++ b/pkg/provider/kubernetes/knative/fixtures/external_ip.yaml
@@ -0,0 +1,33 @@
+---
+apiVersion: networking.internal.knative.dev/v1alpha1
+kind: Ingress
+metadata:
+ annotations:
+ networking.knative.dev/ingress.class: traefik.ingress.networking.knative.dev
+ name: helloworld-go
+ namespace: default
+spec:
+ httpOption: Enabled
+ rules:
+ - hosts:
+ - helloworld-go.default
+ - helloworld-go.default.svc
+ - helloworld-go.default.svc.cluster.local
+ http:
+ paths:
+ - splits:
+ - appendHeaders:
+ Knative-Serving-Namespace: default
+ Knative-Serving-Revision: helloworld-go-00001
+ percent: 50
+ serviceName: helloworld-go-00001
+ serviceNamespace: default
+ servicePort: 80
+ - appendHeaders:
+ Knative-Serving-Namespace: default
+ Knative-Serving-Revision: helloworld-go-00002
+ percent: 50
+ serviceName: helloworld-go-00002
+ serviceNamespace: default
+ servicePort: 80
+ visibility: ExternalIP
diff --git a/pkg/provider/kubernetes/knative/fixtures/services.yaml b/pkg/provider/kubernetes/knative/fixtures/services.yaml
new file mode 100644
index 000000000..d2d69ce83
--- /dev/null
+++ b/pkg/provider/kubernetes/knative/fixtures/services.yaml
@@ -0,0 +1,39 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: helloworld-go-00001
+ namespace: default
+spec:
+ clusterIP: 10.43.38.208
+ clusterIPs:
+ - 10.43.38.208
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: 8012
+ - name: https
+ port: 443
+ protocol: TCP
+ targetPort: 8112
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: helloworld-go-00002
+ namespace: default
+spec:
+ clusterIP: 10.43.44.18
+ clusterIPs:
+ - 10.43.44.18
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: 8012
+ - name: https
+ port: 443
+ protocol: TCP
+ targetPort: 8112
diff --git a/pkg/provider/kubernetes/knative/fixtures/tls.yaml b/pkg/provider/kubernetes/knative/fixtures/tls.yaml
new file mode 100644
index 000000000..3d85ad696
--- /dev/null
+++ b/pkg/provider/kubernetes/knative/fixtures/tls.yaml
@@ -0,0 +1,38 @@
+---
+apiVersion: networking.internal.knative.dev/v1alpha1
+kind: Ingress
+metadata:
+ annotations:
+ networking.knative.dev/ingress.class: traefik.ingress.networking.knative.dev
+ name: helloworld-go
+ namespace: default
+spec:
+ httpOption: Enabled
+ tls:
+ - hosts:
+ - helloworld-go.default.svc.cluster.local
+ secretName: secretName
+ secretNamespace: secretNamespace
+ rules:
+ - hosts:
+ - helloworld-go.default
+ - helloworld-go.default.svc
+ - helloworld-go.default.svc.cluster.local
+ http:
+ paths:
+ - splits:
+ - appendHeaders:
+ Knative-Serving-Namespace: default
+ Knative-Serving-Revision: helloworld-go-00001
+ percent: 50
+ serviceName: helloworld-go-00001
+ serviceNamespace: default
+ servicePort: 80
+ - appendHeaders:
+ Knative-Serving-Namespace: default
+ Knative-Serving-Revision: helloworld-go-00002
+ percent: 50
+ serviceName: helloworld-go-00002
+ serviceNamespace: default
+ servicePort: 80
+ visibility: ExternalIP
diff --git a/pkg/provider/kubernetes/knative/fixtures/wrong_ingress_class.yaml b/pkg/provider/kubernetes/knative/fixtures/wrong_ingress_class.yaml
new file mode 100644
index 000000000..aaaff85a0
--- /dev/null
+++ b/pkg/provider/kubernetes/knative/fixtures/wrong_ingress_class.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: networking.internal.knative.dev/v1alpha1
+kind: Ingress
+metadata:
+ annotations:
+ networking.knative.dev/ingress.class: foo.ingress.networking.knative.dev
+ name: helloworld-go
+ namespace: default
diff --git a/pkg/provider/kubernetes/knative/kubernetes.go b/pkg/provider/kubernetes/knative/kubernetes.go
new file mode 100644
index 000000000..ae9c636d3
--- /dev/null
+++ b/pkg/provider/kubernetes/knative/kubernetes.go
@@ -0,0 +1,531 @@
+package knative
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "maps"
+ "net"
+ "os"
+ "slices"
+ "strconv"
+ "strings"
+ "time"
+
+ "github.com/cenkalti/backoff/v4"
+ "github.com/mitchellh/hashstructure"
+ "github.com/rs/zerolog/log"
+ ptypes "github.com/traefik/paerser/types"
+ "github.com/traefik/traefik/v3/pkg/config/dynamic"
+ "github.com/traefik/traefik/v3/pkg/job"
+ "github.com/traefik/traefik/v3/pkg/observability/logs"
+ "github.com/traefik/traefik/v3/pkg/safe"
+ "github.com/traefik/traefik/v3/pkg/tls"
+ "github.com/traefik/traefik/v3/pkg/types"
+ corev1 "k8s.io/api/core/v1"
+ "k8s.io/apimachinery/pkg/labels"
+ "k8s.io/apimachinery/pkg/util/intstr"
+ "k8s.io/utils/ptr"
+ knativenetworking "knative.dev/networking/pkg/apis/networking"
+ knativenetworkingv1alpha1 "knative.dev/networking/pkg/apis/networking/v1alpha1"
+ "knative.dev/pkg/network"
+)
+
+const (
+ providerName = "knative"
+ traefikIngressClassName = "traefik.ingress.networking.knative.dev"
+)
+
+// ServiceRef holds a Kubernetes service reference.
+type ServiceRef struct {
+ Name string `description:"Name of the Kubernetes service." json:"desc,omitempty" toml:"desc,omitempty" yaml:"desc,omitempty"`
+ Namespace string `description:"Namespace of the Kubernetes service." json:"namespace,omitempty" toml:"namespace,omitempty" yaml:"namespace,omitempty"`
+}
+
+// Provider holds configurations of the provider.
+type Provider struct {
+ Endpoint string `description:"Kubernetes server endpoint (required for external cluster client)." json:"endpoint,omitempty" toml:"endpoint,omitempty" yaml:"endpoint,omitempty"`
+ Token string `description:"Kubernetes bearer token (not needed for in-cluster client)." json:"token,omitempty" toml:"token,omitempty" yaml:"token,omitempty"`
+ CertAuthFilePath string `description:"Kubernetes certificate authority file path (not needed for in-cluster client)." json:"certAuthFilePath,omitempty" toml:"certAuthFilePath,omitempty" yaml:"certAuthFilePath,omitempty"`
+ Namespaces []string `description:"Kubernetes namespaces." json:"namespaces,omitempty" toml:"namespaces,omitempty" yaml:"namespaces,omitempty" export:"true"`
+ LabelSelector string `description:"Kubernetes label selector to use." json:"labelSelector,omitempty" toml:"labelSelector,omitempty" yaml:"labelSelector,omitempty" export:"true"`
+ PublicEntrypoints []string `description:"Entrypoint names used to expose the Ingress publicly. If empty an Ingress is exposed on all entrypoints." json:"publicEntrypoints,omitempty" toml:"publicEntrypoints,omitempty" yaml:"publicEntrypoints,omitempty" export:"true"`
+ PublicService ServiceRef `description:"Kubernetes service used to expose the networking controller publicly." json:"publicService,omitempty" toml:"publicService,omitempty" yaml:"publicService,omitempty" export:"true"`
+ PrivateEntrypoints []string `description:"Entrypoint names used to expose the Ingress privately. If empty local Ingresses are skipped." json:"privateEntrypoints,omitempty" toml:"privateEntrypoints,omitempty" yaml:"privateEntrypoints,omitempty" export:"true"`
+ PrivateService ServiceRef `description:"Kubernetes service used to expose the networking controller privately." json:"privateService,omitempty" toml:"privateService,omitempty" yaml:"privateService,omitempty" export:"true"`
+ ThrottleDuration ptypes.Duration `description:"Ingress refresh throttle duration" json:"throttleDuration,omitempty" toml:"throttleDuration,omitempty" yaml:"throttleDuration,omitempty"`
+
+ client *clientWrapper
+ lastConfiguration safe.Safe
+}
+
+// Init the provider.
+func (p *Provider) Init() error {
+ logger := log.With().Str(logs.ProviderName, providerName).Logger()
+
+ // Initializes Kubernetes client.
+ var err error
+ p.client, err = p.newK8sClient(logger.WithContext(context.Background()))
+ if err != nil {
+ return fmt.Errorf("creating kubernetes client: %w", err)
+ }
+
+ return nil
+}
+
+// Provide allows the knative provider to provide configurations to traefik using the given configuration channel.
+func (p *Provider) Provide(configurationChan chan<- dynamic.Message, pool *safe.Pool) error {
+ logger := log.With().Str(logs.ProviderName, providerName).Logger()
+ ctxLog := logger.WithContext(context.Background())
+
+ pool.GoCtx(func(ctxPool context.Context) {
+ operation := func() error {
+ eventsChan, err := p.client.WatchAll(p.Namespaces, ctxPool.Done())
+ if err != nil {
+ logger.Error().Msgf("Error watching kubernetes events: %v", err)
+ timer := time.NewTimer(1 * time.Second)
+ select {
+ case <-timer.C:
+ return err
+ case <-ctxPool.Done():
+ return nil
+ }
+ }
+
+ throttleDuration := time.Duration(p.ThrottleDuration)
+ throttledChan := throttleEvents(ctxLog, throttleDuration, pool, eventsChan)
+ if throttledChan != nil {
+ eventsChan = throttledChan
+ }
+
+ for {
+ select {
+ case <-ctxPool.Done():
+ return nil
+ case event := <-eventsChan:
+ // Note that event is the *first* event that came in during this throttling interval -- if we're hitting our throttle, we may have dropped events.
+ // This is fine, because we don't treat different event types differently.
+ // But if we do in the future, we'll need to track more information about the dropped events.
+ conf, ingressStatuses := p.loadConfiguration(ctxLog)
+
+ confHash, err := hashstructure.Hash(conf, nil)
+ switch {
+ case err != nil:
+ logger.Error().Msg("Unable to hash the configuration")
+ case p.lastConfiguration.Get() == confHash:
+ logger.Debug().Msgf("Skipping Kubernetes event kind %T", event)
+ default:
+ p.lastConfiguration.Set(confHash)
+ configurationChan <- dynamic.Message{
+ ProviderName: providerName,
+ Configuration: conf,
+ }
+ }
+
+ // If we're throttling,
+ // we sleep here for the throttle duration to enforce that we don't refresh faster than our throttle.
+ // time.Sleep returns immediately if p.ThrottleDuration is 0 (no throttle).
+ time.Sleep(throttleDuration)
+
+ // Updating the ingress status after the throttleDuration allows to wait to make sure that the dynamic conf is updated before updating the status.
+ // This is needed for the conformance tests to pass, for example.
+ for _, ingress := range ingressStatuses {
+ if err := p.updateKnativeIngressStatus(ctxLog, ingress); err != nil {
+ logger.Error().Err(err).Msgf("Error updating status for Ingress %s/%s", ingress.Namespace, ingress.Name)
+ }
+ }
+ }
+ }
+ }
+
+ notify := func(err error, time time.Duration) {
+ logger.Error().Msgf("Provider connection error: %v; retrying in %s", err, time)
+ }
+ err := backoff.RetryNotify(safe.OperationWithRecover(operation), backoff.WithContext(job.NewBackOff(backoff.NewExponentialBackOff()), ctxPool), notify)
+ if err != nil {
+ logger.Error().Msgf("Cannot connect to Provider: %v", err)
+ }
+ })
+
+ return nil
+}
+
+func (p *Provider) newK8sClient(ctx context.Context) (*clientWrapper, error) {
+ logger := log.Ctx(ctx).With().Logger()
+
+ _, err := labels.Parse(p.LabelSelector)
+ if err != nil {
+ return nil, fmt.Errorf("parsing label selector: %q", p.LabelSelector)
+ }
+ logger.Info().Msgf("Label selector is: %q", p.LabelSelector)
+
+ withEndpoint := ""
+ if p.Endpoint != "" {
+ withEndpoint = fmt.Sprintf(" with endpoint %s", p.Endpoint)
+ }
+
+ var client *clientWrapper
+ switch {
+ case os.Getenv("KUBERNETES_SERVICE_HOST") != "" && os.Getenv("KUBERNETES_SERVICE_PORT") != "":
+ logger.Info().Msgf("Creating in-cluster Provider client%s", withEndpoint)
+ client, err = newInClusterClient(p.Endpoint)
+ case os.Getenv("KUBECONFIG") != "":
+ logger.Info().Msgf("Creating cluster-external Provider client from KUBECONFIG %s", os.Getenv("KUBECONFIG"))
+ client, err = newExternalClusterClientFromFile(os.Getenv("KUBECONFIG"))
+ default:
+ logger.Info().Msgf("Creating cluster-external Provider client%s", withEndpoint)
+ client, err = newExternalClusterClient(p.Endpoint, p.Token, p.CertAuthFilePath)
+ }
+ if err != nil {
+ return nil, err
+ }
+
+ client.labelSelector = p.LabelSelector
+ return client, nil
+}
+
+func (p *Provider) loadConfiguration(ctx context.Context) (*dynamic.Configuration, []*knativenetworkingv1alpha1.Ingress) {
+ conf := &dynamic.Configuration{
+ HTTP: &dynamic.HTTPConfiguration{
+ Routers: make(map[string]*dynamic.Router),
+ Middlewares: make(map[string]*dynamic.Middleware),
+ Services: make(map[string]*dynamic.Service),
+ },
+ }
+
+ var ingressStatuses []*knativenetworkingv1alpha1.Ingress
+
+ uniqCerts := make(map[string]*tls.CertAndStores)
+ for _, ingress := range p.client.ListIngresses() {
+ logger := log.Ctx(ctx).With().
+ Str("ingress", ingress.Name).
+ Str("namespace", ingress.Namespace).
+ Logger()
+
+ if ingress.Annotations[knativenetworking.IngressClassAnnotationKey] != traefikIngressClassName {
+ logger.Debug().Msgf("Skipping Ingress %s/%s", ingress.Namespace, ingress.Name)
+ continue
+ }
+
+ if err := p.loadCertificates(ctx, ingress, uniqCerts); err != nil {
+ logger.Error().Err(err).Msg("Error loading TLS certificates")
+ continue
+ }
+
+ conf.HTTP = mergeHTTPConfigs(conf.HTTP, p.buildRouters(ctx, ingress))
+
+ // TODO: should we handle configuration errors?
+ ingressStatuses = append(ingressStatuses, ingress)
+ }
+
+ if len(uniqCerts) > 0 {
+ conf.TLS = &dynamic.TLSConfiguration{
+ Certificates: slices.Collect(maps.Values(uniqCerts)),
+ }
+ }
+
+ return conf, ingressStatuses
+}
+
+// loadCertificates loads the TLS certificates for the given Knative Ingress.
+// This method mutates the uniqCerts map to add the loaded certificates.
+func (p *Provider) loadCertificates(ctx context.Context, ingress *knativenetworkingv1alpha1.Ingress, uniqCerts map[string]*tls.CertAndStores) error {
+ for _, t := range ingress.Spec.TLS {
+ // TODO: maybe this could be allowed with an allowCrossNamespace option in the future.
+ if t.SecretNamespace != ingress.Namespace {
+ log.Ctx(ctx).Debug().Msg("TLS secret namespace has to be the same as the Ingress one")
+ continue
+ }
+
+ key := ingress.Namespace + "-" + t.SecretName
+
+ // TODO: as specified in the GoDoc we should validate that the certificates contain the configured Hosts.
+ if _, exists := uniqCerts[key]; !exists {
+ cert, err := p.loadCertificate(ingress.Namespace, t.SecretName)
+ if err != nil {
+ return fmt.Errorf("getting certificate: %w", err)
+ }
+ uniqCerts[key] = &tls.CertAndStores{Certificate: cert}
+ }
+ }
+
+ return nil
+}
+
+func (p *Provider) loadCertificate(namespace, secretName string) (tls.Certificate, error) {
+ secret, err := p.client.GetSecret(namespace, secretName)
+ if err != nil {
+ return tls.Certificate{}, fmt.Errorf("getting secret %s/%s: %w", namespace, secretName, err)
+ }
+
+ certBytes, hasCert := secret.Data[corev1.TLSCertKey]
+ keyBytes, hasKey := secret.Data[corev1.TLSPrivateKeyKey]
+
+ if (!hasCert || len(certBytes) == 0) || (!hasKey || len(keyBytes) == 0) {
+ return tls.Certificate{}, errors.New("secret does not contain a keypair")
+ }
+
+ return tls.Certificate{
+ CertFile: types.FileOrContent(certBytes),
+ KeyFile: types.FileOrContent(keyBytes),
+ }, nil
+}
+
+func (p *Provider) buildRouters(ctx context.Context, ingress *knativenetworkingv1alpha1.Ingress) *dynamic.HTTPConfiguration {
+ logger := log.Ctx(ctx).With().Logger()
+
+ conf := &dynamic.HTTPConfiguration{
+ Routers: make(map[string]*dynamic.Router),
+ Middlewares: make(map[string]*dynamic.Middleware),
+ Services: make(map[string]*dynamic.Service),
+ }
+
+ for ri, rule := range ingress.Spec.Rules {
+ if rule.HTTP == nil {
+ logger.Debug().Msgf("No HTTP rule defined for rule %d in Ingress %s", ri, ingress.Name)
+ continue
+ }
+
+ entrypoints := p.PublicEntrypoints
+ if rule.Visibility == knativenetworkingv1alpha1.IngressVisibilityClusterLocal {
+ if p.PrivateEntrypoints == nil {
+ // Skip route creation as no internal entrypoints are defined for cluster local visibility.
+ continue
+ }
+ entrypoints = p.PrivateEntrypoints
+ }
+
+ // TODO: support rewrite host
+ for pi, path := range rule.HTTP.Paths {
+ routerKey := fmt.Sprintf("%s-%s-rule-%d-path-%d", ingress.Namespace, ingress.Name, ri, pi)
+ router := &dynamic.Router{
+ EntryPoints: entrypoints,
+ Rule: buildRule(rule.Hosts, path.Headers, path.Path),
+ Middlewares: make([]string, 0),
+ Service: routerKey + "-wrr",
+ }
+
+ if len(path.AppendHeaders) > 0 {
+ midKey := fmt.Sprintf("%s-append-headers", routerKey)
+
+ router.Middlewares = append(router.Middlewares, midKey)
+ conf.Middlewares[midKey] = &dynamic.Middleware{
+ Headers: &dynamic.Headers{
+ CustomRequestHeaders: path.AppendHeaders,
+ },
+ }
+ }
+
+ wrr, services, err := p.buildWeightedRoundRobin(routerKey, path.Splits)
+ if err != nil {
+ logger.Error().Err(err).Msg("Error building weighted round robin")
+ continue
+ }
+
+ // TODO: support Ingress#HTTPOption to check if HTTP router should redirect to the HTTPS one.
+ conf.Routers[routerKey] = router
+
+ // TODO: at some point we should allow to define a default TLS secret at the provider level to enable TLS with a custom cert when external-domain-tls is disabled.
+ // see https://knative.dev/docs/serving/encryption/external-domain-tls/#manually-obtain-and-renew-certificates
+ if len(ingress.Spec.TLS) > 0 {
+ conf.Routers[routerKey+"-tls"] = &dynamic.Router{
+ EntryPoints: router.EntryPoints,
+ Rule: router.Rule, // TODO: maybe the rule should be a new one containing the TLS hosts injected by Knative.
+ Middlewares: router.Middlewares,
+ Service: router.Service,
+ TLS: &dynamic.RouterTLSConfig{},
+ }
+ }
+
+ conf.Services[routerKey+"-wrr"] = &dynamic.Service{Weighted: wrr}
+ for k, v := range services {
+ conf.Services[k] = v
+ }
+ }
+ }
+
+ return conf
+}
+
+func (p *Provider) buildWeightedRoundRobin(routerKey string, splits []knativenetworkingv1alpha1.IngressBackendSplit) (*dynamic.WeightedRoundRobin, map[string]*dynamic.Service, error) {
+ wrr := &dynamic.WeightedRoundRobin{
+ Services: make([]dynamic.WRRService, 0),
+ }
+
+ services := make(map[string]*dynamic.Service)
+ for si, split := range splits {
+ serviceKey := fmt.Sprintf("%s-split-%d", routerKey, si)
+
+ var err error
+ services[serviceKey], err = p.buildService(split.ServiceNamespace, split.ServiceName, split.ServicePort)
+ if err != nil {
+ return nil, nil, fmt.Errorf("building service: %w", err)
+ }
+
+ // As described in the spec if there is only one split it defaults to 100.
+ percent := split.Percent
+ if len(splits) == 1 {
+ percent = 100
+ }
+
+ wrr.Services = append(wrr.Services, dynamic.WRRService{
+ Name: serviceKey,
+ Weight: ptr.To(percent),
+ Headers: split.AppendHeaders,
+ })
+ }
+
+ return wrr, services, nil
+}
+
+func (p *Provider) buildService(namespace, serviceName string, port intstr.IntOrString) (*dynamic.Service, error) {
+ servers, err := p.buildServers(namespace, serviceName, port)
+ if err != nil {
+ return nil, fmt.Errorf("building servers: %w", err)
+ }
+
+ var lb dynamic.ServersLoadBalancer
+ lb.SetDefaults()
+ lb.Servers = servers
+
+ return &dynamic.Service{LoadBalancer: &lb}, nil
+}
+
+func (p *Provider) buildServers(namespace, serviceName string, port intstr.IntOrString) ([]dynamic.Server, error) {
+ service, err := p.client.GetService(namespace, serviceName)
+ if err != nil {
+ return nil, fmt.Errorf("getting service %s/%s: %w", namespace, serviceName, err)
+ }
+
+ var svcPort *corev1.ServicePort
+ for _, p := range service.Spec.Ports {
+ if p.Name == port.String() || strconv.Itoa(int(p.Port)) == port.String() {
+ svcPort = &p
+ break
+ }
+ }
+ if svcPort == nil {
+ return nil, errors.New("service port not found")
+ }
+
+ if service.Spec.ClusterIP == "" {
+ return nil, errors.New("service does not have a ClusterIP")
+ }
+
+ scheme := "http"
+ if svcPort.AppProtocol != nil && *svcPort.AppProtocol == knativenetworking.AppProtocolH2C {
+ scheme = "h2c"
+ }
+
+ hostPort := net.JoinHostPort(service.Spec.ClusterIP, strconv.Itoa(int(svcPort.Port)))
+ return []dynamic.Server{{URL: fmt.Sprintf("%s://%s", scheme, hostPort)}}, nil
+}
+
+func (p *Provider) updateKnativeIngressStatus(ctx context.Context, ingress *knativenetworkingv1alpha1.Ingress) error {
+ log.Ctx(ctx).Debug().Msgf("Updating status for Ingress %s/%s", ingress.Namespace, ingress.Name)
+
+ var publicLbs []knativenetworkingv1alpha1.LoadBalancerIngressStatus
+ if p.PublicService.Name != "" && p.PublicService.Namespace != "" {
+ publicLbs = append(publicLbs, knativenetworkingv1alpha1.LoadBalancerIngressStatus{
+ DomainInternal: network.GetServiceHostname(p.PublicService.Name, p.PublicService.Namespace),
+ })
+ }
+
+ var privateLbs []knativenetworkingv1alpha1.LoadBalancerIngressStatus
+ if p.PrivateService.Name != "" && p.PrivateService.Namespace != "" {
+ privateLbs = append(privateLbs, knativenetworkingv1alpha1.LoadBalancerIngressStatus{
+ DomainInternal: network.GetServiceHostname(p.PrivateService.Name, p.PrivateService.Namespace),
+ })
+ }
+
+ if ingress.GetStatus() == nil || !ingress.GetStatus().GetCondition(knativenetworkingv1alpha1.IngressConditionNetworkConfigured).IsTrue() || ingress.GetGeneration() != ingress.GetStatus().ObservedGeneration {
+ ingress.Status.MarkNetworkConfigured()
+ ingress.Status.MarkLoadBalancerReady(publicLbs, privateLbs)
+ ingress.Status.ObservedGeneration = ingress.GetGeneration()
+
+ return p.client.UpdateIngressStatus(ingress)
+ }
+ return nil
+}
+
+func buildRule(hosts []string, headers map[string]knativenetworkingv1alpha1.HeaderMatch, path string) string {
+ var operands []string
+
+ if len(hosts) > 0 {
+ var hostRules []string
+ for _, host := range hosts {
+ hostRules = append(hostRules, fmt.Sprintf("Host(`%v`)", host))
+ }
+ operands = append(operands, fmt.Sprintf("(%s)", strings.Join(hostRules, " || ")))
+ }
+
+ if len(headers) > 0 {
+ headerKeys := slices.Collect(maps.Keys(headers))
+ slices.Sort(headerKeys)
+
+ var headerRules []string
+ for _, key := range headerKeys {
+ headerRules = append(headerRules, fmt.Sprintf("Header(`%s`,`%s`)", key, headers[key].Exact))
+ }
+ operands = append(operands, fmt.Sprintf("(%s)", strings.Join(headerRules, " && ")))
+ }
+
+ if len(path) > 0 {
+ operands = append(operands, fmt.Sprintf("PathPrefix(`%s`)", path))
+ }
+
+ return strings.Join(operands, " && ")
+}
+
+func mergeHTTPConfigs(confs ...*dynamic.HTTPConfiguration) *dynamic.HTTPConfiguration {
+ conf := &dynamic.HTTPConfiguration{
+ Routers: map[string]*dynamic.Router{},
+ Middlewares: map[string]*dynamic.Middleware{},
+ Services: map[string]*dynamic.Service{},
+ }
+
+ for _, c := range confs {
+ for k, v := range c.Routers {
+ conf.Routers[k] = v
+ }
+ for k, v := range c.Middlewares {
+ conf.Middlewares[k] = v
+ }
+ for k, v := range c.Services {
+ conf.Services[k] = v
+ }
+ }
+
+ return conf
+}
+
+func throttleEvents(ctx context.Context, throttleDuration time.Duration, pool *safe.Pool, eventsChan <-chan interface{}) chan interface{} {
+ logger := log.Ctx(ctx).With().Logger()
+ if throttleDuration == 0 {
+ return nil
+ }
+ // Create a buffered channel to hold the pending event (if we're delaying processing the event due to throttling)
+ eventsChanBuffered := make(chan interface{}, 1)
+
+ // Run a goroutine that reads events from eventChan and does a non-blocking write to pendingEvent.
+ // This guarantees that writing to eventChan will never block,
+ // and that pendingEvent will have something in it if there's been an event since we read from that channel.
+ pool.GoCtx(func(ctxPool context.Context) {
+ for {
+ select {
+ case <-ctxPool.Done():
+ return
+ case nextEvent := <-eventsChan:
+ select {
+ case eventsChanBuffered <- nextEvent:
+ default:
+ // We already have an event in eventsChanBuffered, so we'll do a refresh as soon as our throttle allows us to.
+ // It's fine to drop the event and keep whatever's in the buffer -- we don't do different things for different events
+ logger.Debug().Msgf("Dropping event kind %T due to throttling", nextEvent)
+ }
+ }
+ }
+ })
+
+ return eventsChanBuffered
+}
diff --git a/pkg/provider/kubernetes/knative/kubernetes_test.go b/pkg/provider/kubernetes/knative/kubernetes_test.go
new file mode 100644
index 000000000..08ea0e2c3
--- /dev/null
+++ b/pkg/provider/kubernetes/knative/kubernetes_test.go
@@ -0,0 +1,478 @@
+package knative
+
+import (
+ "os"
+ "path/filepath"
+ "testing"
+ "time"
+
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+ "github.com/traefik/paerser/types"
+ "github.com/traefik/traefik/v3/pkg/config/dynamic"
+ "github.com/traefik/traefik/v3/pkg/provider/kubernetes/k8s"
+ "k8s.io/apimachinery/pkg/runtime"
+ kubefake "k8s.io/client-go/kubernetes/fake"
+ kscheme "k8s.io/client-go/kubernetes/scheme"
+ "k8s.io/utils/ptr"
+ knativenetworkingv1alpha1 "knative.dev/networking/pkg/apis/networking/v1alpha1"
+ knfake "knative.dev/networking/pkg/client/clientset/versioned/fake"
+)
+
+func init() {
+ // required by k8s.MustParseYaml
+ if err := knativenetworkingv1alpha1.AddToScheme(kscheme.Scheme); err != nil {
+ panic(err)
+ }
+}
+
+func Test_loadConfiguration(t *testing.T) {
+ testCases := []struct {
+ desc string
+ paths []string
+ want *dynamic.Configuration
+ wantLen int
+ }{
+ {
+ desc: "Wrong ingress class",
+ paths: []string{"wrong_ingress_class.yaml"},
+ wantLen: 0,
+ want: &dynamic.Configuration{
+ HTTP: &dynamic.HTTPConfiguration{
+ Routers: map[string]*dynamic.Router{},
+ Services: map[string]*dynamic.Service{},
+ Middlewares: map[string]*dynamic.Middleware{},
+ },
+ },
+ },
+ {
+ desc: "Cluster Local",
+ paths: []string{"cluster_local.yaml", "services.yaml"},
+ wantLen: 1,
+ want: &dynamic.Configuration{
+ HTTP: &dynamic.HTTPConfiguration{
+ Routers: map[string]*dynamic.Router{
+ "default-helloworld-go-rule-0-path-0": {
+ EntryPoints: []string{"priv-http", "priv-https"},
+ Service: "default-helloworld-go-rule-0-path-0-wrr",
+ Rule: "(Host(`helloworld-go.default`) || Host(`helloworld-go.default.svc`) || Host(`helloworld-go.default.svc.cluster.local`))",
+ Middlewares: []string{},
+ },
+ },
+ Services: map[string]*dynamic.Service{
+ "default-helloworld-go-rule-0-path-0-split-0": {
+ LoadBalancer: &dynamic.ServersLoadBalancer{
+ Strategy: "wrr",
+ PassHostHeader: ptr.To(true),
+ ResponseForwarding: &dynamic.ResponseForwarding{
+ FlushInterval: types.Duration(100 * time.Millisecond),
+ },
+ Servers: []dynamic.Server{
+ {
+ URL: "http://10.43.38.208:80",
+ },
+ },
+ },
+ },
+ "default-helloworld-go-rule-0-path-0-split-1": {
+ LoadBalancer: &dynamic.ServersLoadBalancer{
+ Strategy: "wrr",
+ PassHostHeader: ptr.To(true),
+ ResponseForwarding: &dynamic.ResponseForwarding{
+ FlushInterval: types.Duration(100 * time.Millisecond),
+ },
+ Servers: []dynamic.Server{
+ {
+ URL: "http://10.43.44.18:80",
+ },
+ },
+ },
+ },
+ "default-helloworld-go-rule-0-path-0-wrr": {
+ Weighted: &dynamic.WeightedRoundRobin{
+ Services: []dynamic.WRRService{
+ {
+ Name: "default-helloworld-go-rule-0-path-0-split-0",
+ Weight: ptr.To(50),
+ Headers: map[string]string{
+ "Knative-Serving-Namespace": "default",
+ "Knative-Serving-Revision": "helloworld-go-00001",
+ },
+ },
+ {
+ Name: "default-helloworld-go-rule-0-path-0-split-1",
+ Weight: ptr.To(50),
+ Headers: map[string]string{
+ "Knative-Serving-Namespace": "default",
+ "Knative-Serving-Revision": "helloworld-go-00002",
+ },
+ },
+ },
+ },
+ },
+ },
+ Middlewares: map[string]*dynamic.Middleware{},
+ },
+ },
+ },
+ {
+ desc: "External IP",
+ paths: []string{"external_ip.yaml", "services.yaml"},
+ wantLen: 1,
+ want: &dynamic.Configuration{
+ HTTP: &dynamic.HTTPConfiguration{
+ Routers: map[string]*dynamic.Router{
+ "default-helloworld-go-rule-0-path-0": {
+ EntryPoints: []string{"http", "https"},
+ Service: "default-helloworld-go-rule-0-path-0-wrr",
+ Rule: "(Host(`helloworld-go.default`) || Host(`helloworld-go.default.svc`) || Host(`helloworld-go.default.svc.cluster.local`))",
+ Middlewares: []string{},
+ },
+ },
+ Services: map[string]*dynamic.Service{
+ "default-helloworld-go-rule-0-path-0-split-0": {
+ LoadBalancer: &dynamic.ServersLoadBalancer{
+ Strategy: "wrr",
+ PassHostHeader: ptr.To(true),
+ ResponseForwarding: &dynamic.ResponseForwarding{
+ FlushInterval: types.Duration(100 * time.Millisecond),
+ },
+ Servers: []dynamic.Server{
+ {
+ URL: "http://10.43.38.208:80",
+ },
+ },
+ },
+ },
+ "default-helloworld-go-rule-0-path-0-split-1": {
+ LoadBalancer: &dynamic.ServersLoadBalancer{
+ Strategy: "wrr",
+ PassHostHeader: ptr.To(true),
+ ResponseForwarding: &dynamic.ResponseForwarding{
+ FlushInterval: types.Duration(100 * time.Millisecond),
+ },
+ Servers: []dynamic.Server{
+ {
+ URL: "http://10.43.44.18:80",
+ },
+ },
+ },
+ },
+ "default-helloworld-go-rule-0-path-0-wrr": {
+ Weighted: &dynamic.WeightedRoundRobin{
+ Services: []dynamic.WRRService{
+ {
+ Name: "default-helloworld-go-rule-0-path-0-split-0",
+ Weight: ptr.To(50),
+ Headers: map[string]string{
+ "Knative-Serving-Namespace": "default",
+ "Knative-Serving-Revision": "helloworld-go-00001",
+ },
+ },
+ {
+ Name: "default-helloworld-go-rule-0-path-0-split-1",
+ Weight: ptr.To(50),
+ Headers: map[string]string{
+ "Knative-Serving-Namespace": "default",
+ "Knative-Serving-Revision": "helloworld-go-00002",
+ },
+ },
+ },
+ },
+ },
+ },
+ Middlewares: map[string]*dynamic.Middleware{},
+ },
+ },
+ },
+ {
+ desc: "TLS",
+ paths: []string{"tls.yaml", "services.yaml"},
+ wantLen: 1,
+ want: &dynamic.Configuration{
+ HTTP: &dynamic.HTTPConfiguration{
+ Routers: map[string]*dynamic.Router{
+ "default-helloworld-go-rule-0-path-0": {
+ EntryPoints: []string{"http", "https"},
+ Service: "default-helloworld-go-rule-0-path-0-wrr",
+ Rule: "(Host(`helloworld-go.default`) || Host(`helloworld-go.default.svc`) || Host(`helloworld-go.default.svc.cluster.local`))",
+ Middlewares: []string{},
+ },
+ "default-helloworld-go-rule-0-path-0-tls": {
+ EntryPoints: []string{"http", "https"},
+ Service: "default-helloworld-go-rule-0-path-0-wrr",
+ Rule: "(Host(`helloworld-go.default`) || Host(`helloworld-go.default.svc`) || Host(`helloworld-go.default.svc.cluster.local`))",
+ Middlewares: []string{},
+ TLS: &dynamic.RouterTLSConfig{},
+ },
+ },
+ Services: map[string]*dynamic.Service{
+ "default-helloworld-go-rule-0-path-0-split-0": {
+ LoadBalancer: &dynamic.ServersLoadBalancer{
+ Strategy: "wrr",
+ PassHostHeader: ptr.To(true),
+ ResponseForwarding: &dynamic.ResponseForwarding{
+ FlushInterval: types.Duration(100 * time.Millisecond),
+ },
+ Servers: []dynamic.Server{
+ {
+ URL: "http://10.43.38.208:80",
+ },
+ },
+ },
+ },
+ "default-helloworld-go-rule-0-path-0-split-1": {
+ LoadBalancer: &dynamic.ServersLoadBalancer{
+ Strategy: "wrr",
+ PassHostHeader: ptr.To(true),
+ ResponseForwarding: &dynamic.ResponseForwarding{
+ FlushInterval: types.Duration(100 * time.Millisecond),
+ },
+ Servers: []dynamic.Server{
+ {
+ URL: "http://10.43.44.18:80",
+ },
+ },
+ },
+ },
+ "default-helloworld-go-rule-0-path-0-wrr": {
+ Weighted: &dynamic.WeightedRoundRobin{
+ Services: []dynamic.WRRService{
+ {
+ Name: "default-helloworld-go-rule-0-path-0-split-0",
+ Weight: ptr.To(50),
+ Headers: map[string]string{
+ "Knative-Serving-Namespace": "default",
+ "Knative-Serving-Revision": "helloworld-go-00001",
+ },
+ },
+ {
+ Name: "default-helloworld-go-rule-0-path-0-split-1",
+ Weight: ptr.To(50),
+ Headers: map[string]string{
+ "Knative-Serving-Namespace": "default",
+ "Knative-Serving-Revision": "helloworld-go-00002",
+ },
+ },
+ },
+ },
+ },
+ },
+ Middlewares: map[string]*dynamic.Middleware{},
+ },
+ },
+ },
+ }
+
+ for _, testCase := range testCases {
+ t.Run(testCase.desc, func(t *testing.T) {
+ t.Parallel()
+
+ k8sObjects, knObjects := readResources(t, testCase.paths)
+
+ k8sClient := kubefake.NewClientset(k8sObjects...)
+ knClient := knfake.NewSimpleClientset(knObjects...)
+
+ client := newClientImpl(knClient, k8sClient)
+
+ eventCh, err := client.WatchAll(nil, make(chan struct{}))
+ require.NoError(t, err)
+
+ if len(k8sObjects) > 0 || len(knObjects) > 0 {
+ // just wait for the first event
+ <-eventCh
+ }
+
+ p := Provider{
+ PublicEntrypoints: []string{"http", "https"},
+ PrivateEntrypoints: []string{"priv-http", "priv-https"},
+ client: client,
+ }
+
+ got, gotIngresses := p.loadConfiguration(t.Context())
+ assert.Len(t, gotIngresses, testCase.wantLen)
+ assert.Equal(t, testCase.want, got)
+ })
+ }
+}
+
+func Test_buildRule(t *testing.T) {
+ testCases := []struct {
+ desc string
+ hosts []string
+ headers map[string]knativenetworkingv1alpha1.HeaderMatch
+ path string
+ want string
+ }{
+ {
+ desc: "single host, no headers, no path",
+ hosts: []string{"example.com"},
+ want: "(Host(`example.com`))",
+ },
+ {
+ desc: "multiple hosts, no headers, no path",
+ hosts: []string{"example.com", "foo.com"},
+ want: "(Host(`example.com`) || Host(`foo.com`))",
+ },
+ {
+ desc: "single host, single header, no path",
+ hosts: []string{"example.com"},
+ headers: map[string]knativenetworkingv1alpha1.HeaderMatch{
+ "X-Header": {Exact: "value"},
+ },
+ want: "(Host(`example.com`)) && (Header(`X-Header`,`value`))",
+ },
+ {
+ desc: "single host, multiple headers, no path",
+ hosts: []string{"example.com"},
+ headers: map[string]knativenetworkingv1alpha1.HeaderMatch{
+ "X-Header": {Exact: "value"},
+ "X-Header2": {Exact: "value2"},
+ },
+ want: "(Host(`example.com`)) && (Header(`X-Header`,`value`) && Header(`X-Header2`,`value2`))",
+ },
+ {
+ desc: "single host, multiple headers, with path",
+ hosts: []string{"example.com"},
+ headers: map[string]knativenetworkingv1alpha1.HeaderMatch{
+ "X-Header": {Exact: "value"},
+ "X-Header2": {Exact: "value2"},
+ },
+ path: "/foo",
+ want: "(Host(`example.com`)) && (Header(`X-Header`,`value`) && Header(`X-Header2`,`value2`)) && PathPrefix(`/foo`)",
+ },
+ {
+ desc: "single host, no headers, with path",
+ hosts: []string{"example.com"},
+ path: "/foo",
+ want: "(Host(`example.com`)) && PathPrefix(`/foo`)",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ t.Parallel()
+
+ got := buildRule(test.hosts, test.headers, test.path)
+ assert.Equal(t, test.want, got)
+ })
+ }
+}
+
+func Test_mergeHTTPConfigs(t *testing.T) {
+ testCases := []struct {
+ desc string
+ configs []*dynamic.HTTPConfiguration
+ want *dynamic.HTTPConfiguration
+ }{
+ {
+ desc: "one empty configuration",
+ configs: []*dynamic.HTTPConfiguration{
+ {
+ Routers: map[string]*dynamic.Router{
+ "router1": {Rule: "Host(`example.com`)"},
+ },
+ Middlewares: map[string]*dynamic.Middleware{
+ "middleware1": {Headers: &dynamic.Headers{CustomRequestHeaders: map[string]string{"X-Test": "value"}}},
+ },
+ Services: map[string]*dynamic.Service{
+ "service1": {LoadBalancer: &dynamic.ServersLoadBalancer{Servers: []dynamic.Server{{URL: "http://example.com"}}}},
+ },
+ },
+ {
+ Routers: map[string]*dynamic.Router{},
+ Middlewares: map[string]*dynamic.Middleware{},
+ Services: map[string]*dynamic.Service{},
+ },
+ },
+ want: &dynamic.HTTPConfiguration{
+ Routers: map[string]*dynamic.Router{
+ "router1": {Rule: "Host(`example.com`)"},
+ },
+ Middlewares: map[string]*dynamic.Middleware{
+ "middleware1": {Headers: &dynamic.Headers{CustomRequestHeaders: map[string]string{"X-Test": "value"}}},
+ },
+ Services: map[string]*dynamic.Service{
+ "service1": {LoadBalancer: &dynamic.ServersLoadBalancer{Servers: []dynamic.Server{{URL: "http://example.com"}}}},
+ },
+ },
+ },
+ {
+ desc: "merging two non-empty configurations",
+ configs: []*dynamic.HTTPConfiguration{
+ {
+ Routers: map[string]*dynamic.Router{
+ "router1": {Rule: "Host(`example.com`)"},
+ },
+ Middlewares: map[string]*dynamic.Middleware{
+ "middleware1": {Headers: &dynamic.Headers{CustomRequestHeaders: map[string]string{"X-Test": "value"}}},
+ },
+ Services: map[string]*dynamic.Service{
+ "service1": {LoadBalancer: &dynamic.ServersLoadBalancer{Servers: []dynamic.Server{{URL: "http://example.com"}}}},
+ },
+ },
+ {
+ Routers: map[string]*dynamic.Router{
+ "router2": {Rule: "PathPrefix(`/test`)"},
+ },
+ Middlewares: map[string]*dynamic.Middleware{
+ "middleware2": {Headers: &dynamic.Headers{CustomRequestHeaders: map[string]string{"X-Test": "value"}}},
+ },
+ Services: map[string]*dynamic.Service{
+ "service2": {LoadBalancer: &dynamic.ServersLoadBalancer{Servers: []dynamic.Server{{URL: "http://example.com"}}}},
+ },
+ },
+ },
+ want: &dynamic.HTTPConfiguration{
+ Routers: map[string]*dynamic.Router{
+ "router1": {Rule: "Host(`example.com`)"},
+ "router2": {Rule: "PathPrefix(`/test`)"},
+ },
+ Middlewares: map[string]*dynamic.Middleware{
+ "middleware1": {Headers: &dynamic.Headers{CustomRequestHeaders: map[string]string{"X-Test": "value"}}},
+ "middleware2": {Headers: &dynamic.Headers{CustomRequestHeaders: map[string]string{"X-Test": "value"}}},
+ },
+ Services: map[string]*dynamic.Service{
+ "service1": {LoadBalancer: &dynamic.ServersLoadBalancer{Servers: []dynamic.Server{{URL: "http://example.com"}}}},
+ "service2": {LoadBalancer: &dynamic.ServersLoadBalancer{Servers: []dynamic.Server{{URL: "http://example.com"}}}},
+ },
+ },
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ t.Parallel()
+
+ got := mergeHTTPConfigs(test.configs...)
+ assert.Equal(t, test.want, got)
+ })
+ }
+}
+
+func readResources(t *testing.T, paths []string) ([]runtime.Object, []runtime.Object) {
+ t.Helper()
+
+ var (
+ k8sObjects []runtime.Object
+ knObjects []runtime.Object
+ )
+ for _, path := range paths {
+ yamlContent, err := os.ReadFile(filepath.FromSlash("./fixtures/" + path))
+ if err != nil {
+ panic(err)
+ }
+
+ objects := k8s.MustParseYaml(yamlContent)
+ for _, obj := range objects {
+ switch obj.GetObjectKind().GroupVersionKind().Group {
+ case "networking.internal.knative.dev":
+ knObjects = append(knObjects, obj)
+ default:
+ k8sObjects = append(k8sObjects, obj)
+ }
+ }
+ }
+
+ return k8sObjects, knObjects
+}
diff --git a/pkg/server/service/service.go b/pkg/server/service/service.go
index d8782c843..427cf9bc9 100644
--- a/pkg/server/service/service.go
+++ b/pkg/server/service/service.go
@@ -286,13 +286,13 @@ func (m *Manager) getWRRServiceHandler(ctx context.Context, serviceName string,
}
func (m *Manager) getServiceHandler(ctx context.Context, service dynamic.WRRService) (http.Handler, error) {
- switch {
- case service.Status != nil:
+ if service.Status != nil {
return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
rw.WriteHeader(*service.Status)
}), nil
+ }
- case service.GRPCStatus != nil:
+ if service.GRPCStatus != nil {
return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
st := status.New(service.GRPCStatus.Code, service.GRPCStatus.Msg)
@@ -307,10 +307,24 @@ func (m *Manager) getServiceHandler(ctx context.Context, service dynamic.WRRServ
_, _ = rw.Write(body)
}), nil
-
- default:
- return m.BuildHTTP(ctx, service.Name)
}
+
+ svcHandler, err := m.BuildHTTP(ctx, service.Name)
+ if err != nil {
+ return nil, fmt.Errorf("building HTTP service: %w", err)
+ }
+
+ if service.Headers != nil {
+ return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
+ for k, v := range service.Headers {
+ req.Header.Set(k, v)
+ }
+
+ svcHandler.ServeHTTP(rw, req)
+ }), nil
+ }
+
+ return svcHandler, nil
}
func (m *Manager) getHRWServiceHandler(ctx context.Context, serviceName string, config *dynamic.HighestRandomWeight) (http.Handler, error) {
diff --git a/pkg/server/service/service_test.go b/pkg/server/service/service_test.go
index 4952dde12..05d674e16 100644
--- a/pkg/server/service/service_test.go
+++ b/pkg/server/service/service_test.go
@@ -160,7 +160,7 @@ func TestGetLoadBalancerServiceHandler(t *testing.T) {
serviceName: "test",
service: &dynamic.ServersLoadBalancer{
Strategy: dynamic.BalancerStrategyWRR,
- PassHostHeader: boolPtr(true),
+ PassHostHeader: pointer(true),
Servers: []dynamic.Server{
{
URL: server1.URL,
@@ -479,16 +479,6 @@ func Test1xxResponses(t *testing.T) {
}
}
-type serviceBuilderFunc func(ctx context.Context, serviceName string) (http.Handler, error)
-
-func (s serviceBuilderFunc) BuildHTTP(ctx context.Context, serviceName string) (http.Handler, error) {
- return s(ctx, serviceName)
-}
-
-type internalHandler struct{}
-
-func (internalHandler) ServeHTTP(_ http.ResponseWriter, _ *http.Request) {}
-
func TestManager_ServiceBuilders(t *testing.T) {
var internalHandler internalHandler
@@ -605,7 +595,129 @@ func TestMultipleTypeOnBuildHTTP(t *testing.T) {
assert.Error(t, err, "cannot create service: multi-types service not supported, consider declaring two different pieces of service instead")
}
-func boolPtr(v bool) *bool { return &v }
+func TestGetServiceHandler_Headers(t *testing.T) {
+ pb := httputil.NewProxyBuilder(&transportManagerMock{}, nil)
+
+ testCases := []struct {
+ desc string
+ service dynamic.WRRService
+ userAgent string
+ expectedHeaders map[string]string
+ }{
+ {
+ desc: "Service with custom headers",
+ service: dynamic.WRRService{
+ Name: "target-service",
+ Headers: map[string]string{
+ "X-Custom-Header": "custom-value",
+ "X-Service-Type": "knative-service",
+ "Authorization": "bearer token123",
+ },
+ },
+ userAgent: "test-agent",
+ expectedHeaders: map[string]string{
+ "X-Custom-Header": "custom-value",
+ "X-Service-Type": "knative-service",
+ "Authorization": "bearer token123",
+ },
+ },
+ {
+ desc: "Service with empty headers map",
+ service: dynamic.WRRService{
+ Name: "target-service",
+ Headers: map[string]string{},
+ },
+ userAgent: "test-agent",
+ expectedHeaders: map[string]string{},
+ },
+ {
+ desc: "Service with nil headers",
+ service: dynamic.WRRService{
+ Name: "target-service",
+ Headers: nil,
+ },
+ userAgent: "test-agent",
+ expectedHeaders: map[string]string{},
+ },
+ {
+ desc: "Service with headers that override existing request headers",
+ service: dynamic.WRRService{
+ Name: "target-service",
+ Headers: map[string]string{
+ "User-Agent": "overridden-agent",
+ "Accept": "application/json",
+ },
+ },
+ userAgent: "original-agent",
+ expectedHeaders: map[string]string{
+ "User-Agent": "overridden-agent",
+ "Accept": "application/json",
+ },
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ // Create a test server that will verify the headers are properly set for this specific test case
+ testServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ // Verify expected headers are present
+ for key, expectedValue := range test.expectedHeaders {
+ actualValue := r.Header.Get(key)
+ assert.Equal(t, expectedValue, actualValue, "Header %s should be %s", key, expectedValue)
+ }
+
+ w.Header().Set("X-Response", "success")
+ w.WriteHeader(http.StatusOK)
+ }))
+ t.Cleanup(testServer.Close)
+
+ // Create the target service that the WRRService will point to
+ targetServiceInfo := &runtime.ServiceInfo{
+ Service: &dynamic.Service{
+ LoadBalancer: &dynamic.ServersLoadBalancer{
+ Strategy: dynamic.BalancerStrategyWRR,
+ Servers: []dynamic.Server{
+ {URL: testServer.URL},
+ },
+ },
+ },
+ }
+
+ // Create a fresh manager for each test case
+ sm := NewManager(map[string]*runtime.ServiceInfo{
+ "target-service": targetServiceInfo,
+ }, nil, nil, &transportManagerMock{}, pb)
+
+ // Get the service handler
+ handler, err := sm.getServiceHandler(t.Context(), test.service)
+ require.NoError(t, err)
+ require.NotNil(t, handler)
+
+ // Create a test request
+ req := testhelpers.MustNewRequest(http.MethodGet, "http://test.example.com/path", nil)
+ if test.userAgent != "" {
+ req.Header.Set("User-Agent", test.userAgent)
+ }
+
+ // Execute the request
+ recorder := httptest.NewRecorder()
+ handler.ServeHTTP(recorder, req)
+
+ // Verify the response was successful
+ assert.Equal(t, http.StatusOK, recorder.Code)
+ })
+ }
+}
+
+type serviceBuilderFunc func(ctx context.Context, serviceName string) (http.Handler, error)
+
+func (s serviceBuilderFunc) BuildHTTP(ctx context.Context, serviceName string) (http.Handler, error) {
+ return s(ctx, serviceName)
+}
+
+type internalHandler struct{}
+
+func (internalHandler) ServeHTTP(_ http.ResponseWriter, _ *http.Request) {}
type forwarderMock struct{}
diff --git a/webui/src/components/icons/providers/Knative.tsx b/webui/src/components/icons/providers/Knative.tsx
new file mode 100644
index 000000000..e6adf46e2
--- /dev/null
+++ b/webui/src/components/icons/providers/Knative.tsx
@@ -0,0 +1,11 @@
+import { ProviderIconProps } from 'components/icons/providers'
+
+export default function Knative(props: ProviderIconProps) {
+ return (
+
+ )
+}
diff --git a/webui/src/components/icons/providers/index.tsx b/webui/src/components/icons/providers/index.tsx
index 388c66090..cd953d1b0 100644
--- a/webui/src/components/icons/providers/index.tsx
+++ b/webui/src/components/icons/providers/index.tsx
@@ -8,6 +8,7 @@ import File from 'components/icons/providers/File'
import Http from 'components/icons/providers/Http'
import Hub from 'components/icons/providers/Hub'
import Internal from 'components/icons/providers/Internal'
+import Knative from "components/icons/providers/Knative";
import Kubernetes from 'components/icons/providers/Kubernetes'
import Nomad from 'components/icons/providers/Nomad'
import Plugin from 'components/icons/providers/Plugin'
@@ -49,6 +50,9 @@ export default function ProviderIcon({ name, size = 32 }: { name: string; size?:
if (['kubernetes'].some((prefix) => nameLowerCase.startsWith(prefix))) {
return Kubernetes
}
+ if (['knative'].some((prefix) => nameLowerCase.startsWith(prefix))) {
+ return Knative
+ }
if (['nomad', 'nomad-'].some((prefix) => nameLowerCase.startsWith(prefix))) {
return Nomad
}